Rethinking stored document encryption: Part 8
My original expectation in starting this series is that it would be done in three posts. It is almost two weeks later and we are still going.
At this point the technology described is adequate to meet the original use cases. This is the point at which protocol design traditionally stops. But in the new security model this is the point where the really difficult work starts: usability.
If a CLE system is going to be any use it is going to have to be used and it is not going to be used unless use is effortless [Is zero-effort security a better tag line for what I am attempting to achieve than Zero-overhead?].
To make CLE effortless, it must be possible for system administrators to take on all the heavy lifting required for configuration and the impact on day to day use must be negligible except in the exceptional case where the user is actually focused on the specific issue of security.
What this means in my view is that the CLE system needs to be tightly integrated into the applications that create CLE controlled content. The application must be able to determine the security policy to be employed from the document template used to create the document. The application must be able to seamlessly acquire rights to content when the user attempts to open the file.
At the same time we should probably consider the document storage lifecycle as a whole and come to terms with the fact that the Xerox Parc files and folders paradigm is simply not working any more.
Files and folders were a sensible method of organizing content when we had one machine that we used exclusively for editing documents and managing data. Today I use at least two computers every day, three if you count the iPhone and every one of them doubles as a communication device. That puts valuable work product documents at risk of compromise by network applications.
What I would prefer is to completely isolate by network interaction workflow from my document editing workflow. Or at the very least isloate them to the greatest degree possible. When I save a document I want it to be stored in my virtual document repository in the cloud and I want to be able to access it from any computer I might work on later.
The Xerox Parc files and folders approach treats the local storage on my laptop as a disk drive for primary storage of files and folders. This is a problematic approach with any laptop if you frequently switch between laptop and desktop machines. It is particularly problematic if you have a MacBook Air and have to live inside an 80Gb drive.
A better approach is to treat the local storage on the machine as a cache for the main storage in-the cloud. Windows Vista attempts to do this to some extent with its replication feature, but that particular interface is broken as it attempts to adapt the files and folders approach rather than reinvent the underlying concept.
