“When Content Goes Out The Door, Control Goes With It.”
If you are a goofy optimist, this statement might seem self-explanatory. And, you might feel comforted. But I’d have to wonder if you are clear on the facts: content is in motion far more often than in the past – and enterprise confidence in its protection should seriously be in doubt. If this comes as a surprise, I am happy to be the messenger. Every business leader should be up all night with worry given the problem. Because few people have the right answers. And, for once, those that do aren’t lawyers. Or technologists.
How do I know? There’s a protracted conversation on LinkedIn among legal technologists about whether file sharing via Dropbox is a bad idea (even as many lawyers they work with no longer care how their colleagues in IT feel about it). Of course it’s a bad idea. Yet, the same tension is being felt in every workplace across the world – and the FUD (Fear, Uncertainty, and Doubt) is undeniably building. In the brave new world of Mobile Computing/Cloud/Social there’s an evil old world underlying truth – hackers, phishers, scammers (and even governments above them) are interested in your content, and are having little trouble acquiring it. Could your competition be far behind?
Maybe this is a direct consequence of the “dress down Fridays” mentality. Imagine sending your most important proposal or patent application or even your personal patient files… wearing shorts and flip-flops. That’s mobility. It’s good. You probably do this often. But, what kind of impact would your vital business or personal information have if it showed up similarly clothed: in shorts and flip-flops? Dude – that’s bad. Worse still, you aren’t sending your deliverables to Cancun; you’re sending them to North Korea or Bulgaria or Azkaban.
Would your competitors kill to get detailed terms, conditions, and pricing that a captured proposal contains? Maybe not. Would they at least consider steaming open an envelope? Probably so. That’s what theft of trade secrets, price lists, intellectual property, etc. now constitutes: nothing more than steaming open an envelope. Usually a PDF file with password protection. That’s a poor way to protect your most valuable property. By my estimate, there are exactly the same number of cracking tools as there are PDF files online. Now imagine the heroes of recent movies like Hurt Locker or Zero Dark Thirty facing the perils of war in under armour alone. Would director Katherine Bigelow send her cinematic soldiers to distant lands without a stitch of protective gear? She would not. It wouldn’t be credible. And, you shouldn’t either.
Here’s why: I think we face a mobile-day dilemma because our consumer behaviors threaten enterprise reputations. How bad would your customer feel if a contractor working on the big process improvement project sends a copy of your software sales proposal to a friend of theirs in a competing software company. Not bad enough. Worse still, it’s merely a momentary bad – like taking another cookie when there are only three left on the plate. It’s clearly time to take stock of the risks and rewards of Content in the Cloud. Many of the people in my life – family, friends, colleagues alike – are aware that their actions have consequences in theory, but aren’t really sure what those might be in practice. So, I’ll offer a few ideas in hope of starting a dialogue. Perhaps even a call to action about changes in control as various hand-offs occur when content traverses the void between local repository/file server, device, email, Cloud host, customer, etc.
*What Would Katherine Bigelow Do (with the final shooting script for her next movie, for example)? She’d dress her deliverable to do battle before sending it to a potential investor. You, as the armorer of your enterprise, should do the same.
- Valuable stuff needs safeguarding: store your deliverables in a regulated repository (on-premise) and have all versions accounted for. This policy can be automated. I can’t count the number of times a ‘final version’ gets changed ‘one last time’ by someone who then attaches this rogue new file to an email and sends without storing as a new version.
- Prep your stuff. Convert deliverables to PDF and password protect them. Do not confuse this with actual content risk management. But PDF is still ‘common currency’ for file sharing and everyone has access to the viewer.
- Add a content rights management wrapper to the file. Set permissions (can’t forward, print, copy. Can view and edit.) and then set an expiration date. In order for content to persuade people most effectively, it should have a freshness stamp. When business gets concluded on old documents, money is lost and relationships suffer. The key ability is to be able to destroy documents from afar if they’re old or being misused.
- Attach to email (fair) or send via secure file transfer (better). In both cases, encryption and metadata cleaning are enforced by automated policy. Set the message to High Importance and check that both a delivery and a read receipt (as well as any deadline dates) are included. Copy the CRM or engagement systems. These are also steps that can be automated by policy.
- Store the signed contract or track the outcome of the deliverable even if unsuccessful in building business. It’s amazing how often results aren’t evaluated carefully to improve the process for efficiency, effectiveness, and protection.
Bottom line: the farther your deliverables travel beyond the firewall, the more ways you’ll want to protect them. Sometimes, this includes destroying them to keep them safe. Scorched earth policies can be much more palatable when there’s a backup of your stuff stored safely at home. Next to your flip-flops.