To encourage their colleagues to freely suggest which deductions and credits to preserve in the tax code, the Senate Finance Committee distributed a memo on July 19, promising to mark all submissions “COMMITTEE CONFIDENTIAL. NOT FOR DISTRIBUTION. DO NOT COPY.” In addition, the committee promised that any proposals it receives won’t be released to the public by either the National Archives or the Finance Committee before December 31, 2064. To further protect the sensitivity of the content, only the committee chairman and 10 staffers will be authorized to see the proposals.
Why go through all this trouble? Clearly, the content within these proposal submissions is highly sensitive and could potentially create a political firestorm if leaked to the public. However, without an open dialogue, it will be hard for the decision makers to do their jobs.
Security plays a central role in the protection of these files and the committee’s ultimate ability to meet its objectives. We would address this specific workflow with the tax reform proposal documents as follows:
- File/document sharing: Who can open the file and for how long? (e.g., Staffer Bob Smith can open the Word file, but only for one month.)
- Secure file-sync and sharing: What can one do with the file after it is opened? (e.g., Staffer Bob Smith can only view the Word file and cannot print, copy/paste or edit the file.)
- Document track: For compliance reasons, the Senate Finance Committee could produce an audit log of all activities associated with each file. (e.g., In 2013, Staffer Bob Smith opened the Word file on these dates and times and on this type of computing device.)
Through a file-centric security approach, the committee could easily enable a business workflow with protection. Once in place, that workflow would help create a safe environment in which to discuss ideas and solve problems. With such protection and tracking in place, classifications such as Not Releasable to Foreign Nationals (NOFORN) or Dissemination and Extraction of Information Controlled by Originator (ORCON) can actually be enforced when PowerPoints with sensitive information are created and shared as illustrated with this PRISM surveillance file.
IDC research states that 50 percent of business processes are in files. How much of your business is driven by files like Word, PowerPoint or PDF? What sensitive intellectual property or compliance-related content are in these files? Click here to see the different ways you can apply file-centric security to your world.