How AIP Works With Document Management Systems

Tricostar has produced a unique API which allows Microsoft AIP to work in harmony with your document management system (DMS), whilst ensuring full encryption and protection, with no risk of exposure. Why is that important?

A Lawyers business is words – words create documents – and those documents need to be categorised and stored somewhere safe. The market leaders in document management are well known, and what they do helps many law firms do their work more efficiently.

However, in our discussions with law firms, many are also ascribing features their Document Management (DM) solutions don’t have. Specifically, in the area of security, resulting in a false sense of security regarding their Document Management solutions. So, we hear comments such as “Our Document Management system is highly protected, all the files that are stored there are encrypted and more…”.

In one sense this statement is partially correct – most of the DM solutions out there do provide a measure of protection. However, they do not encrypt the data and in the main just change the file structure. One reason for this is that those DM solutions that provide auto-categorisation and other cool features can only accept a “readable” file before they change the file structure to provide a measure of security.

So, DM solutions are good at what they do but the bottom line is that to protect the documents inside them you must have an impenetrable, cyber-attack proof perimeter, and of course, there is no such thing.

If you are in any doubt about that then a new IDC Perspective Report, entitled “Is Data the New Endpoint?” is well worth reviewing. One pertinent quote from the Co-author of the report, Simon Piff, Vice President, Security Practice for IDC Asia/Pacific, said:

“Strategies to protect data must evolve if we are going to successfully protect this valuable resource in the future. It’s clear from the almost constant barrage of headlines announcing the latest data breach that we are not able to secure this asset with the strategies we have used in the past. Perhaps by reconsidering our approach to how we think about data, we can create improved strategies to secure this increasingly valuable asset.”

This view was echoed by Covata’s CEO and Managing Director, Ted Pretty:

“Traditional perimeter security strategies that have focused on hardening the networks and systems supporting the data, rather than the data itself, are what needs to change. A perimeter-focused strategy is no longer sufficient, and many security technologies are simply applying that same failed approach.”

Of course, your documents just don’t stay resting inside your DM system. What about all the files outside your file Cabinet, outside your DM system?

• Files on the computers (stored locally, on file servers, on mobile devices)
• Files in transit (via email, via cloud services such as Dropbox)
• Files outside your perimeter – files that already left the company (both that you are aware of and those you are not)
• Files shared with your business partners
• Files that are exported
• And many more examples

In today’s reality – We need a wakeup call – There is no secure perimeter!
Perimeter protection does not provide the required level of protection or GDPR compliance.

Document Management solutions do not provide file-level protection – they protect the “cabinet”- not the file.

Real protection must provide: –

1. File level security – protection on the file level so the file is still protected o matter where it is stored (For example a file that was exported from your ERP system and saved onto a Google Drive should still be Protected).
2. Protection during creation i.e. You don’t protect your File Cabinet (File server or Document Management solution) but the file itself.
3. Complete visibility and traceability when your protected files leave the company, for example when you send a sensitive spreadsheet to any 3rd party.
4. RMS (Rights Management Software) Tracking – you can see exactly WHERE, WHEN & WHO accessed your protected files.
5. Remote “Control” that allows you to Revoke files even if they left your company’s perimeter.

There is one product that that does all the above for you – Microsoft Azure Information Protection (AIP).

Our cybersecurity team has had many years’ experience with AIP’s software origin (Secure Islands Technology – purchased by Microsoft in 2015 and re-engineered for The Cloud), and have developed a proven implementation methodology and software to integrate AIP with your DM Solution. Today by using this proven implementation methodology, we are working with organisations to provide a smooth implementation and ensure that sensitive and confidential data cannot be accessed by anyone without the express permission of the originator.

In Summary:

• “Filing Cabinet” perimeter protection is an important tool but it does not provide that level of security that we need in today’s landscape. It also is not sufficient for GDPR in most scenarios.
• When addressing sensitive data security, we can’t take any shortcuts. Protection must be implemented from the file level and onwards – not the opposite.
• There is no need to replace your DM solution – Tricostar has a unique API which allows Microsoft AIP to work in harmony with it, whilst ensuring full encryption and protection.