The most secure way to share information

For the past decade, I’ve been working on content management systems (CMS), credit card payment systems (PCI), human resources systems, and customer relationship management systems (CRM). Most of them require a centralized server (either in the cloud or on an enterprise server), a thick client in some cases, and a series of technical requirements to make things secure. All these systems are trying to achieve a common goal – sharing information securely to allow collaboration.

In the CMS world (like EMC Documentum, Alfresco, and Xerox DocuShare) use SSL encryption to secure the transmission of the content. There are options in these systems to encrypt the content, but the content is still stored on the system. Eventually someone, such as a site administrator or content administrator, has access to the content and can potentially view the content. For instance, with a human resources management system, it is always a challenge for a manager to store employee information because the site administrator (usually not the manager) would have access to all the information.

In the credit card payment world, PCI compliance is strictly enforced - no customer credit card information can be stored. Every transaction in the payment system masks the credit card number, leaving only the last 4 digits, and ensures no one can get access to the credit card number. This is definitely a good solution for credit cards, but unfortunately it doesn’t work well if you want to share a secure word file with your insurance agent. It will not be human readable if we mask your presentation (well, unless your agent is a machine).

The common practice some users utilize nowadays is to zip up the content and encrypt the zip with a password. This makes transmission and storage secure, but the user still needs to send out the password (usually via email or IM), which is frankly the least secure of all. Or the user uploads the zip and encrypt content into the centralize system, such as Microsoft SharePoint. This approach involves multiple steps, and a user usually gives up using such a system to share information, switching back in few months with their favorite and most comfortable approach: email with attachments.

After more thought, we believe the most secure way is never store your content anywhere outside of your control. You only give specific people permission to your content and as long as you have secure transmission, the result is full control of your information - always.

A couple of colleagues and I have developed the best solution - Content Circles. We never store your content in the cloud and you have full control over who can access your content all the time. Your machine is source for sharing the files with other members of the circle. Sending large files or attachments is not an issue, because unlike email, the content is never stored on any server including the mail server. Content Circles also has connectors which help you to download, update, or publish existing content easily.

Agree or disagree? Please don’t hesitate to write a comment.