Security: personalised & role-based file security and distribution?

ZhouNan · November 20, 2012 8:46AM

Hi,

Currently, we are trying to figure out a security plan for our new project; and it involves the version selection. We already got desktop license; but it doesn't seem to be enough to provide solid security.
I have gone across the Feature Matrix against versions; and there are two points which I want to dig more on.

1. Includes Scheduler to automate file actions e.g. updates from source data, refresh of server-side Source IOK 'datamarts', and personalised file distribution.

2. Advanced file security options including HTTP web server authentication, domain-locking of files, 'walled gardens' based on license keys issued, etc.

I will just ask questions around those two points:
1. Is personalised distribution based on user's domain username(windows username)?
2. Can role based/group based security be implemented in either Server or Server Plus version or both?
3. In terms of server side source IOK, is it possible to wipe the data loaded from Source IOK at the user end after when file is closed? Is it related to the concept of Domain Locking?
4. What does domain locking can produce specifically?

Overall, what we are trying to achieve is to prevent every single distributed file holding the data; and ideally user shouldn't be able to export the data. Please give us some suggestions based on the requirements, so we can purchase the license and get started quickly!

Many thanks!

tjbate · November 20, 2012 11:08AM

Zhou - Simply using the password, time-limiting and owner-locking file security options available in Desktop Editions will prevent unauthorised opening and exporting the data, same as Excel, and time limiting goes beyond that to stop the file from opening after 1 day or whatever (independently-verified) time limit the file is set to.

More advanced security plans usually require 2 feature sets not fully available in Desktops but fully available in both Server/ServerPlus Editions:
1.) advanced security options (see http://www.visokio.com/file-security)
2.) batch publishing control files (see batch distribution tutorial video):

1. Advanced file security options like http:authentication requires the end user to 'log-in' to the file just as they would a web page before the file will open. This authentication 'piggy-backs' on the identity and credentials database used for the intranet, usually AD. Domain locking goes further than http: authentication in that it requires the file to be freshly downloaded in the same session from a specific web location...i.e. only accessible to people with the correct identity and credentials to access the web portal/page.

2. The Batch publishing control file is a fixed-format IOK file that defines all the settings for each (personalised) copy of the file(s) to be delivered. Individuals/destinations are named by e-mail or shared folders (including DropBox/GDrive etc.) which can be personalised to the users domain username.

In other words, file-locking is called 'owner-locking', and fixing required pre-file opening authentication to fresh download from a specific (credentialled) web domain is called 'domain locking'. Combining all these features (and more) Omniscope can achieve the effect of most security policies, with or without SharePoint, etc.

For example, if time limiting the files to open for only one day is not enough...and you really want to wipe all files in distribution of all data, you could set the files to auto-refresh and substitute a null source data set for the live Master Report IOK every night at midnight...then batch distribute a new set of files the next day with a new Master Report IOK as the auto-refresh source.

ZhouNan · November 29, 2012 5:33AM

Thank you very much - tjbate! It is really helpful! We are currently designing the entire solution based on the security methods can be implemented. If there is any further query, I will come back and post under this topic.

Welcome!

Categories

Ideas Parade

Tagged