If you only muse about the Edward Snowden affair from the point of view of how much the NSA and the government may know about your Skype calls to colleagues in Ohio, you may want to (re)consider another angle: security and your business applications.

Snowden was a mere contractor with the NSA. Most organizations dealing with information management hire plenty of contractors and allow them access to WCM, ECM, DAM and other systems we cover extensively in our research. Now, out of these organizations not all are diligent when it comes to the matters of access and security. Hey, if this happened to the NSA, there’s a good chance it may happen inside your firewalls.

The lesson learned here for enterprises is not to take your security lightly. You may think your content and data is not sensitive enough to be vigilantly protected. Yes, you are not the NSA and your data is not highly classified. But imagine someone accessing your customer database and erasing years and years of hard earned data you were devising to use so elegantly for web content personalization, for example. Or, download all your customer data and sell it to competition…

Often, access and security settings in a CMS are so complicated, many organizations just give up trying to figure them out and use the default groups and settings, often granting much more access than needed not only to full-timers, but also to contractors. I often see during audits we do for our customers a too-casual approach to default information management system settings. In many cases, short-cuts get employed used to circumvent some annoying difficulty with the software. For example: people sharing logins, which ruins the all important audit trail.

Is the risk great enough to invest time and, if needed, dollars into revisiting your data security strategy? Relying solely on technology to enforce rights and restrictions is not enough. Think about what policies and human intervention mechanisms need to be in place to complement what the technology can do for you.