Visiting AIIM 2016 was both an insight into the market and a challenge.
First the insight : As a security focused organization, we have spent much of the past year in the world of the CISO. It is a space that we are very comfortable in, and it was interesting to see the challenges being faced by the AIIM community and fundamentally orientated towards the acquiring, categorizing and disposing of information. Understandably many of these assets were paper based, and (of course) securing the paper was seen as critical to the mission of client organizations. Yet in the digital world, security was seen as a “given” and questions about real-world security concerns were frequently met with assurances of policy implementation.
Herein lies the challenge: Designing secure solutions is not enough, it requires regular review and pattern based auditing.
Once data leaves secure repositories unless you have a DRM solution in place, consider the data to be at risk. That is the value of adding DRM to your ECM solution. If you can’t assign, track and revoke access to an asset it may as well be on Facebook.
One talk that particularly resonated was that given by Russ Stalters entitled Information Management – The Technology Doesn’t Matter. In it he makes a persuasive case for holistic views of compliance (and we include INFOSEC here) across multiple mediums and uses of information. Finding the balance is key and he spoke to using multiple influence strategies to deal with the entire system (not just the technology).