p>In documentary information systems, in document flow automation systems, the so-called virtual data room providers are widely used.
Data Room as the Best Way to Simplify the Business Life
The principle of virtual data room providers is based on the principle of object ownership. The owner of the access object is the user who initialized the thread, as a result of which the object appeared in the system, or who defined it in another way. Access rights to an object are determined by its owners. Filling in and changing the cells of the access matrix is carried out by the subjects of the users-owners of the corresponding objects. This approach provides access control in systems in which the number of access objects is significant or indefinite.
With the centralized approach via data rooms solution, the access matrix is created as a separate independent object with a special order of placement and access to it. The number of objects and subjects of access in real systems can be large. To reduce the number of columns of the matrix, access objects can be divided into two groups – a group of objects, access to which is not limited, and a group of discretionary access objects. In the access matrix, only the rights of users to objects of the second group are represented.
The advantage of virtual data room systems in comparison with systems of discretionary access control based on an access matrix is that they do not have an object associated with a security monitor that stores information about access control to specific objects. This object is the most critical from the point of view of the security system object.
In addition, in data room providers, security is ensured even in the case when unrestricted or technically possible access of unauthorized persons to the media on which encrypted objects are recorded and stored. These advantages of password access control systems determine their extremely widespread use in documentary information systems.
Data Room Functional Areas to Simplify the Life of Dealmakers
The basics of ensuring virtual data rooms security of an organization are based on such functional areas as:
- Timely organization of security to prevent threats to the vital interests of the organization from criminals or competitors. In this case, information methods such as business intelligence and analytical forecasting of the situation are used to ensure protection.
- Taking measures to prevent the introduction of agents and the installation of technical devices in order to obtain confidential information and commercial secrets of the enterprise. The main means of protection here are strict access control, the vigilance of the security service, and the use of technical protective devices.
- Providing personal protection for the management and personnel of the organization. The main criteria for this type of security are the organization of preventive measures, the experience, and professionalism of the security guard, a systematic approach to ensuring security.
The mandated approach to access control with the virtual data room, based only on the concept of the security level, without taking into account the specifics of other characteristics of subjects and objects, leads in most cases to the redundancy of access rights of specific subjects within the corresponding security classes. To eliminate this drawback, the mandatory principle of access control is supplemented by a discretionary one within the corresponding security classes. In theoretical models, for this purpose, an access matrix is introduced that delimits access to objects of the same security level allowed on a mandatory basis.