As the digital world extends throughout all aspects of our lives, we are becoming more and more aware of how important security is. However, we don’t always take basic measures to ensure it.
Since we started our journey in the world of Document Management Systems, many aspects regarding security have changed. In the beginning, organisations’ main line of defence was to host the Document Management Systems in its own data centres. But this is really quite expensive and, what’s more, it’s less secure than having it in data centres that already have the necessary security measures.
At Athento, we work with both Amazon and OVH; both companies have levels of security that few non-tech organisations can achieve in their own data centres.
Furthermore, we have security policies that we apply to every Document Management Systems that we implement as well as tools that allow us to measure the level of OWASP compliance.
What’s more, of the more than one hundred Document Management Systems implementations that we’ve done, approximately 20% of them have gone through the client’s own security audit.
Below, we summarise the 5 aspects that, according to our experience, we believe are key when implementing security measures in a Document Management Systems:
- Use up-to-date SSL protocols. Always configure the Document Management Systems to access through SSL, whether through HTTPS, SFTP, or any other protocol. Already-obsolete protocols such as SSLv3, TLSv1.1, etc. must not be used.
- Encrypt the repository. If the Document Management Systems allows for it, it’s important to encrypt the documents stored in it.
- Password management. It’s necessary to implement a secure password policy. Take into account that the main factor in creating a secure password is that it be longer than 15 characters. It’s preferable that the user can use a long sentence or expression that is easy to remember as a password rather than a complex but shorter password.
- Antivirus. It’s vital that the Document Management Systems has a virus scanner for document analysis. This way, documents that may be infected can be put into quarantine.
- Restrictions on documents. It’s recommendable that the Document Management Systems doesn’t become a source of malicious documents by applying policies such as a restriction on formats. For example, it’s essential not to allow executable files—such as .exe, .bat, etc.—to be uploaded. Likewise, remember that the Document Management Systems does not allow for executable code to be included as a metadata value. On the contrary, a user with bad intentions could include a code in them which will execute on other users’