With today’s flood of information, how can we protect confidential documents? While ensuring that no information gets lost?
Many companies have centralised policies and confidentiality categories. They’re often hidden somewhere inside corporate guidelines, so users often see them as being purely theoretical – especially when they’re busy with their day-to-day work. And complicated processes like email encryption tend to hinder rather than help them.
So what’s needed is a set of measures that are as simple as they are effective. After all, security’s only going to be accepted if it’s practical too.
Brainloop provides high-security solutions for sharing and working on documents that ensure efficient online collaboration and include preconfigured security categories to protect confidential information. These comprise security classification settings – such as confidential and highly confidential for internal use, as well as permissions for certain groups of users, such as external people.
You can define these policies within the administration levels and they’ll apply across all folders. That way, individual users don’t need to struggle with the range of protection mechanisms.
Administration levels and roles
The way you define who’s responsible for which administration level may well depend on the size of your company, the number of users, and the complexity of your application scenario. Smaller installations generally have just one person to manage all the administration levels. This is easy as it doesn’t require any knowledge of programming.
Have you ever wondered why a setting is visible in the dataroom centre but not in the dataroom itself? Here’s an analogy that might help to explain it.
Your standard block of flats
Imagine that your dataroom centre is a block of flats. Your block of flats. The “plot of land” it stands on – in other words, a local server such as my.brainloop.net – belongs (in most cases) to Brainloop. As Brainloop owns it, we make a few initial settings on it. Depending on your contract with us, this is how we deliver your basic “block of flats” to you.
Configuring your block of flats (dataroom centre)
Now that you have your block, you can configure certain things in it. Some of these things will be basic settings that will apply to all the flats in the block – the individual datarooms – such as enabling or disabling Adobe IRM protection for your documents. You’re the owner of the block of flats, so you’re free to define the settings for all the flats (datarooms).
You can let your dataroom administrators decide on some options, such as the colour of the walls in their dataroom.
Configuring a standard flat (dataroom administration)
If we were to break down this analogy to individual “flats” and their entry permissions, this is how things would look. As the owners of the flats, the dataroom administrators use the admin tools to define the general permissions for the groups of people they’re going to allow into their property. Will their guests be allowed to ask questions (Q+A module)? Will they be allowed to see who else is in the flat (mutual visibility between users)? And can they empty the recycling bin?
Configuring the rooms (folders and documents)
On the folder level, the administrators assign individual permissions to open and view documents. To stick with the analogy, they define which guests are allowed into which rooms and what they’re permitted to do with each of the books – just read it, take it home or even change its content.
It’s important to remember that nobody can walk right into the living room before going through the hallway first – in other words, users first need to access the overarching folder hierarchy.
Hierarchical allocation of permissions
Please note that the highest security category always applies. If you’ve defined the “confidential” security category in the dataroom centre to mean that users can’t print or save a document, the dataroom administrator can’t change that setting.
In other words, once settings have been enforced on a certain level, the level below it can’t be made stricter or more lenient.
Summary
You can see how easy it is to configure your dream house to be secure and have the options you want in it. The dataroom administration is clear and makes it really easy for your users to comply with your security policies. Your sensitive data is reliably protected, access to important documents is defined precisely, and everything is logged and traceable.
Written by Robin Hoyer
Brainloop, Information Security