Software // Information Management
Commentary
12/20/2006
11:46 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Access Vs. Delivery: Two Views of Content Security

James Governer has prompted an important discussion on his popular blog regarding enterprise content management (ECM) and Security. The architect views security as stopping bad guys from getting in (the Firewall Syndrome). The document management view casts security as assigning permissions (the ACL syndrome). They're two sides of the same coin, but they're quite different.

James Governer has prompted an important discussion on his popular blog regarding ECM and Security. He raises some very good questions while lobbying enterprise buyers to team with him to pressure ECM vendors to respond. I'm sure many ECM vendors will be secretly annoyed about this, for they pride themselves on their security capabilities. But it points to two different perspectives around security. The Architect views security as stopping bad guys from getting in (the Firewall Syndrome). The Document Management view casts security as assigning permissions (the ACL syndrome).They are two sides of the same coin, on the surface seeming similar but nonetheless remaining quite different. One is about putting up barriers, the other about ensuring that the right information is delivered to the right person at the right time. A vendor told me today they had 57 different types of permission levels, managing security not just from an object access viewpoint, but also via state and lifecycle of that object or group....now that is security DM style! It is quite different from (though compatible with) the Architect's world of Indentity Management, Encryption, and Electronic Signatures.

My suspicion is that many of James' (very valid) requests will be met by the emerging ECM platform vendors at the platform level, but not by application providers (bulk of the current ECM crop) who will more rightly focus on their need to manage tight control of content objects. Enterprise Security and ECM Security do indeed need to work in harmony and more standardized platform elements will help this, but two very distinct views of Security will remain: one at the enterprise level, and one at the document administration level.

Alan Pelz-Sharpe is a principle analyst at CMS Watch. Write him at aps@cmswatch.comJames Governer has prompted an important discussion on his popular blog regarding enterprise content management (ECM) and Security. The architect views security as stopping bad guys from getting in (the Firewall Syndrome). The document management view casts security as assigning permissions (the ACL syndrome). They're two sides of the same coin, but they're quite different.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.