Encryption and document management

Encryption and document management

Written by Ana Canteli on 23 October 2020

Due to the increase in online life and the number of digital transactions we carry out, it is natural that we are increasingly concerned about the privacy of our data and the confidentiality of the information we share.

To protect the information from unforeseen accesses and unwanted uses, we have document encryption, a concept closely linked to the military world, logically interested in safeguarding its communications from enemy interception.

Furthermore, nowadays, organizations must consider that they have to follow stringent regulations regarding protecting personal data and confidentiality.

This forces them to define a stable and consistent document security policy or taking chances of being levied hefty fines, never mind its reputational costs, which are more difficult to quantify and reverse.

For all these reasons, both public and private organizations are legitimately interested in offering their products and services safely and reliably. For this, the use of document management systems can be the solution to this challenge. Good document management software prevents information manipulation, unauthorized personal data exploitation, and data loss due to negligence.

What is encryption? 

Encrypt means to cypher the data so that it cannot be read. Even if a person could access the encrypted documents, they could not access the information unless they have the encryption key to decode them.

Today's cryptography comes from its use in ICT. Classical cryptography uses simple algorithms and relies on encryption security on the size of the encryption key.

In modern cryptography, we rely on computers' computing power to create increasingly robust algorithms. The strength of encryption is based on its quality, not on the size of the encryption key.

Document encryption can be presented in different ways since the use cases can be very different.

We have seen that the simplest way to consider encryption is to encrypt a document so that only the person who has the key can decrypt it. Another possibility is creating a "trust ring" so that the documents securely stored in the DMS are encrypted or decrypted automatically depending on who accesses it. Another option could be to apply a mask over the data. For example, I have a database with a series of customer names, but instead of putting the customer's name, I put a code. In another database - accessible to very few people - I correlate the code and the customer's name. This is not encryption but a translation, although it can be advantageous in simple data protection cases.

The scenarios can become more complex, such as what happens in real life. For example, documents must be accessible to a group of users, but not their metadata, which must be encrypted. Thus, we can consider document encryption, database encryption, disk encryption.

Encryption is essentially made up of 2 elements:

• Algorithm: it is a set of instructions expressed as a complex mathematical function that allows solving problems (in the present case, protecting the information) or carrying out certain activities (following our case, data encryption).

• Key: This component solves the algorithm so that the document's content or digital file returns to its original form.

Encryption can be applied in various ways.

• Symmetric cryptography: In symmetric encryption, each algorithm has a key that decrypts it. If users encrypt a digital file that they later want to share with another, they transmit the key that decrypts them.

• Asymmetric cryptography: In asymmetric encryption, you work with two keys, a public key, and a private key. The public key can be given to anyone, while the owner keeps the private key. The encryption system guarantees the key pair is generated only once, so it is almost impossible for two people to obtain the same key pair at the same time accidentally.

• Hybrid cryptography: Hybrid encryption, as its name suggests, combines symmetric and asymmetric encryption. It is the cryptographic method that uses a symmetric key encrypted with the recipient's public key. In contrast, the document is encrypted with the symmetric key, all done simultaneously, and sent in a single package. The recipient uses the private key to decrypt the symmetric key and then uses the symmetric key to decrypt the message.

Elements of a secure document management system

Access

Any document management software worth it is salt must ensure that only people authenticated in the system can access the content stored. When it comes to establishing and securing documents, we can use different methods. Implement a password creation and expiration policy, blocking the user after n access attempts; define a user creation policy that stipulates their membership or not to user groups, profiles, etc.

Encryption

We have seen the different approaches to protecting the data, information, securing documents that we have, and the various methods to secure it. But apart from all this, the document management system should allow us to choose the algorithms that best suit the organization in each case, even being able to change them for more modern or reliable ones when the time comes. Blowfish, 2FISH, TEA, SHA, Serpent, AES are examples of some of the algorithms used in OpenKM. The OpenKM document management system contains an encryption module that allows working with encrypted documents in their life cycle phases. 

The OpenKM document management system is highly parameterizable. Apart from having a complete API and documentation, it does not present technical barriers to integrating the system with third-party applications. Transparent implementation of the software in the organization's suite of programs can be guaranteed.

Signature

The signature is not a cryptographic method but uses cryptography to provide security and reliability to the signed contents. Taking into account the increase in the number of activities and operations that we carry out through the internet, the use of the signature becomes more necessary in certain circumstances, to link one or more identities with the message, demonstrate conformity, prevent the alteration of the message after the signature, etc. OpenKM has a signature client, which allows any user to work with their digital signature certificate efficiently.

Governance and compliance

It would be of little use to save and encrypt data, information, and documentation if it is not done correctly and according to the law. Many of the norms and regulations related to document security stipulate retention schedules and final disposal methods, which serve as a guide for organizations to comply with all the requirements regarding information management and control in all life cycle stages.

In this sense, OpenKM provides a complete file plan that meets the most demanding standards to secure information management.

Training and recycling

The organization's document management system must consider its staff's information and training level as a priority. In this way, we minimize the impact of possible human errors, delays, non-conformities, and we guarantee that users understand and apply the document security policy. OpenKM can be used as a support platform to maintain and promote communication between its human resources.

If you are interested in seeing how document management can provide you with a safer and more reliable work environment, request a demo or an economic proposal without obligation.