Best practice

More information security, or a better user experience?

  10. 12. 2018

As a rule, in business IT solutions, more information security means a worse user experience, and vice versa. Poor security jeopardizes our business, while a poor user experience runs the risk that employees simply won’t be able to use the new solutions. Document management and storage requires both high security and a good user experience, with no room for compromise. Therefore, both aspects were taken into account when designing the InDoc EDGE solution.

© Medium, 2018

Document capture or import

Capturing documents in a document system is the first step in digitizing business processes. This usually starts with scanning paper documents. Documents generated in electronic form are either recorded at source or imported later.

The key question here is, how can we simply document capture and make it as user-friendly as possible? That’s why InDoc EDGE solutions are connected directly to information systems (e.g. ERP or CRM systems), with no intermediate data repositories. After receiving each document, InDoc EDGE immediately returns the converted content (SHA) to the source information system.

If users want to be able to find documents quickly and easily later, the documents must be classified, affixed with the necessary tags, and indexed upon capture.

Access to documents

Provided that they’re properly classified and tagged, it’s easy to access documents in a document system. A problem may arise when dealing with large amount of different types of documents, such as contracts, invoices, order forms, etc. With proper advice on establishing procedures for managing large volumes of various types of documents, and with InDoc EDGE’s advanced search functionality, accessing the right information is greatly facilitated.

Defining user roles and permissions is one of the most demanding tasks, yet it’s necessary for the successful implementation of document management and business process solutions.

On the other hand, all users aren’t usually allowed to access all documents. Documents containing personal data are especially sensitive. InDoc EDGE provides for authorized access to documents at all levels, recording document access in the audit trail. In addition, it also allows you to require users to provide a reason for viewing the content of documents containing personal data.

Sharing documents

Sometimes, you need to share confidential documents with third parties outside your company. From the perspective of information security, this presents a significant risk, as a violation may occur of the documents are intercepted by an unauthorized person. We often share documents via e-mail, though attachment size restrictions pose a problem in sharing larger files.

Sharing files containing personal data via e-mail or cloud storage services also presents a serious challenge to ensuring compliance with the GDPR.

In order to avoid such problems, we’ve enabled the controlled sharing of documents directly from InDoc EDGE. The process is simple: choose the document you want to share, enter the recipient's e-mail address, the reason for sharing, the password, and the validity period for permission to view the document. The recipient receives a unique link to the document. The password is sent separately, and the document is accessible only for the selected period. The recipient’s access to the document is monitored and, along with the reason for access, recorded in the audit trail.

Long-term document storage

When we don’t need a document every day, we will transfer it to an electronic archive. Long-term storage brings new challenges in terms of both usability and security. We may store the document for 10, 20, or even 50 years.During that time, we must ensure its accessibility, usability, integrity, authenticity, and durability.

We know that today’s file formats, standards, and document access methods will probably change over time, and we can be sure that the digital certificates that the document is signed with will also expire.

Therefore, all documents entering InDoc EDGE are first converted into a format suitable for long-term storage, then automatically digitally signed and time-stamped. InDoc EDGE timestamps are regularly renewed. This answers the question regarding the validity of the digital certificate at the time the document is signed. In addition, the regular digital signing of documents using new and improved cryptographic algorithms reduces the risks associated with the rapid development of decryption methods and capabilities.

All documents in the document system and the certified e-storage system are further encrypted. InDoc EDGE users won’t notice the secure encryption, as the system displays decrypted information. Additional encryption effectively prevents unauthorized direct access to and theft of database and file system content.

© Medium, 2018


Klemen Novak, Business development manager at Mikrocop