In the light of the terrible global WannaCry ransomware crisis, I think it’s incumbent on us in the Enterprise Content Management community to do something positive in response. Users are concerned, public trust in IT is shaken – the BA DR debacle hardly helping – and unless we’re careful, we’re going to hand those who set this in motion a moral victory.
I don’t want to write a technical treatise on ransomware. Instead, I want to share some thoughts about ECM and its value that we need to be sharing with customers.
So what has the worrying fact that 200,000 desktops round the world were vulnerable to malware tell us about the state of the world?
We Are Always Open To Attack
We are always under IT security pressure nowadays. The National Cyber Security Centre notes that in the three months after its doors opened in February, the UK was hit by no less than 188 high-level attacks serious enough to warrant its involvement, and countless lower level ones. We need to be vigilant and fold security best practice into all we do.
It Isn’t About Ancient OSs Alone
Running unsupported Windows XP is a ludicrous gamble, and the NHS paid the price, it seems. Ransomware is designed to hit anything and everything; its irresponsible designers specialise in finding flaws and back doors in whatever users have in their portfolio, so there’s no basis for complacency if you’re on more modern operating systems. Who knows – you may be more vulnerable.
ECM Is Genuinely One Of The Safer Enterprise Apps Going
What is an ECM, at heart? It’s a place to access and store important corporate and organisational digital information. By definition, it’s a place its designers have worked hard to ensure is robust and able to protect and curate what is considered important by the organisation. It is is all about the structured access to that information following pre-set policies and permissions that are very hard to interfere with.
This should be a point of pride for the community. ECM is designed from the ground up to be safe, robust and hard to penetrate. It’s a shining example in business software best practice of how to properly regulate employee access to content. You are actually at a stroke far less vulnerable the second you become an ECM user, thanks to architecture that uses containers, encryption and advanced (but under the bonnet) techniques.
We need to promote this a lot more. We need to offer education about why tried and tested content protection and productivity apps, which is what ECM 2017 consists in, should have a much bigger place on the C-Suite’s radar screen than it currently seems to have.
Not Everyone Is On The Same Page
Filesharing is still a lot more widespread than it should be and our addiction to email in business. These are definite areas of vulnerability, as the phishing stories tell us. We need to gently encourage our customers to migrate their important content off these weaker systems into the stronger security and access controls of ECM.
Not All ECM Is Created Equal When It Comes To Security Best Practice
I have to conclude on a negative because I am getting concerned by a recent industry trend I consider alarming. This is the unwelcome return of a very unsatisfactory approach with its roots in old-fashioned Records Management, metadata management. The claim is that by curating metadata alone you can become more secure.
However, it’s fallacious to say metadata management protects you – it simply doesn’t. Do NOT support this trend! It is a false friend – and it could rebound badly on us all if users trust it and then run in to security issues.
A Reassuring Message – Let’s Deliver It
To conclude: ransomware and hacking are real dangers that we need to face up to, but the good news is that ECM could be a genuine help, if done right. Let’s go out in the market and share this good news with confidence, and the market will respond positively, I am convinced.
The author is Sales and Marketing Director at EASY SOFTWARE UK