A Gartner report warns Microsoft does not adequately address metadata management in its upcoming Windows Vista OS, but Microsoft warns it’s not fair to judge an OS by its beta release, adding the final release will be more robust.
In the report, Gartner analysts Michael Silver and Neil MacDonald said with Vista’s failure to secure metadata documents potentially embarrassing data could inadvertently be revealed to customers. They encourage organizations to develop metadata policies and look at third-party tools that allow them to manage metadata more securely.
In Vista, Microsoft uses metadata — the term for keywords or other data that describe documents — for faster file searches. Metadata can also help detail changes to a document as different people edit it.
The costs for an organization that mistakenly releases documents with sensitive metadata could be high, Gartner warns. For example, a company might tag documents to identify high-value and low-value customers. Sending a document with the “low-value” tag still attached could damage a business relationship.
Vista will have a tool for removing metadata, but it does not entirely resolve the issue, according to Gartner. To use the tool, a copy of the document is generated. Even if the metadata is removed in one document, a chance remains that the wrong document could be sent out, the report said. Additionally, the author must remember to use the tool.
“The issues in Windows Vista should have been addressed deep within the OS during development, ” Silver and MacDonald wrote.
Elliot Katz, senior product manager, Windows client for Microsoft Canada, conceded Gartner makes a salient point that companies should be aware of their metadata, particularly when sending documents outside their company. He said though that Gartner reviewed a CTP (Community Technology Preview), and Microsoft is continuing to develop Vista’s metadata functionality.
“We’re really concerned about protecting customers’ privacy and we’ve built into…Vista safeguards to allow customers to protect their data,” said Katz.
Based on feedback from the first beta release and other CTPs, Katz said Microsoft has already removed some metadata functionalities from Vista, such as the ability to copy the metadata attributes of one file to another through a simple drag and drop. It has also been made easier to erase metadata through a dedicated tool.
“As we move forward we’re considering many things,” said Katz. “I don’t want to focus on any specific one or state any specific one will be in the final product, that’s really what the beta and CTP program are all about.”
Gartner did have some specific recommendations for Microsoft on enhancing metadata privacy, including incorporating digital rights management to control who views the metadata, and allowing organizations to have a list of approved keywords to assign as metadata. Also, Gartner said Exchange Server should be equipped to strip metadata in Vista or Office files any time a document is sent outside the company.