TalaTek, LLC
TalaTek, LLC
Compliance through Risk Management

Titus Labs helps leverage secure use of metadata across the enterprise.

A new FCI application from Titus Labs

Most people have a nice, clean mental model in their heads of how information should flow through an organization. And most people know that things don’t often work quite that way. In a normal workday, documents, presentations, spreadsheets and e-mails are created, shared, updated, duplicated, lost, found and forgotten. Managing this ebb and flow presents opportunities for both costs savings and also greater security in the organization.

While a file or doc is fresh in the minds of the originator and a small group of collaborators, it may be manageable to remember who has the latest version, why the group is working on it, who should have access to it, how it relates to other content previously created, where it is stored, when it will no longer be relevant, etc.

With larger collaborative groups, and with the passage of time, the details and context can get quite murky. New approaches and tools are needed to track and leverage this “information about information”, that is generally referred to as metadata.

Automated systems can leverage metadata to manage files, such as by identifying and archiving files that have not been accessed for a long time. Knowledge workers can use this metadata directly as a powerful aid while searching the organization’s information assets as well as getting additional context while browsing, such as seeing with which project a file may be associated.

In a typical corporate environment, files may be stored locally on a user’s “desktop,” on file servers, and in information sharing portals. To take full advantage of the power of metadata, the files must be viewable and modifiable at all three “locations,” and they must be preserved as files flow through the organization.

Through Microsoft Office’s ‘Document Properties’ in Word, Excel, and PowerPoint, users can set standard and custom properties such as subject, author, and keywords. This metadata is stored within the file itself and generally remains with the file as it moves around the organization.

But even greater metadata power is available in Microsoft in the new File Classification Infrastructure (FCI) in Windows Server 2008 R2. FCI provides the ability to quickly add and edit classification metadata in files, including “properties.” Similarly, Microsoft SharePoint 2007 makes it possible to add custom columns to document libraries for displaying and editing file metadata. Both of these server products allow metadata to stay associated with the file as it is uploaded and downloaded.

This file metadata can be extremely useful security contexts. For an organization working to comply with privacy protection regulations, one important task might be to search a file server for all the files created by the HR team and then ensure each file is marked to indicate whether or not it is sensitive. This is potentially a huge effort.

Titus Labs has built an application using FCI to automatically apply security classifications to files in bulk based on the file owner’s role, independent of where on the server the files are stored. Since the classification metadata is stored in the file properties itself, when that file is downloaded and viewed by a user, the classification can be displayed and edited. This classification metadata can also be detected by Data Leakage Prevention (DLP) systems in case a user inappropriately attaches the file to an outgoing e-mail.

The same file classification metadata that was set on the desktop, or through FCI, can also be displayed and used in SharePoint by defining a custom column that matches the name of the document property. This classification metadata can then be used to automatically set and enforce access control rules and permissions with a greater degree of flexibility than the typical approach of using inheritance.

When file classification and other metadata is preserved as it flows around the organization between desktops, servers and e-mail, the potential security and productivity advantages are significant.

For more information on the new Titus Labs application, visit: http://www.titus-labs.com/titus-blog/

Articles

Top of page

Site Map | Terms/Privacy

©2006-2012, TalaTek, LLC; All Rights Reserved.
All trademarks are the property of their respective owners.
Log in | Site Admin

Website by
Compelling Concepts

What we're talking about in our articles:

Browsers Classification Cloud Computing Compliance Continuous Monitoring CUI Cybercrime Cybersecurity Data loss prevention Data Security DHS Federal law FedRAMP File Classification Infrastructure (FCI) GISLA Inadvertent disclosure Information Security Law Firms log management services Metadata Risk Management Titus Labs WikiLeaks

TalaTek, LLC is a woman- owned small business

NAICS 541330, 541511, 541512, 541513, 541519, 7376, 7379

GSA Schedule GS-35F-0655V

W8 - Women-Owned Small Business (WOSB) SBA Certification

SWaM Certification 690997