How to Secure Files Downloaded from IBM FileNet

File security for FileNetIBM FileNet is a popular Enterprise Content Management (ECM) system that lets businesses share information easily with internal and external users.  Many customers use it as a central repository of all types of information.  With connections to many other IBM and partner products, it can become the backbone of complex workflows that drive many businesses.

FileNet lets a business determine who can access any piece of content within the system.  The controls can be very specific and determine who can view, download and upload information.  For example, I could set the permissions to allow only HR to see certain files in a folder.  If someone in Finance were to try to access the same files, they wouldn’t see anything.  The controls go beyond the folder level to each individual file so that a user may see certain files in one location, but not others, depending on their permissions.

FileNet has excellent access controls while files are inside the repository, unfortunately they do not extend to content once it is downloaded or opened.  Once I download the files, they no longer retain any security controls.  As soon as I remove them from the system, I could send that information anywhere and to anyone.  When I open and save a file from a desktop, laptop, tablet or phone, the FileNet security policies are not effective on that information.  If I need access to a file, I could ask someone who has access to download it and then send it to me.  That can become a major source of a data breach.

In organizations that store confidential information inside FileNet, it’s critical to extend the FileNet security controls to files outside the system.  Fasoo extends the security controls so that files opened or downloaded from FileNet are encrypted and assigned security policies that control access.  You can map your FileNet security controls to Fasoo security controls and control who can view, edit, print, screen capture or decrypt a file regardless of location.  If I share the file with another user, the user can only access the file if they have access rights to it.  If they don’t, it’s just a bunch of useless bits.

Many IBM customers are using IBM Content Navigator (ICN) as a friendly web-based interface into the content stored inside FileNet.  ICN makes it easy to upload, download and use content on desktops, laptops, tablets and smartphones.  Fasoo works with ICN so that a user can access content easily but ensure that security controls are in place once outside of the repository.  As a user downloads content through ICN, the file is encrypted and the mapped security policy is applied.  When the user opens the file, the Fasoo security controls what the user can do with that file.  It’s very unobtrusive and easy to use.  Users continue to open files in their native applications, like Word, Excel, Adobe Reader and so forth.  File permissions are controlled in FileNet.  If you want to change the policy for a downloaded document, go into FileNet and remove or add a user to that file or folder’s access control list.

When a user uploads content back into FileNet, the encryption is removed and the FileNet access controls take over.  This way nothing interferes with workflows and indexing.  The encryption is applied again upon download.  It all happens automatically, so it’s seamless to users.

If you use IBM FileNet and want to control access to sensitive information when it’s outside the system, take a look at how Fasoo can protect it.


Photo credit Vin Crosbie

Book a meeting