CIOREVIEW >> Cloud >>

How User Access Control Manipulate Cloud Content Security

By CIOReview | Tuesday, September 6, 2016

Many organizations are turning to cloud-based content management services to support their mobility and accessibility needs. Simultaneously, a new commercially-hosted service, widely known as Content-as-a-Service (CaaS), is taking over the world of content management system (CMS). While the traditional web CMS like WordPress, Joomla and Drupal provide a single solution for both creating websites and managing content, CaaS vendors offer holistic support to content management. CaaS encourages content owners to structure their content and give a wide berth to operational complexity.

Cloud mitigates several content related issues with respect to storage and availability. As more data is hosted outside the enterprise boundaries, conventional security methodologies and implementations fall short of addressing the security concern. Though it is imperative to give users more transparency and control, organizations need to weigh their concerns about security and emphasize to adapt new approaches to secure their content on cloud. Organizations must give more attention to fine-grained user access controls allowed to users in a CMS, and capture the identity of those accessing the content while storing and processing data.

Businesses need to look beyond a single form of user access control implementations to secure the content on cloud. Below discussed are some of the other access control methods available with cloud content management services:

File access controls – Unless the content is publicly accessible, file access controls guard against the threat to the content. These features allow users to store and synchronize documents, to create folders and upload content like photos, videos and other files in the cloud. Users can control their shared content and limit it to specified users or with anyone with a file-specific URL.

User-based content access – There are certain restrictions that you can impose on operations to be carried by users. Let’s say, users can be designated to ‘view-only’, ‘view and edit only’ or ‘upload-only’ permissions access for a specific file. User based content access holds extreme importance when there is a need for a job-specific task—separate participants as content generators, approvers, and reviewers.

Password-controlled access – Security for sensitive business data such as data related to finance, public and patient health, and customers needs to be fortified to thwart any attack on the digital assets within or outside the enterprise perimeter. The password-controlled access feature restricts access to sensitive files residing within folders and grant broader access of it. Additionally, some cloud content service providers also facilitate setting of expiration dates for sensitive information.

Reporting and monitoring tools – Content administrators use tools such as portal-based file and user report to monitor every new event defined by the user. Users may accumulate obsolete files, and the admin can relocate those to lower cost archival storage. Reporting feature assist in identifying the unnecessary content and enforcing document retention policies.

User identities – Organizations today have access to identity access management (IAM) system as a whole new solution for securing content in centralized enterprise directories. Content management operations can significantly be streamlined by creating a controlled workflow environment. Certain rights might be inherent for a set of employees with reference to their position, while other employees may be allowed to access the content only upon requesting.

Measure security requirements

Several content providers prefer to encrypt content before it is stored on the systems. As an alternative, if relying on third party provider is not an option for the encryption and decryption of content, businesses may encrypt data by themselves prior to upload. If the requirement is not so frequent, ad hoc management practices will be a decent substitute. But if a business plans for user-managed encryption, they need to gear up for substantial management operating cost including encryption key management and additional monitoring.