The present invention relates to Enterprise content Management (ECM) systems, and more specifically, to improving the security for documents stored in ECM systems. The security of electronic documents has become a predominant focus in recent days, as there has been increasing instances of hackers obtaining, for example, government classified documents and publishing them without permission on various websites, such as Wikileaks and others.
Most documents are secured through the use of a user interface that prevents users from seeing or uploading content to which they are not granted authorization, based on their level of classification authorizations. However, if the user can access the same document using a different application that does not follow the same rules, then the user can see whatever he wants, even if he is not supposed to have access to the content. For example, if the user has access to the source document through the server file system, then he can open the source document and read it, regardless of his official security level as defined by the official application used to manage access to the source document. This is how many of the most recent security breaches have occurred.
Some systems apply encryption through techniques like encryption hardware or encrypted file systems. These systems have the same encryption level for all documents they manage, and the same key is used for all documents. An Information Technology (IT) person can still easily access those files, and once one file has been successfully hacked, the entire disk is compromised. Storing content in a database can also help to limit access, but can still be easily bypassed by an IT person. Thus, improved techniques are needed for document security in ECM systems.