Information security of document flow
Since the systems of electronic document management have ceased to be an innovation in most companies and banks. They are implemented as a standalone software product or module in an enterprise management system (ERP). The issue of information security of document management systems arises most acutely when the participants in the exchange of documents are geographically separated and data circulate not only within the same local network. The issue of protecting trade secrets and personal data becomes especially important when placing an EDM system in the cloud.
The need for electronic document management systems
Electronic document management systems save human and time resources, simplify document control, save the history of approvals, which makes it possible to understand the responsibility of each employee for document execution. At the same time, they are budgetary, do not create a significant load on the information system, and are easy to maintain.
From the point of view of business logic, electronic document flow is necessary if:
- the volume of the company's documents, the number of coordinating departments and performers are large enough to process information flows manually;
- a contract has been concluded with the company's counterparties, which implies an electronic document exchange format.
Implementation of workflow from scratch in a company requires a preliminary solution of two tasks related to the implementation of a strategy for maintaining data integrity and confidentiality:
- protection of information objects containing information constituting a commercial secret;
- protection of personal data in accordance with the requirements of the legislation and the recommendations of the regulator, FSTEC RF.
This will help determine the choice of the type of workflow program:
- standalone program purchased under license. There are several dozen solutions of domestic and foreign manufacturers on the market;
- a module in one of the enterprise management programs, for example, "1C: Document Flow" with the ability to transfer documents from module to module, for example, from "1C: Enterprise" to "1C: Document Flow";
- part of the general program of automated company management, ERP.
In each of these cases, certain security requirements can be implemented, but in the first and second they will be limited by the capabilities laid down by the developer, in the third the software can be modified taking into account the needs of the company. An independent solution will be the development of a separate program, the protection parameters of which will be customized for the company's tasks.
The main problems of protecting the EDMS
EDMS as part of the general information system of an enterprise often does not give doubts about security if the IS itself is protected. It also gives an additional guarantee, since the work is not done with files, but only with graphic images of documents that are difficult to copy or make changes to them. Comments are entered into the fields of the document and can only be copied manually. But difficulties arise in these cases, data protection may be at risk due to incorrect system settings, lack of access control, use of self-written programs. Requirements for the protection of personal data are often incompatible with the protection parameters that are set in the EDMS, if it is in it that they are processed completely or at a certain stage.
If a decision is made to implement an electronic document management system, created in relation to the tasks of a particular enterprise, in which it is possible to implement all modern information security requirements, then the developers must invest in the EDMS:
- development of a system of organizational measures that rank user access to documents. Standard means of differentiation can only divide users into two groups - trusted and everyone else. In order to create a system for ranking users at several levels, the functionality of a regular document management program is not enough;
- building within the EDM program separate routes for documents, the level of confidentiality of which is increased;
- use of electronic digital signature;
- the use of two-factor authentication;
- encryption of documents. With a large stream of documents, encryption can significantly slow down the system's performance, experts advise using hardware - stream encryptors, which reduce the load on the system architecture.
Each company can choose its own set of solutions, it is not always advisable to use the entire set.
If possible, the ERMS should be used only within the protected information perimeter, LAN - Local Area Network. Electronic signature encryption protects the most important documents, leaving the question of which of them should be encrypted so as not to create an unnecessary burden on the business.
The problem is solved in several stages:
- a list of documents is determined, the encryption of which is mandatory;
- a list of persons whose duties include encryption and loading of confidential documents into EDF is determined;
- within the system, routes are developed for the passage of confidential encrypted documents.
Some EDM programs already on the market have built-in encryption algorithms that can be adapted to the needs of a particular company, but most of the ready-made solutions are outdated and no longer correspond to the current state of information threats. To protect personal data, certified cryptographic protection means are used, and in most programs on the market this is not feasible.
Protection of communication channels
In a company with a large number of branches and separate subdivisions, when installing an EDM system, an additional level of ensuring information security of document flow arises - protection of communication channels. It occurs in two more cases:
- when connecting remote employees to the corporate electronic document management program;
- when using wireless local area networks (WLAN - Wireless Local Area Network).
Threats to the safety of information in these situations:
- unauthorized connection to communication channels;
- interception of information;
- substitution of transmitted documents.
A data protection solution must be not only effective, but also productive, in most cases the result is achieved by a combination of encryption and secure communication protocols. But the use of VPN services is not permissible for all companies, most of the providers of this type of service are foreign services, and organizations that work with personal data or with information of a high level of confidentiality prefer to set up their own data transmission system using secure protocols. For organizations working with documents of a high level of confidentiality, the possibility of transferring them outside the protected period should be excluded; work with them is recommended only on workstations.
EDF security, new technologies and virtualization environment
The desire of most companies to create a distributed architecture of the management system, including transferring the archive to the cloud, prompts the purchase of software for organizing electronic document management, in which traffic and storage of documents occur outside the protected perimeter of the local network. It is not always safe, hackers successfully hack cloud data storage, even Hewlett Packard has not avoided this risk. An organization that has made a decision to keep an archive of documents with all comments, edits, remarks that allow assessing the quality of human resources and the presence of hidden internal conflicts in the company has an additional risk. Such internal correspondence, arising in the process of discussing and agreeing on documents, becomes an independent asset for competitors wishing to study the internal policy of the company. The protection of the cloud storage depends only on the organization providing the service, and it is necessary to pay the utmost attention to the reliability of the servers.
In addition to this risk, the change in the concept of information flow management towards their decentralization forces us to solve the following problems:
- availability of EDMS from mobile devices;
- protection of data transmission channels;
- protection of the entire information perimeter by firewalls with deep analysis functionality.
Workflow systems in which the databases are in the cloud reduce the load on the client's network infrastructure, but do not solve data protection problems. In most cases, secure VPN tunnels are used for protection when transferring information from the client's computer to the cloud, but this is not enough. Cloud infrastructure is not balanced and may fail under different load from different clients. In addition, cloud service owners admit that they are not resistant to external attacks.
Therefore, when choosing a cloud hosting service provider for an electronic document management system, you need to make sure that its infrastructure meets the requirements of the recently released GOST covering data protection issues in a virtualization environment. But if the owner of the data center has equipped the cloud storage according to all modern requirements, the cost of his services becomes too high for small and medium-sized businesses. Therefore, security issues when placing EDM systems in cloud storages are often neglected, preferring convenience, simplicity and low cost. The risk of failure of a cloud storage system with an unconfigured backup system is sometimes very high, even if it is only predictable.
A high-quality cloud service hosting an EDM program must meet security requirements at three levels:
- Physical. It is assumed that servers with information are under physical protection, an outsider will not penetrate them, they will not suffer from external adverse influences. Employees of the provider itself gain access only after two-factor identification; all system vulnerabilities are monitored continuously.
- Infrastructure. Servers with client information should only contain it. Cloud service software needs to be powerful and modern. Thus, Yandex uses 3 software infrastructure solutions: Compute Cloud, Virtual Private Cloud and Yandex Managed Services.
- Incident response. Monitoring tools should provide instant computation and blocking of external intrusion attempts.
The choice of a solution to ensure information security of electronic document management becomes a personal matter for each company. If the level of confidentiality of documents is high, for example, they contain state secrets, cloud technologies will have to be abandoned. Within a local network of an enterprise, in a secure perimeter, most data protection solutions are implemented at a lower cost and with a greater guarantee.