13
•
In many businesses, there is a good distinction between super secret documents and
documents that are not confidential. Unfortunately, most documents fall into the grey area in
between. In fact, without proper identification, there may be a debate between two peers on
whether a document is confidential or not.
•
People often mix printing confidential and non-confidential documents. For instance, printing
the latest Dilbert cartoon to post at your cubical or banners for the holiday party. This
intermingling of business confidential documents and non-confidential documents often result
in the business confidential documents being mistakenly treated as non-confidential.
•
In fact, usually the due diligence that a business would like to see performed for its business
confidential documents is often performed for an employee’s personal data instead. For
instance, the activity known as Print & Sprint is more likely performed when an employee is
printing their stock share plan performance summary than with a confidential internal
reference specification.
•
Many individuals with a variety of different levels of access to confidential documents often
use the same printers to print them out. An intern from college doing research and printing
out publicly available documents as compared to a chief technology officer printing out the
latest prototype design of a new product.
•
Many companies encourage environmentally conscious behavior – often placing recycle bins
directly next to printers. Often, partial documents that were part of a paper jam are often
placed in the recycle bin. Sometimes, documents that haven’t been picked up and are taking
up space are placed there. If these aren’t recycling bins, they are usually trash bins. The
confidential bins are usually further down the hall.
No wonder people would rather talk about technology solutions – people solutions are hard! There is
only one problem: the technology solution of requiring domain credentials to digital send doesn’t
actually solve anything. First, let’s argue with the technology focused solution on its own terms:
•
It is never a good idea to supply your domain credentials to a computer that isn’t a member
of your domain (remember our Ockham’s Razor example). In fact, it isn’t a good idea to use
your domain credentials on any computer that isn’t the one you work with on a daily basis.
Unfortunately, domain credentials have become the new “Driver’s License” of identity in the
workplace, often being used in places where they shouldn’t be used.
•
Many domain credentials are long, full of special characters, and are difficult to type in on
the Mini-Me style of keyboards in use by most digital senders. As a result, expect a jump in
fax machine usage over digital send – in short, employees finding ways of bypassing your
security.
Now, let’s cut to the chase:
•
Problem Statement: There is an unauthorized person in physical possession of confidential
documents. They can simply take them, copy them and take the copy, fax them, throw them
away in a specially marked trash bag for pick up later. Requiring domain credentials to
digitally send doesn’t address the issue anymore than having an encrypted hard disk would.
Imposing rules on employees, posting signs to pick up your documents, automatically
shredding documents after 6pm and so on will not really solve the problem either. People
tend to go back to their old ways pretty quickly.
A reasonably simple approach is to place printers and digital sending devices in an employee badge
accessible room, with a glass door, and with a confidential bin. We can come to this conclusion not
because of what we know about technology, but because of what we know about people. What are
the benefits of such a solution?
•
It keeps employees productive. A badge accessible room is a minor inconvenience to
employees. There are no special ways to print, logins, or rules to follow (or rules to try and
