Unlock your data

Inside the Enterprise: Regulations and compliance can put barriers between information, and the users who need to work with it.

Keyhole on computer screen

Businesses in sectors such as health care, manufacturing and financial services are under increasing pressure both to keep information for longer, and to control who has access to it. Regulators, such as the Information Commissioner rightly want to make sure personal information does not fall into the wrong hands.

Businesses also have to comply with industry-specific regulations that control who can see documents, who can amend them, and even where in the world those documents can be viewed.

Once the data is imprisoned, anyone who needs to access it needs to apply for visiting rights.

This, some businesses are finding, is causing IT and compliance departments to put an ever wider range of documents under lock and key. Whilst this might ensure compliance, it can also make it hard for employees to access the information and data they need to do their jobs.

Advertisement - Article continues below
Advertisement - Article continues below

According to Rohit Ghai, general manager for the content and case management group at EMC, the result is that companies put their information in vaults. In effect, they "imprison their data," he says. And, once the data is imprisoned, anyone who needs to access it needs to apply for visiting rights. Hard-pressed IT departments, already dealing with ever-larger quantities of information, simply do not have the time and resources to control information access.

The answer, at least in part, lies in greater automation. As Ghai argues, using automated tools to index and classify information will become a necessity, if businesses are to keep on top of petabytes of sensitive information.

Automation will also be needed to apply access policies to that information, and to determine when those policies have been breached. But at the same time, IT departments need to respond to the needs of users who want to access company documents on the move, especially from personal devices such as tablets, or smart phones.

At EMC's Momentum conference in Berlin, Ghai demonstrated a software prototype that will allow mobile workers to access documents from an iPad, but applies information access policies on the fly.

So, for example, if a user is permitted to view information that is restricted by the US' Department of Defense regulations, only when he or she is in the US, the document management application will allow that access from a US IP address. But if that same user travels outside North America, access will be blocked and the blocked access attempt logged for compliance reasons.

The attention to detail in the system is impressive: even thumbnail views of documents are suppressed, just in case sensitive information could be viewed that way.

Advertisement - Article continues below

Implementing such systems, though, is about more than investing in the software. Companies need to think about who should access their data, where, and under which circumstances. That includes from which type of device.

Automating policies - and compliance with them is well within the reach of technology. Deciding what those policies should be is not just an IT, but a board-level task.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
cyber security

If not passwords then what?

8 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020