Security and Enterprise Content Management

  • Robin Raju 1
  1. 1.  Eastern Institute of Technology

Abstract

Enterprise Content Management (ECM) systems support organisations to manage increasing complicatedness and quantity of data and information. They help enterprises to store information and provide access to that information from anywhere in the world. ECM systems have many advantages like work flow management, easy availability of documents and provide security to these documents. However, there are also security threats and areas of vulnerability, for enterprises and their documents. This report investigates the reasons for considering ECM systems, the benefits, and security challenges associated with popular ECM tools. The paper also specifies some methods to reduce security challenges and concludes with a brief summary of the findings.

1. Introduction:

Enterprise Content Management is a lifecycle process and a dynamic combination of strategies, methods and procedures used to capture, manage, store, preserve and deliver information that provide sustenance to key organisational processes. It helps to handle different types of structured and unstructured information in an enterprise. ECM involves both technical and strategic aspects of management of organisational contents over their lifecycle, therefore play a very important role in the success of an enterprise. The transformation from traditional document management concept to ECM application is a time consuming process and several issues revolving around it. But it can be avoid to some level using organisational security policies.

As a result of the rapid growth rate of electronic storage and transmission of information, the need for information security is increased at both personal and organisational level. Because the security threats sometimes cause the loss of information and thereby leads to failure of the business (Yildirim, Akalp & Bayram, 2011). So it is important to have a method to manage and secure information from security threats and risks.

The major asset of an enterprise is its contents and so selecting an ECM tool which contains the features to guarantee the confidentiality, availability and integrity of the data it handles is a crucial process (Peterman, 2009). ECM helps to align business process and increase organisational communication. It supports organisations to set administrative privileges on data and also provides secure electronic documents.

2. Body

2.1 Enterprise Content Management (ECM):

Enterprise content management (ECM) is adopted by many organisations and it helps them to manage all daily generated contents and these sensitive information contents need to be available for all users while protecting it from unapproved access. ECM manages all unstructured contents in an organisation and this make direct impacts on employee productivity, business efficiency and IT infrastructure complexity (Shaw, 2013). According to Gartner, the popularity of ECM increases in recent times and it helps organisations to cope with government standard and regulations, and upgrade organisational reputation and competiveness in the market place. ECM supports in identifying problems and helps in making quality decisions at fast speed ECM allows transparent content sharing by making divergent and incompatible applications like web content management and records management interoperable (Alalwan, Thomas & Weistroffer, 2014).

The key elements of ECM are:

Description: D:\ECM\Untitled.jpg

            Figure1: Elements of ECM (Saxena, 2013)

2.2 Reason for Considering ECM:

There are several factors that support the implementation of Enterprise Content Management systems in modern enterprises. ECM applications can help organisations to reduce the usage of paper in its processes and assist organisations to keep focus on key functional areas, without being worried about compliance. It also supports in increasing employee productivity, efficiency and agility and supports business continuity and most importantly it offers an opportunity for organisation, to display their principles and motto to the outside world thereby helps in the improvement of the organisation (Saxena, 2013). Besides this there are some operational benefits which includes cost saving, traceability, reduction of duplication and enhance search and retrieval of information across platforms (Hullavarad, O’Hare & Roy, 2015).

2.3 Enterprise Content Management Security Issues:

Enterprise Content Management solutions made great impact on the business and it helps to minimise risk, improved customer service and reduce operations costs (Hullavarad, O’Hare & Roy, 2015). But still ECM systems have several security risks or breaches. For example dangerous XML vulnerability was discovered in WordPress and Drupal which is capable to take down an entire website or server almost instantly and it is very serious because these tools are used by millions of websites (Warren & Goldshlager, 2014). As one of the most popularly used ECM tools, SharePoint is also exposed to several serious content security risks. Malware is a possible threat as the software is used in a web based environment, and sometimes even used on mobile devices (Erturk, 2012). However, the more common SharePoint security risks include: lack of SharePoint content awareness, failure to secure SharePoint against privileged insider accounts, not enough audit trails for SharePoint usage and administrative access, network configuration issues, and access controls and permissions that are not well configured (Fleck, 2013). Furthermore, the risk of backup failure, if not managed properly, may cause serious consequences to the organisation.

2.4 Security Benefits of ECM:

Security features provided by Enterprise Content Management systems can be considered from three different areas, people, process and documents. ECM tools help companies to establish an effective security controls by migrating to an all-digital format and provide access control permission rules for users on different sets of documents, thereby reducing security threats from inside. One of the top ECM tool M-Files eliminates the scenario of data loss by using an electronic document management solution and creates periodic backup copies to a secure off-site or onsite location (M-Files, 2011). M-Files enterprise information management (EIM) solution allows sharing and accessing contents while make sure that organisations information remains secure and protected (Javanainen, 2015). ECM systems offer secure document management, document authentication, integrity and privacy. ECM solutions provide security and safety to the information through comprehensive audit trails and proactive reporting techniques and so it is implemented to protect organisations IT infrastructure and documents from data breaches (Smith, 2015).  Through Digital Right Management, Digital Signature and Public and Public key encryption ECM tools restricts external access to the contents during the creation, management and delivery of information.

3. Discussion:

Enterprise Content Management (ECM) systems are used to store and manage enterprises structured and unstructured information in a digital format which can create tremendous impact on the business processes. It provides a powerful provision for control and examines information and helps to minimise the time for searching data, manage data and enable institutions with regulatory compliance (Hullavarad, O’Hare & Roy, 2015).

Security is the major reason for most organisations implements ECM solutions. Now organisations are faced with increasing difficulty, unpredictability and enhanced threats from wide areas and the business success or value depends upon the way in which the situation is handled. ECM solutions maintain as much security as they can within the platform but sometimes it become difficult to handle the threats from outside and also from inside (Jenkins, Kohler & Shackleton, 2005). So organisations encounter many challenges when implementing ECM solutions in their business process because it includes people, process, technology, budget and management. Now most of the enterprises heading to cloud based ECM solution and so it is important to consider the security risks associated with it like problem with vendor, security risks during information transmission, storage and when ECM vendor’s security outsourced and problems in data backup (Stackpole, 2015). So it is important to reduce all challenges and select the right ECM solution with better security features.

The primary challenge for organisations while implementing ECM is in selecting the right vendor and software which satisfies enterprises needs and to manage information in different file formats. Most of the ECM tools, for example WordPress and Drupal, issued regular security patches to reduce security challenges. By performing periodic content scans, end user training, regular antivirus updating and through the implementation of a server malware solution enterprises can reduce the risks associated with Enterprise Content Management solutions (Fleck, 2013).

4. Conclusion:

This paper has analysed the benefits, the security issues, and the challenges associated with Enterprise Content Management (ECM) Systems. ECM creates a positive business impact and plays a very important role in the success of an enterprise through minimised risks, improved customer services, and by reducing the overall operating costs. The paper has attempted to show that a proper understanding of the nature and format of data and information is crucial to automate related business processes. The paper has also mentioned about the security issues in popular ECM tools (such as SharePoint) and has also brought up some ways to mitigate the challenges and risks connected with ECM applications. The advanced security features offered by current ECM systems need to be utilized effectively against information security issues.

5. References:

Alalwan, J. A, Manoj, M. A & Weistroffer, H. R. (2014). Decision Support Capabilities of Enterprise Content Management Systems: An Empirical Investigation. Decision Support System, 68(2), 39-48. Retrieved from http://dx.doi.org/10.1016/j.dss.2014.09.002

Erturk, E. (2012). Two Trends in Mobile Malware: Financial Motives and Transitioning from Static to Dynamic Analysis. International Journal of Intelligent Computing Research (IJICR), Volume 3(3/4), 325-329.

Fleck, M. (2013). Top 10 SharePoint Content Security Risks and What to Do About Them. Retrieved from http://sharepointpromag.com/blog/top-10-sharepoint-content-security-risks-and-what-do-\nabout-them

Hullavarad, S., O’Hare, R., Roy, A. K. (2015). Enterprise Content Management Solutions- Roadmap Strategies and Implementation Challenges. International Journal of Information Management, 35(4), 260-265.

Javanainen, M. (2015). Risky Business @ Work: Storing Company information in personal File Sharing Apps. Retrieved from http://www.m-files.com/blog/risky-business-work-storing-company-information-personal-f\nile-sharing-apps/

Jenkins, T., Kohler, W. & Shackleton, J. (2005). Enterprise Content management Methods: What You Need to Know. Retrieved from https://books.google.co.nz/books?id=DTyQIFM1QFUC&printsec=frontcover - v=onepage&q&f=f\nalse

M-Files. (2011). Easy Document Management a Guide to Benefits, features and selection. Retrieved from http://www.m-files.com/Content/documents/en/res/DM_White_Paper.pdf.

Peterman, N. (2009). Threat Modelling of Enterprise Content management Systems Retrieved from http://www.iids.org/aigaion/indexempty.php?page=actionattachment&action=open&pub_id=29\n6&location=ThesisNickPeterman_1543490_V1.pdf-234384ae81a690392cbcb212b03788e1.pdf

Saxena, V. (2013). Making ECM Projects Relevant to Business. Retrieved from http://www.infosys.com/manufacturing/resource-center/Documents/ECM-projects.pdf.

Shaw, L. (2013). Top 10 Criteria for Choosing an ECM System. Retrieved from http://www.oracle.com/us/products/middleware/top-10-criterias-for-ecm-wp-1939579.pdf.

Smith, B. (2015). Is ECM A Valuable Tool Against Data Security Issues?  Retrieved from http://www.amsimaging.com/blog-0/is-ecm-a-valuable-tool-against-data-security-issues

Stackpole, B. (2015). To Cloud or Not To Cloud: The Ultimate ECM Question. Retrieved from http://www.contentverse.com/cloud-cloud-ultimate-ecm-question/

Warren, C & Goldshlager, N. (2014). Major Security Vulnerability in WordPress , Drupal Could Take Down Websites. Retrieved from http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ - O6x9XLxbs5k.

Yildirim, E. Y., Akalp, G. & Bayram, N. (2011). Factors Influencing Information Security Management in Small-And-Medium Sized Enterprises: A Case Study From Turkey. International Journal of Information Management, 31(4), 360-365.

Showing 1 Reviews

License

This article and its reviews are distributed under the terms of the Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and redistribution in any medium, provided that the original author and source are credited.