Security

Memex systems often contain the most sensitive data within an organisation.  It is critical, therefore, that security is an integral part of the system, and not just an add-on to it.  In fact, the more important the information, the more likely that someone will attempt to compromise it, so security cannot be trusted to client applications. Unfortunately, however, this is often the case. Often data within relational systems is locked only at table level, or worse still, secured only by the application – leaving it vulnerable to any internal or external hacker.

Security is at the heart of the Memex solution, and implemented at the highest level.  This means it not only addresses entire  records, but also their component parts, through a flexible security definition system.  In addition, Memex maintains a server level audit trail of every operation performed by every single user, allowing validation of security policies and investigation of attempted breaches.  Discussion of the Memex security model can, therefore, be divided into four distinct areas; User Management, Data Configuration, Business Rules and Audit.  Each of these areas is discussed in more detail below:

User Management

At the core of the user management model is a sophisticated granular data security process. This process utilises a series of locks and keys to allow the modelling of major security components such as Access Control Units, Hierarchical Access and Compartmentalisation. Within the system, users are assigned to different types of management group according to their role within the organisation, and this  role group determines what they can and can’t do within the system, and the type of data they can and can’t access. The security grouping system allows specific records to be protected such that they can only be accessed by specified users, while covert record tagging allows certain records to be entirely hidden from view.  Management groups allow the definition of a hierarchical system, whereby a line manager, as opposed to a central IT manager, can configure their own subordinates’ user profiles and permissions. The line manager is also given access to their subordinates’ audit trails within the system.

This  management group system is designed to be appropriate and usable even in very large deployments comprising hundreds of thousands of users. Furthermore,  user attributes are highly configurable and user information can even be “auto-populated” into records. Access control to the system is performed using the Pluggable Authentication Module (PAM) system, an  open standard technology which allows organisations to integrate other authentication technologies such as biometric readers or smartcards.

Data Configuration

At this level of security, client data is configured to enable the optimum level of access across the solution architecture. The precise configuration of the data is entirely dependent upon the requirements of the front- side application and how the client wishes to store and manage their data.

Business Rules

The Memex solution is highly flexible, and able to meet the workflow, legislative rules and internal process requirements of highly complex organisations. The strict processes that characterise the work and data management of Memex clients are met by ensuring that almost every aspect of the Memex system, no matter how specific, can be configured.