Thought for the day:
The metadata detectives
- Posted:
- 14:55 07 Jul 2003
Last week saw further intrigue surrounding the
government's pre-war "dodgy dossier" on the threat posed by
Iraq.
By investigating author histories and document changes, four
members of the government's Communications Information Centre were
identified as contributors to the dossier amid various claims of
foul play.
Though the nature of its involvement may be innocent, the
government suffered because the audit trail exposed "hidden"
details of an already sensitive document, via information published
on its public website.
Every time a document is created in Microsoft Office, metadata that
tracks author, machine, product versions, amendments and more is
added. When multiple authors work on a document, an audit trail
builds up showing who wrote what, and when. As documents are sent
back and forth this metadata increases the risk that sensitive
information, not intended for the outside world, could be made
public.
Something like over 100 million people use Microsoft Office and
about 20 million of them are "heavy document users", who work on
lengthy, business-critical documents where many contributors are
involved. These are usually contracts, tenders or reports, and all
can contain sensitive corporate information. Inadvertent
distribution of potentially sensitive document metadata is a common
cause of embarrassing and costly leaks.
Global companies have been guilty of putting documents online that
could be brought to life to find all the historical amendments.
Imagine the harm this can cause for some business, especially in
the legal, finance and pharmaceutical industries? What if you
disclose negative comments about yourself, or compromise a
negotiating position? It could be equivalent to listening to a
confidential meeting.
Despite worrying examples of document metadata "outings", people
working together on documents is unlikely to stop. Companies must
set up the correct processes and software to avoid inadvertent
disclosure of sensitive information. The slate has to be wiped
clean before the document leaves the enterprise.
Businesses have made huge steps towards increasing the security of
company information, especially with the pervasive exchange of
documents via e-mail. Encryption and password protection are the
norm.
Document metadata, however is an Achilles heel of risk. It is often
overlooked as a corporate vulnerability, yet something as simple as
a Word document can bare all to the outside world if not managed
correctly.
Defining what is or is not a "dodgy dossier" is a matter of
politics. But maintaining professional standards of collaboration
and information exchange is a business issue that we should all be
sensitive to.
What do you think?
Is your metadata protected?
Tell us in an e-mail
>>
ComputerWeekly.com reserves the right to edit and publish
answers on the website. Please state if your answer is not for
publication.
Andrew Pearson is executive vice-president of
Workshare
www.workshare.com
