The Xplor View - July 2008 - (Page 23)

What are the latest developments in knowledge management for large organisations? - Part two The weakest link in any network is the user. Although external attacks are mostly digital, the most successful exploit the vulnerabilities of the user. Recent surveys indicate that at least 30 percent of workers leave confidential information on their desks at the day’s end and over half of these have said this information has disappeared. With published online articles, the posted article becomes a permanent, searchable, and public document and assumes the legal properties of printed public media. Most employees have never before been in a position where they could risk making unsafe public statements. The main risks these employees represent are risk to intellectual property; risk of slander and privacy invasion; and risk of breach to security or compliance law. The organisation has little legal right to tell an employee what he or she can discuss in external and personal wikis and blogs, unless there is a real legal breach in content. In collaborative environments where remote access is possible, there is an extra need for security and for verification of authorised user identity. The effects of a hostile hijacker can be damaging to frail virtual relationships based on trust. IM has created cause for concern in this area, especially as it forms the basis for many web conferencing applications such as shared whiteboards and other ad hoc communications. Once connected to another user, your systems are open to whatever virus, rogue protocol, or worm they may have. Also once it infects your IM system, it can then attack every other contact on your list. Technology solutions for such external threats have come a long way since the start of e-mail. Although point technologies were initially created and used, t oday’s environment demands that e-mail and IM security be an amalgamation of monitoring both ingoing and outgoing content by using software-based firewalls. Multi-layered security software can now be found for e-mail, which protects every level of the e-mail infrastructure, filtering mail at the desktop, gateway, mail server, and other levels. IM threats can be combated by using IM ‘Hygiene’ technology, which tracks all IM traffic traversing the organisation’s firewall and inspects messages for any hint of viruses or malware. However, some newer technologies also introduce new security vulnerabilities. Voice over Internet Protocol (VoIP) technology may be ready for use, but its potential security weaknesses are not always fully understood. End-to-end VoIP will connect hundreds of open networks where anyone can connect to as many others as they choose. Hackers could achieve a denial of service attack by re-routing international calls through a targeted system or finding ways of tying up telephone connections. In extreme cases organisations could be held at ransom for fear of this happening. With confidentiality and trust-based relationships at stake, this is one area of social technology that is going to need serious attention and until it is, corporate adoption is set to be slow, even if inevitable. These new tools bring the threat of liability Businesses today ‘regularly execute contracts with a click, amend them with a voicemail, and breach them with a blog.’ A court of law will ignore what tool was used to create the content or what format the information is in. Legal insecurity is why many organisations may currently wish to steer clear from new collaborative tools. Within an increasingly regulated business environment, where the territory is still undefined, many feel that the pitfalls of new regulations are currently easier to get into than they are to get out of. To compound this issue further, the amount of information that organisations now need to store has also increased considerably. Yet many organisations are still unsure about what to store and for how long to keep the records. As an example of some of the complexities involved, imagine a corporate storage or back-up system that auto archives all documentation at the end of each working day. Surely such a system is compliant? To police what an organisation’s employees are allowed to do, electronic or e-policies are required. However, instances exist where employees have still managed to damage their organisation’s reputations whilst staying well within company policy and guidelines. However, if any of the documents archived hold personal details; they could be in breach of a national Data Protection Act. Such acts stipulate that this type of information must be erased once it has served its purpose and is no longer in use. The complexity of such situations is pushing organisations to outsource these responsibilities to managed service providers. Many employees do not realise that with tools such as e-mail, even after deletion, the data remains on disk until it has been reused to store new data. Such data is called ‘residual data’ and can be easily recovered and used as evidence in a court of law. Compliance regulation has also sparked a flurry of activity from vendors looking to secure customers. Their packages must not only prove that the organisation’s business processes and procedures are compliant with the law, but also need to bring new efficiencies to the organisation’s activities. It is, however, worth keeping some perspective here and realising that if a company spends more on becoming compliant due to fear of liability than it does on creating new business for itself, it will then put itself at risk. Encryption and e-policies can provide a solution to these issues Encryption of sensitive information helps to ensure that, even if an intruder has managed to get past firewall and other authentication systems, the data will still need to be deciphered before it can be of use. The intruder would usually need to have access to an encryption key and the encryption algorithms used to do this. Cryptography is also useful for ensuring the safety of stored data that needs to be transported off an online archive onto hard copy. Most European government authorities cannot access the decryption key for encrypted information, except by court order. However, once they have this, your organisation is obligated to co-operate fully with authorities, even to the point of self-incrimination. The encryption solution also has some drawbacks. If, for example, content is encrypted before it is sent out in an e-mail, your organisation would need to ensure that all possible recipients are able to decrypt and view the contents. Certain organisations have overcome this problem by using, for example, a tailored web-based decryption solution. A similar issue arises with using a content filter to monitor content in outgoing e-mails; it would need to be able to decode the encryption. Content control for the organisation would otherwise be near impossible. On the positive side, it also means that unauthorised filters looking for credit card digits, for example, would be blind to encrypted data. With encryption, the organisation needs to balance out the insecurity of plain text with the insecurity of not knowing what is being sent out of the company. However, cryptography is becoming more accepted as part of a multi-layered security strategy especially with the types of mandates being faced today for integrity and authenticity of data. Waterstone’s: Waterstone’s is a UK-based bookseller. In 2005 it was forced to admit publicly it was in the wrong for firing an employee due to comments he made on a personal blog. The result was publicly embarrassing for the organisation to say the least. Waterstone’s was eventually forced to offer the employee his job back. 23 Issue 5 July 2008 The VIEW Journal Xplor European Edition

Table of Contents Feed for the Digital Edition of The Xplor View - July 2008

The Xplor View - July 2008 Contents Cover Story: Drupa 2008: The Highlights Review New Technology: Inkjet Technologies Moving Forward New Technology: QR Codes: Leading Edge but not Bleeding Edge A Fresh Look at Electronic Document Delivery Management: Growing Your Business Through Tendering The Experts Versus the Amateurs News: Xplor UK & Ireland Supports Total Print! Expo� Part Two: The Latest Developments in Knowledge Management Xplor Europe News: Short News Items for the Xplor UK Programme and Europe News

The Xplor View - July 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.