Society tends to focus on newsworthy, external attacks by cyber terrorists looking to corrupt your data and confiscate personal information. This shifts the focus away from equally as important internal security threats.
They are not as exciting and creative as viruses like Cryptolocker, but internal security threats can be just as detrimental. Cryptolocker can encrypt firm documents leaving them unusable and inaccessible, or someone inside the firm can simply delete documents for the same effect. Those granted access to your network are just as threatening to the firm – whether their intentions are malicious or accidental.
Let’s assume that we already have DMS policies in place preventing general users from deleting documents at their own decree. What stops users from exporting large numbers of private firm documents to their personal devices or from sending them via email? How do you track and prevent this type of threatening activity, and more importantly, how do you make it easy and automated?
Wertheim Global Solutions has released an add-on tool for OpenText eDOCS called Guardian that addresses these security issues. SQL tables and stored procedures are added to your DM database to track activity based on custom rules created through the Guardian interface.
Guardian provides an expansive set of customization options for creating rules. There are 83 Activity Codes to track user activities such as checking out documents, sending documents, and changing document security in eDOCS DM. You can create rules for each code based on a DM library, a DM user group, or even a single DM user.
Administrators then set two thresholds for a rule. When the first threshold is met, Guardian will send an email to a specified recipient. When the second threshold is met, the DM user can be disabled. For example, you might create a rule so that if any user in the DOCSUSER group checks out 5 documents at a time, the IT administrator will be notified via email, and if that user checks out more than 10 documents at a time, he or she will be disabled in eDOCS. The Guardian Activity Code is “Checkout” (activity 11), the first threshold is 5, and the second threshold is 10.
As you can see, the Guardian form for creating rules is simple, but not especially user friendly. Why display the un-editable System_ID field with a text box if no text entry is required or allowed? It would be more intuitive if System_ID was filled out and the text box were removed. Reorganizing the Action 1 and Action 2 options to coincide with Action 1 Count and Action 2 Count labels would make these options easier to understand. They could be switched to something like Notify Threshold and Disable Threshold.
The Explicit option is described in the manual as, “Yes/No: Set this to ‘Yes’ to limit the rule explicitly to the activity type selected. Setting this to ‘No’ will allow for all activities above the activity selected to also cause the action to be taken. NOTE: Currently, only ‘Yes’ is supported.” I take that to mean activities 0 through 11 will trigger actions at the specified thresholds. If this is a way of applying the rules to more than one activity, then it would be useful, but poorly executed. Administrators should be able to select distinct activities rather than be forced into range of set activities that do not need to be grouped together.
Lastly, options listed under the Period form entry are None, Day, Week, Month, Quarter, Semi-Annual, or Annual. Without reading Guardian documentation, this setting is particularly vague. My assumption was that this option controlled the amount of time the rule is enforced for, so choosing Week would enforce said rule for a period of one week. In reality, this setting controls when a user’s threshold is reset. If the period is set to Weekly, every week the user action count resets back to zero. This type of control would be worthwhile for rules such as exporting and sending documents. Specifying a limit to the number of documents users can export per week could help detect any unusual activity on a week-by-week basis.
Despite some UI critiques, the Guardian tool for eDOCS provides a deep level of customization, and should be able to sufficiently address any firm’s internal security concerns. What would make Guardian even more attractive would be if it came equipped with a default or baseline set of rules. What are the rules that every library should have, or the minimum requirements to start monitoring suspect behavior in your eDOCS environment? Providing a baseline or template of rules would be helpful for administrators by lessening the initial workload of setting up the tool, and marking the first steps in securing eDOCS. Setting up rules manually will require careful planning – you do not want to unintentionally disable a large group of DM users.
The Wertheim Global Guardian tool for eDOCS has the potential to adequately monitor and secure user activity for eDOCS DM. Further developing usability and simplifying implementation with a set of baseline rules could make the product even more beneficial, but for now, the range of customization options and relatively simple rule creation process make Guardian a DMS security tool worth looking into.