Letting Time and Place Govern Access to Company Data

By December 21, 2011

Most companies are keen to avoid sensitive information stored in cloud databases falling into the hands of people outside a limited group. One way of doing so is to allow access only when the parties concerned are actually in the place where they need the information.


Limiting access to information on the basis of location and time parameters can help companies to organise their work more efficiently. Jong P Yoon, a researcher at Mercy College in New York State, USA, has just developed a system which enables employees to connect to their company’s cloud server from their smartphones. Each employee will be entitled to access specific information relating to his/her job provided that s/he is at a certain place, at a certain time specified in advance in the system. The way it works is that a temporary Virtual Private Database (VPD) is created, containing all the information this employee needs. If the time-and-place data do not match those programmed into the system, the employee’s logon ID will be revoked and rendered unusable. The time-place data transmitted to the system are obtained via geolocation software in the employee’s smartphone.

Tighter security in information distribution

The example the researcher cites to illustrate the use of the system is a road haulage company. Each driver would be entitled to access information on his route and the product to be delivered only if he were on the right route and within a predetermined timeframe. The VPDs are dynamically created at each successful connection and disappear as soon as the users have completed their assignment or departed from their planned itinerary. This will help to maintain security over company information hosted in the cloud. The system also works on a pyramid principle: a manager will have access to data on his team, including their geolocation details.

The system works, but is it too intrusive?

This concept could be valuable to help manage a team of people, giving the team members access to information only when it’s actually needed. It should also be useful in situations where two companies are working on the same project, only releasing the data that each party needs, regarding a delivery, for example, without compromising any information which is confidential to either party. However, aspects such as reliability and robustness in the event of unexpected circumstances – change of route, delay due to an accident, etc – might still require some thought.

Legal mentions © L’Atelier BNP Paribas