This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners: Simply the best."
Download it now to read this article plus other related content.
Company: Fluor Corporation
Solution: Adobe's LifeCycle Policy Server
Fluor Corporation's knowledge management system works like a dream, but executives recently discovered security and document-control issues that could give them nightmares.
The Fortune 500 construction and engineering company has 35,000 employees in 25 countries who build, repair and maintain oil refineries, manufacturing plants and power plants. In 1999, executives built an online knowledge management system to serve as a collaboration tool for employees to share ideas and best practices on everything from technical issues to marketing and sales strategies.
A year ago, however, Fluor's global quality assurance officer found two problems with the system: how to protect the most confidential documents in the knowledge database, and, with users' penchant for downloading files onto their hard drives for easy access, how to ensure employees are working off updated corporate materials.
Those problems led the company to ERM. Because Adobe's PDF format is the company's standard, Randy Fix, Fluor director of automation, recently purchased Adobe's ERM product, LifeCycle Policy Server. After a successful three-month beta, he began deploying the technology this summer.
"It's an intellectual property leakage issue," Fix says. "There are certain documents that are critical. Some are project management manuals.
Fluor already had some control over content. When using Adobe Acrobat to author PDF documents, employees can set policies that prevent people from printing or cutting and pasting text. But that didn't prevent staffers from passing confidential documents to clients, whether by accident, malice or simply because they didn't know the information needed to remain private.
Another concern was employees taking documents to a new employer if they left the company. In the past, company officials caught several staffers downloading documents before leaving the company.
Fix is slowly rolling out the ERM solution to protect about 20 best practices that are managed by the company's quality assurance leader. The technology will force employees to authenticate themselves to view the protected files. If unauthorized users somehow get access to the files, they will be stymied by the authentication process and won't be able to view them, Fix says.
This was first published in October 2006