A recent news dated on 10th Mar 2023 from The Straits Times titled, The Big Story – Military Docs Leaked Online, where leaked confidential defence documents have been put up for sale online by hackers. The report states that at least 2 Singapore entities were listed in the leaked documents. Even though the leaked military documents do not contain current or any sensitive documents and is still under investigation. This news certainly brings us into thinking what can be done to secure these documents. Are there any Document Security solutions available?
What is Document Security?
For any organisation, effective communications have to be made across all channels (from customers, employees to stakeholders) and most of the time it carries valuable and important information (which at times are classified or even confidential in nature). Due to this fact, we should be concerned on the very fact of how secure is this document? Is it safe from ill-intent parties?
Well, on this basis, document security, sometimes known as document access security, are dedicated security procedures that are put in place to deter data manipulation and reproduction of critical or strategically important documents that can be shared safely internally and externally.
What are the common practices?
The usual practices that were adopted, including password protection, provide only secured document sharing links to intended parties. But is this enough? Are we able to secure our document in this way?
Therefore, to determine if our documents are actually secure, let us take a look at the life cycle of a few documents security requirement to see if our documents are in a secured state at this point of time.
The life cycle of a document revolves around 3-stages: processing, transit and storage. Documents will be at risk if access approvals and audits are not in place. Though we can send documents to the intended party, but documents can be hijacked while in transit. In storage, we can always set password implementation on the user access but unfortunately most of the time hackers can easily “pass through” this protection and when they do, they have full access to all of our documents.
When we understand the lifecycle of a file, we can then observe what can be done to greatly improve the data security of our documents.
ABAC (Attribute Based Access Control)
Digital transformation has greatly created new ways to work smarter and faster regardless of location and time. Also, with the increased needs of collaborating on and sharing sensitive or classified information, new security risks and problems have evolved and need to be resolved.
One of the possible threat vectors could possibly be – insiders. According to a report by Ponemon Institute published in 2020, globally the cost of insider threat which involves negligent employee or contractor accounts for up to 62% of security incidents with malicious insiders contributing another 23%. Hence, data security that addresses insider or external threats is paramount for enterprises, government, defence industry, research, intelligence as well as supply chain collaboration.
Traditional security tools are focused on protecting systems from external threats. To address insider threats a new security model is needed that focuses on directly protecting what is at stake – DATA.
Hence, Attribute Based Access Control (ABAC) is the solution.
Attribute Based Access Control (ABAC) is a Zero-Trust, data-centric security model that uses dynamic policies to control who accesses information and under what conditions.
With an ABAC-enabled solution, policies can be based on any combination of user attributes, content and environment attributes. This methodology allows the governance and security teams to create policies that dynamically adjust access, usage and sharing rights based on real-time comparison of user context and file content to enforce regulations and policies.
ABAC policies will ensure only the right people can access the right information at the right time.