The advanced search function of Windows Vista could expose “sensitive” documents to the public, warns the renowned research firm Gartner.
In its latest report, Gartner asserts that Microsoft has not yet perfected the data change management feature in the upcoming Windows Vista operating system. As a result, many documents containing sensitive information could inadvertently fall into the hands of customers or partners.
In Vista, Microsoft has utilized “metadata” (a term referring to keywords or criteria used to describe documents) to speed up file searching. Metadata can also help display detailed records of content changes made to documents edited by various users.
According to Gartner, organizations and businesses planning to use Vista need to quickly develop a proper metadata strategy and seek tools that allow for safer metadata management.
The cost to a company for inadvertently “showing one’s back” is reportedly high. For example, some companies have a habit of “labeling” documents to distinguish between high-value customers and less significant ones. If they accidentally send a document with the “low-value” label attached to anyone, their business relationship is likely to suffer, if not completely break down.
Vista will provide tools to eliminate these dangerous “labels,” but this solution cannot fully resolve the issue. To use the tool, users must first create a copy of the document. Even if the “label” has been removed from the file, the risk of the aforementioned copy being sent remains. Furthermore, users must always remind themselves: “Delete, delete this file immediately.”
According to Gartner, Microsoft should have addressed this issue from deep within the operating system, rather than relying on a tool that constantly requires users to remember to delete or not delete such data “labels.”
Gartner recommends that Microsoft use digital rights management technology to control who has the authority to view “labels.” Each company should also maintain a list of approved keywords to serve as “labels.”
If Microsoft does not take any action, users must have a plan and policy in place to address the “label” data issue before installing Windows Vista, Gartner warns.
Thien Y
