I recently had the opportunity to speak at iManage Connect Live 2018.  The presentation called “iManage Work Security 101: What you Need to Know Before Moving to Work 10 or the Cloud” provided a fundamental understanding of iManage security considerations. Here, I will focus on Work 10 best practices in 3 areas:

1. Authentication
2. Communication
3. Encryption

It helps to remember the acronym – ACE.

Before inking a deal to move your on-premise server to Work 10 or your on-premise environment to iManage cloud, it’s important to know several key points in each security area.

Let’s talk about the background behind our presentation.  The latest Work Server release – Work 10 – provides support for many of the latest security features for document management systems in the market today.  For many of our customers moving to iManage Work 10, we found that very few considered the implications the new features and surrounding systems required to support them.  For many years, traditional iManage Work on-premise installations have used trusted authentication, communication over RPC and an unencrypted file store for their document share.   This old configuration doesn’t cut it in a world where security is top priority.

That said, let’s quickly review our recommendations in each area:

Authentication

If you intend on providing remote access to the new Work 10 web interface (on premise or through the cloud) you must consider rolling out SAML to authenticate your clients.  SAML is a widely supported authentication protocol that uses an identity provider (like Active Directory) to authenticate a service provider (like iManage) using a mutually agreed upon certificate and authentication process.  The identity provider then confirms to the service provider that the user is valid and can access the system using a signed token.  There are a number of supported SAML providers iManage supports, and many are open source.  SAML login is also supported for the traditional iManage Work client (9.3.x or newer).  If you want to leverage dual factor authentication (RSA, DUO, etc) – SAML is required.

Communication

The transfer of client sensitive material – both outside AND inside your network should be encrypted.  With the new Work 10 web interface, encryption is handled by the web browser and HTTPs.  With the traditional Work client (9.x), a new protocol – Work Anywhere – was released to allow your client to communicate securely with the server over HTTPS as opposed to RPC.  This can cause some unintended changes to the way your network traffic is routed and optimized, but ensures your data is secure no matter where your client is accessing Work.

Encryption (Storage)

With the release of Work 10 version 10.1.3, BYOK is now supported in the iManage cloud.  This means you can store your data in the cloud without anyone having access to the private key.  With on-premise storage, be sure to encrypt your local document store with SAN level encryption or a product like BitLocker.  It doesn’t have to be expensive to secure your data.  There are many ways to encrypt local storage that don’t require a large investment.

If you are looking to move to Work 10, make sure you consider the above.  A well thought out plan is required before starting the upgrade!

For more information on iManage Cloud Security and Work 10 – visit https://imanage.com/security/