Security. Access. Permission structures. Who can access your digital assets?
Do you have different logins for each DAM user? You know….a different user name and password per user.
It should part of the accountability in your organization. Without it, the organization loses out and so does everyone working for the organization.
Is it a fireable offense to give out your passwords in your organization? Or do you hand out your passwords around like candy? Why not? Don’t you hand out your credit cards and ATM card with pin as well? We would hope not.
So which is worth more…Your personal bank account or all of your organization’s digital assets?
Think of all that time spent creating each asset, licensing those assets and/or paying to acquire the assets from other sources. That was all free, right? Not likely. Just like your personal bank account was not replenished for free. It is more likely that the digital assets in the DAM are worth far more than the DAM system itself. And that should be the case, if you are getting ROI from the DAM. Is that worth protecting?
Do you have the following for every DAM user:
- Name (first and last name)
- Address (is every DAM user in one location?)
- Organization (does the organization have subsidiaries, partners and/or contracting firms with different names?)
- Department (Does more than one department use the DAM?)
- Phone number(s)
- Email address
- Title/Role (Does this define their permissions for the DAM?)
No? Why do they have access if there is no level of accountability? What level of access do users really need? Does the access to the DAM vary per role? It likely does.
As soon as the information is provided and permission is approved, access can be granted. Not before. This could just take minutes to complete, provided an administrator can add/remove users to the DAM as needed, such as new employees/contractors.
Do you audit the DAM users to make sure they still work there today? If the DAM can create a report on all users, a regularly scheduled audit is quite easy. When an employee leaves the organization, DAM access should be turned off within the same day. This information should be communicated uniformly for all platforms, from the start date of new people to their last day.
Do you deactivate/delete user accounts of former employees…or any other former users. Or is that window left wide open for them to continue accessing your organization’s intellectual property? Is that secure?
Based on those reasons alone, it is not hard to explain why you need a list of people who no longer work for the organization (staff employees/contractors/vendors/anyone with access to the DAM) at least as part of regularly scheduled audit.
Does the DAM vendor display your organization’s DAM as a model…to your closest competitors? Is that specified or prohibited in the DAM contract?
Is access granted to those who are trained?
Is the DAM outward facing on the web? If so, do you have SSL (https) connections for the DAM? Or it behind a VPN firewall?
What about hackers and crackers? “If you spend more on coffee than on IT security, then you will be hacked. What’s more, you deserve to be hacked.”
Is the DAM password-protected? Is the password simply “password”? Can a 10-year-old crack your password?
Or do you want someone not granted access to tamper with settings, permissions or even steal digital assets…before they are supposed to be released to the public?
Embarrassment may be the least of your concerns in cases like this.
How about seeing those digital assets on internet without anyone in the organization’s prior knowledge? Yeah, that would be really bad.
Is the DAM a play toy? A free-for-all? A dumping ground? Or is the DAM a business solution…a business strategy that demands proper security precautions?
Is there a gatekeeper? If not, who handles all this?
Is your organization’s DAM secure? Are you sure?