How To Protect Confidential Information Using Document Management

By Denny Hammack, an Overdrive contributor and president of FileSolve

We live in an age of big data where organizations handle unimaginable volumes of sensitive information.  Many companies already take proactive steps to protect online data — using advanced cloud-based security measures.  But locally stored, in-house documents are often overlooked, despite the ease with which employees can send these files internally and externally via email.

Should these digital documents ever fall into the wrong hands, it’s not difficult for hackers to abuse confidential personal and financial information.

So what precautions can you take to protect sensitive data from prying eyes?

Why Traditional Document Security Management Doesn’t Work

Basic document security usually revolves around password protections and access restrictions.  When dealing with a limited number of files (and a small group of people), it’s reasonably easy to manage permissions.

But when handling larger file volumes and more complex organizational structures, managing individual passwords and permissions becomes cumbersome.  This explains why many businesses assign access restrictions at the folder level.  Read, write and execute rules generated for a given folder apply to all of the individual files within — a process known as Access Control List (ACL).

These inherited permissions make it easy to control batches of files.  But although this legacy approach offers easier security management, it also has certain drawbacks:

  •  Sometimes an individual file within a parent folder needs a higher or lower security level.
  • Even more problematic, how do you protect files that exist in multiple locations?  Do they inherit all of the conflicting rules from each parent folder?   Or is there one master folder whose restrictions receive primacy over all the rest?  With aliases and smart folders, this is an incredibly common problem.

The ACL approach offers important benefits, but global rules are sometimes too restrictive.  Many businesses desire a more flexible approach that offers both universal and modular control over document management.

Better Document Management Security through Metadata

Metadata is an invisible layer of secondary information attached to individual files and folders.  Standard metadata usually includes things like:

  • Dates and times
  • Document creators and editors
  • Business (or licensee) names

This information already comes embedded in many documents automatically.  But you can also deliberately insert metadata to include extra information with each individual file.  And no matter where that file goes in the future, this metadata will always be attached.

The beauty of this concept is that you can leverage metadata to assign more flexible permissions.  Rather than rely on static folders, metadata allows you to “tag” files without running into legacy conflicts:

For example,

  • The “Johnson Financial” file might carry the metadata tags: draft, financial, Johnson, 2015, and March
  • All lower-level analysts working on the Johnson account can access and edit this file because they have permission to work on any documents tagged with both draft and Johnson.
  • Once this file moves to the approval stage, the metadata is changed from draft to final.  And now, only upper management can access this file — no matter what parent folder it might have.

Metadata also allows you to assign or deny permissions to entire teams and to individual members within a team. 

For example:

  • Grant access to the prototype files for everyone in accounting plus Tom and Sarah


  • When the marketing team is done with the product launch, close out their access to all schematics.  But still grant permission to Joe and Stacey because they’re the team leaders.

With some of the more advanced metadata security technologies, you can even set time-based permissions — i.e. make this file available to everyone in engineering until June 2015.

Does Metadata Offer Guaranteed Document Protection?

It is important to understand that no document security measure is 100 percent foolproof — not password protection, not metadata, and not locked file cabinets. 

As new security tactics emerge, hackers and thieves develop workarounds to bypass the latest protocols.  And thus, the security protocols themselves must evolve as well.

Metadata-based document management is one of the latest evolutionary leaps forward.  It doesn’t offer guaranteed protection, but it acts as a powerful theft deterrent.  And because it is so easy to implement, there’s no reason not to explore metadata document security within your organization.  Doing so will help keep your customers’ information safer — and your company out of trouble.

Denny Hammack has been in the records management business for over 25 years. He is the President of FileSolve, an industry-leading supplier of document management services & solutions that has locations from Orlando, FL to Charlotte, NC.

Categories: Best Practices FINANCES Guest contributors


Leave a Comment

  • (will not be published)