Security Focus

By Michael Caton  |  Posted 2003-08-25 Print this article Print

Security Focus

Secure Collaboration Platforms stringent focus on security necessitates a considerably different approach than that used with Web-based collaborative applications such as eRoom.

Rather than access folders from a Web browser, Secure Collaboration Platform uses a dedicated client, CYA Passport. On the server side, CYA UniVault Secure Collaboration Server runs on a Java-based application server, either Apache Software Foundations Tomcat or BEA Systems Inc.s WebLogic. User authentication occurs against either an LDAP directory or CYA UniVault server, and data resides in either an Oracle Corp. Oracle or Microsoft Corp. SQL Server database.

The Passport client not only provides the tools for collaborating on documents but also acts as the management platform for setting system defaults, assigning access rights, and creating and managing groups. Depending on the role assigned to a given user, the client exposes a number of additional tabs for accessing role-specific tasks.

While this approach goes much further in ensuring that users have the proper credentials to access information, the dedicated client is potentially cumbersome and problematic to deploy, particularly when dealing with sharing access to data with those outside the organization. Users likely wont be able to access Secure Collaboration Platform from kiosk systems, for example, because downloading and installing a client just isnt practical in those situations.

By default, Secure Collaboration Platform includes four predefined user groups: secure viewer, administrator, auditor and security officer. These groups have different roles based on rights available across three authority types for managing content, users and groups, and system functions. We could also create and manage our own groups based on the kinds of authority we chose to grant.

We particularly liked the products auditing capabilities, which enabled viewing granular information about who accessed what data and when. The amount of information provided will be invaluable to any company sharing information with business partners to ensure that information is being accessed appropriately.

The rights we chose to grant users could vary considerably, depending on the way we wanted to share information. Individual rights to manipulate content are defined by what the company calls visas, including the ability to print, copy, annotate and save information.

The most interesting visa manages content expiration; this visa allowed us to determine for how long a document could be accessed based on number of days, a specific date or number of times viewed.

The product also affords a great degree of control over printing: For example, we could force a watermark or restrict printing to certain pages within a document.

We would have liked to see more flexibility in annotations, however, so that some annotations could be designated as private to a group, such as a team working on one side of contract negotiations.

We saw another practical limitation of the product once we began uploading and sharing content—namely, the products ability to handle complex documents.

Uploading and sharing content is simple, but the client renders shared documents using Stellent Inc.s Outside In. Although Outside In generally does a good job of rendering content from a wide variety of sources, special features and formatting are not visible to the user with more complex documents. For example, we couldnt view pick lists embedded within a Microsoft Corp. Excel spreadsheet and comments previously embedded in a Microsoft Word document. In our tests, some Adobe Systems Inc.s Acrobat PDF documents also did not render properly. (The company is exploring ways to embed application-specific viewers to help rectify this problem.)

In addition, Passport does not embed comments within the document, just within the margin.

Technical Analyst Michael Caton is available at michael_


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel