Is BPM the Digital Transformation Enabler? [Infographic]

Jul 20, 2016 10:52:53 AM by Sean McGauley

Agility and efficiency have become the keys to meeting the growing and changing demands that come with digital disruption. Businesses can no longer afford to waste time with lengthy business analysis, development and implementation projects spanning two or more years. Organization leaders know that change must occur rapidly to remain competitive, retain current clients, and attract new business and BPM has become the method of choice.

Read More

Topics: business process management, bpm

5 Benefits of Intelligent Document Recognition

Jul 14, 2016 9:15:24 AM by John Mancini

How can Intelligent Document Recognition change the way you view business processes?

The combination of pressure to reduce costs, comply with stringent regulations, and
satisfy ever-increasing customer service demands is placing a big strain on operations
and processes that rely on unstructured information such as documents, images and
e-mails.

Making matters worse is the explosion of information that must be managed efficiently
and securely, and the increasingly diverse channels through which documents arrive.
Approximately two-thirds of those surveyed report that the volume of documents (paper and electronic) flowing through their operations increased between 2014 and 2016, according to a 2016 survey conducted by Brousseau & Associates and commissioned by ibml. What’s more, two-thirds of organizations report that the volume of paper alone flowing through their document processing operations is unchanged or higher compared to two years ago.

A 2015 InfoTrends study found that implementation of the Dodd–Frank Wall Street
Reform and Consumer Protection Act of 2010 is one of the main drivers behind higher
volumes of paper and digital documents at financial services organizations. For
organizations in other industries, “big data” initiatives are requiring the capture of more
data, faster and more accurately than ever.

Intelligent document recognition provides five key benefits that transform unstructured information into the fuel that ignites better processes and insight:

  1. Accelerated document processing cycle times
  2. Streamlined regulatory compliance
  3. Enhanced service
  4. Reduced operating expense
  5. Streamlined document preparation

Interested in learning more?  Check out this new white paper, 5 Benefits of Intelligent Document Recognition, by AIIM Board member Dan Lucarini.

Get Your Free White Paper

You might also be interested in these posts...


Read More

Topics: ocr, scanning, capture, recognition, icr

What the Heck is Intelligent Document Recognition?

Jul 11, 2016 9:50:50 PM by John Mancini

How Does Intelligent Document Recognition Work?

Intelligent document recognition provides three key capabilities that transform unstructured information into the fuel that ignites better processes and insight:

1. Classification: Intelligent document recognition interprets content and patterns on documents to automatically classify paper and electronic documents into different document types, and determine the beginning and end of a document. For instance, intelligent document recognition can apply optical character recognition (OCR) technology to an entire document to capture information and compare it with data stored in lookup tables about known document types. 

2. Extraction: Once a document is classified, intelligent document recognition automatically extracts important data from anywhere on the document, creating information to start a business process and/or to populate a database in a downstream application such as an accounting system, enterprise resource planning (ERP) platform, customer relationship management (CRM) system, or enterprise content management (ECM) system. 

3. Release: Intelligent document recognition solutions automatically export data and images (such as searchable PDFs) to a business process/workflow or to any downstream system. This information is immediately available for use, to gain insights into operations and customers, or enabling workers to quickly take action.

Interested in learning more?  Check out this new white paper, 5 Benefits of Intelligent Document Recognition, by AIIM Board member Dan Lucarini.

Get Your Free White Paper

You might also be interested in these posts...


Read More

Topics: ocr, scanning, capture, recognition, icr

12 Things You Can Do NOW to Use BPM to Drive Digital Transformation

Jun 6, 2016 5:15:39 PM by Bob Larrivee

Process improvement and workflow are not new; in fact they have been around since the late 1980s.  Yes, they have evolved and continue to do so but as was true of ECM, Business Process Management -- once seen as a nice to have -- is now considered a critical part of business operations.

Process improvement and automation using BPM as the framework is an essential part of the Digital Transformation of businesses. The more paper is eliminated from processes and digitally born information is created, the greater the dependence upon and need for efficient, effective, and secure digital workflows. When assessing process improvement and automation opportunities, include the identification of and ways various information sets are integrated with the process and remember to look at the end-to-end process rather than just the departmental workflow. What gets changed in the department could have negative impact on other departments feeding this process or that this process feeds.

Our new survey (executive summary downloads free -- Process Improvement and Automation 2016) is available!

business process and automation  

12 Key Process Improvement and Automation Recommendations:

  1. Begin with existing process maps if they exist and if they do not; create at minimum, high level maps to document the steps in the process.
  2. Identify areas of opportunity for process improvement. Look for bottlenecks in the process and ways these bottlenecks can be eliminated. Perhaps use of parallel processing would be the approach.
  3. Improve the existing process before introducing automation or extending the automation capabilities you have in place. Automating an inherently bad process will not resolve the underlying issues.
  4. Uncover the real business problem you are trying to solve. When you are told that the issue is slow processing times or too many exceptions, look deeper into the root cause. Ask the question of why there are too many exceptions.
  5. Assess how paper can be eliminated from the process. If the reason for paper is one of acquiring signatures, explore how esignature can be incorporated to enhance the process and eliminate the paper.
  6. Take time to design the process. The best question to ask is why things are done the way they are and then explore how it could be different.
  7. Take inventory of your current BPM capabilities, using this as the foundation of reference when developing a set of requirements. In this way you can maximize your current investment and only purchase those technologies that are missing.
  8. Document the business requirements first. “I need capture capabilities of 500 pages-per-minute,” is not a business requirement. The business requirement is, “to process 10,000 applications per day, in 50 locations around the globe.”
  9. Build your functional requirement based on the business requirements. Map the current process of capturing applications from each location, including volumes and all activities to bring this information into your systems.
  10. Develop technical requirements based on the functional requirements and map these against your current technology sets. In other words, do a gap analysis to determine what is missing then seek to purchase the missing elements.
  11. Consider how cloud and mobile device use, along with mobile apps, can help address your current needs and support remote workers and stakeholder of your processes. At the same time, assess how these would be synchronized across the enterprise and the line-of-business applications. Remember that BPM can serve as the integrating mechanism.
  12. Establish a continuous improvement program that will periodically review and refine those changes you make now. BPM is not a one-stop project; it should be a cross-functional team sport that is ongoing across the enterprise.

-----

Some related resources on Business Process Management best practices worth checking out:

Download the FREE Process Improvement and Automation 2016 Executive Summary.

Check out this article on the survey -- AIIM research: more than half of businesses now view Process Management as imperative or significant

FREE white paper -- Business Process Management:  User Perceptions and Expectations

FREE webinar on June 15 with me -- No Longer a Luxury, BPM Is Imperative to Business Operations:  5 Steps to Learn How It Can Work for You.

Sign Me Up  

Read More

Topics: process automation, business process management, business process, bpm, digital transformation,

Why is Getting Rid of Paper Critical to Digital Transformation?

Jun 1, 2016 9:52:18 AM by Bob Larrivee

Process improvement and workflow are not new; in fact they have been around since the late 1980s.  Yes, they have evolved and continue to do so but as was true of ECM, Business Process Management -- once seen as a nice to have -- is now considered a critical part of business operations.

This continued evidence that business organizations have begun to seriously embrace the idea that their operations can survive without paper, and in fact function more effectively when paper is eliminated from their business critical processes. Getting rid of paper is a critical first step dealing with a broader question -- What is the role of content in Digital Transformation?  What we are seeing is Digital Transformation taking hold, not only between the Fortune 500, but also across all business types and sizes.  

New AIIM Process Improvement and Automation survey results released

A few key data points from our new survey (executive summary downloads free -- Process Improvement and Automation 2016):

  1. The majority of respondents see BPM as the combination of a systematic approach to improving business processes (97%) and workflow or BPM technology (79%). 66% see these technologies as "change management."
  2. Forty-eight percent of respondents say they are vaguely familiar or have no clear understanding of BPM. 18% say it is well understood and embraced in their organizations. [Note:  For newbies, you might want to check out our "What is Business Process Management?" page.]
  3. Nearly a third of respondents say there is no one directly responsible for ownership of their processes. 58% say they have process owners.
  4. Fifty-five percent of respondents say BPM is significant (38%) or imperative (17%) for their business. For 14% these technologies have little to no importance.

business process and automation

 

There is a growing realization that information once born digital, should remain digital and can in fact bring about greater value to the organization when managed and processed quickly and efficiently. There is also a growing realization that designing, automating, and refining operational processes enables business organizations to explore new types of innovation and instill creativity in relation to business process options, rather simply trying to enhance and support their current ways-of-working. Where once the limitation was based on media type or restricted to confinement within the corporate walls, businesses today can extend their processes and interactions beyond the corporate walls – securely.

Process improvement and automation are an essential part of the Digital Transformation of businesses. The more paper is eliminated from processes and digitally born information is created, the greater the dependence upon and need for efficient, effective, and secure digital workflows. When assessing process improvement and automation opportunities, include the identification of and ways various information sets are integrated with the process and remember to look at the end-to-end process rather than just the departmental workflow. What gets changed in the department could have negative impact on other departments feeding this process or that this process feeds.

-----

Some related resources on Business Process Management best practices worth checking out:

Download the FREE Process Improvement and Automation 2016 Executive Summary.

Check out this article on the survey -- AIIM research: more than half of businesses now view Process Management as imperative or significant

FREE white paper -- Business Process Management:  User Perceptions and Expectations

FREE webinar on June 15 with me -- No Longer a Luxury, BPM Is Imperative to Business Operations:  5 Steps to Learn How It Can Work for You.

Sign Me Up  

Read More

Topics: process automation, business process management, business process, bpm, digital transformation,

What Part of Being Blockbustered Don't You Understand?  Digital Transformation In Action

May 23, 2016 4:39:45 PM by John Mancini

Nobody wants to be Blockbustered.

It has become almost standard fare in the most presentations involving Digital Disruption to bring up the Blockbuster and Netflix example. So I thought it might be worthwhile to review quickly what happened to Blockbuster and then think a bit about other radically disruptive scenarios in a few other Industries.

The story starts in 1985. David Cook sold software in the oil and gas industry. There was a sharp downturn in that industry and he decided to open the first Blockbuster store in Dallas. Blockbuster grew rapidly and by 1994, they were sold for $8.4 billion to Viacom.

Check out this new AIIM white paper, by the way, Reimagining ECM in the Modern Enterprise, tied to a number of the themes in this post:

Download Now

A few years later, a fellow by the name of Reed Hastings was annoyed at being hit with $40 in late fees from Blockbuster for a rental of Apollo 13, and decided -- at a point when Blockbuster appeared invincible -- to do something about it. Netflix was born.

 

[I will add as a personal side note that in 1999 my middle son William, at the peak of the Blockbuster era, sold me a $15 Blockbuster card for $15. I didn't realize it until a few weeks later but there was only $1.72 on the card. He eventually wound up in software sales, likely indicating that long-term career choices are hinted at early in a child's development. But all of that's another story. ]

By 2004, Blockbuster had hit its peak with 9,000 stores globally and 5 billion dollars in revenues. At the same time, they separated from Viacom and launched their own DVD-by-subscription service -- about seven years after Netflix launched. By 2013, what was left of Blockbuster - now owned by Dish - was gone and the doors were shut.

Digital Disruption in Action.

Let's take a look at a few more examples.

This first chart shows the Google search history for Myspace. It doesn’t take a rocket scientist so see the point at which the “Facebook effect” kicked in. The speed with which this one happened is sometimes hard to believe.

Who could have forecasted in 2007 when the iPhone was introduced that it would ultimately lead to the demise of the leading handset provider in the world - in the space of just a few years:

The tidal wave of digital photography and Kodak's inability to adjust to that tidal wave is well-chronicled. Certainly the lights should have gone on in 2002 when the sales of digital cameras surpassed the sales of film cameras.

 Another cell phone example, and another victim of the disruption created by the iPhone.

The speed with which the business model for print publishing collapsed is still stunning. Less than a decade almost all of the value gone. The amazing thing about this story is that the value here -- largely driven by classified advertising -- wasn’t “acquired” by another disruptive player.  Rather a disruptive player created the conditions under which billions in value was simply distributed in tiny chunks to millions of end users. Craigslist.

And lastly, who can forget the example of printed books. The respective curves tell the story. We see the results all around us in the form of closed Borders and Barnes and Noble stores.

And lest we think that the content management space has been immune from ignoring the forces of disruption, here are two personal examples. I can remember back in 2007 sitting in meetings of established ECM players, and asking what they thought the impact of MOSS (Microsoft Office SharePoint Services) would be, and hearing the…”Interesting, but they don’t do what we do” response.  And a few years later, I recall hearing the same thing from some established vendors after hearing a Board briefing by Box.

All of this poses a couple of questions for any business.

Where is your disruption coming from? Odds are it is coming from someone that right now you think is irrelevant to you.

What are you going to do about it?

Have you tied your content strategy to your transformation strategy?

-----

Get on the advance list for the Information Professionals white paper HERE.

Here's the keynote deck in case you missed it. Socialize it and share it if you are so inclined. Also a fun compilation of AIIM16 Tweets HERE.

 

Read More

Topics: cip, information professionals, digital transformation,, digital disruption

Four Safeguards You Can Take to Protect Your Information - Part 3 of 3

May 19, 2016 9:21:49 AM by Mark Brousseau

4 Safeguards to Protect Your Information

I’m doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml.  The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes. 

This is the third post in the series; the first one is HERE, and the second one is HERE.

About our guest poster:  Mark Brousseau is a noted marketer, analyst, speaker and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full service marketing PR and business development firm specializing in the payments and document automation arenas.

Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.

Free white paper from ibml

-----

Where we left off in our first post…Risks you face from antiquated capture systems:

  1. Not encrypting the data while it's in motion.
  2. Unsecured log files.
  3. Poor visibility into operator activities.
  4. Poor security management.

-----

New technology can help mitigate the above risks. I'm not here to sell you a system, I'm here to sell you an approach to a system. I'm telling you that if you're sitting on years old document scanning system, you're probably at risk and it's time for you to look for a system. Get out your legal pad. Get out your pen and get ready to write down the four things I'm about to tell you to look for in a new document scanning system.

Safeguard Number One – Impersonation.

The first safeguard is “impersonation.” No, no. Don't start belting out Elvis tunes. What you want is a system that writes data to a different user account than the one used by the scanner operator -- no more having the fox mind the chicken coop. You want to eliminate access to the network files and you want to ensure that operators can only access images through the capture platform. This keeps them from looking at things they shouldn't be looking at and doing anything with the images and data that they shouldn't be doing.

Safeguard Number Two – Protect your images and data.

The second safeguard is to look for systems that protect imaging data.  You want to look for strong encryption algorithms. Don't believe those that say, "Oh, you don't want to encrypt things, it'll slow your systems down." That is ten year old thinking. You need strong encryption algorithms that automatically protect all data stored on all hard drives and PCs and it won't impact your system performance.

In this kind of environment, your users can access data via an authentication device.  It might be a password, it might be a key. This enables the system to retrieve the information and decrypt it. Of course, your IT and your security folks can help you select and manage exactly what kind of full disk encryption technology is used. The key thing is you want to make sure that you have a scanning solution that supports full disk encryption.

You want to look for a document imaging system that uses Internet Protocol Security (IPSec) tunnels to encrypt data and images that are in motion. This is basically a framework of open standards that the propeller heads have come up with to help ensure private, secure communications over IP networks. It uses cryptographic security services. This hardened security will keep information in motion safe, and supports network level data integrity. It also supports data confidentiality and authenticates data. It makes sure that folks can't intercept your information.

Here again, your IT and your security staff can work with your vendor to configure IPSec based on your organization's requirements and needs. The key thing is you want to make sure that you have a document scanning solution that supports IPSec. You don't want to write sensitive information to a hard drive of a host PC. That makes no sense. If your solution is doing this, you need to look for a new system that will only write it into memory and not to a host PC that somebody can gain access to.

Safeguard Number Three – Secure your audit logging processes.

The third safeguard is audit logging. Audit logging is a really good way to monitor the health and operation of a document scanning system. Yet, it's really overlooked when it comes to security. When you look for a document scanning solution, look for one that supports detailed audit. You want to track every activity that occurs within the software and the hardware. This includes things like changes to admin passwords, and anything that might have been faxed or emailed or downloaded.

If your auditors haven't told you this already, log files are also critical for regulatory compliance. It's something that auditors expect and obviously something for which they are looking.  You want to make sure that batch log files are written directly to a network and not to a local drive. Finally, when it comes to audit logging, make sure that any sensitive information is sanitized in the log file. Today's document scanning solutions can sanitize information so that nothing is left out in the open.

Safeguard Number Four – Strong security management.

The fourth safeguard in a document scanning solution is strong security management. You should be able to do this yourself. You should be able to do it yourself with the security control panel. Dashboards should provide easy control of configuration. This makes it easy for your administrators to review security settings to help change them based on the needs of the business. It saves them a lot of time for network administrators as well as for IT professionals. It's easy to change the configurations.

-----

About ibml (sponsor of the original webinar)

ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements.  Combining intelligent scanners, software and services, ibml solutions  automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at sales@ibml.com.

Check out 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations from ibml.

Read More

Topics: compliance, imaging, scanning, capture, security, information security

Update! -- Defining the Information Professional of the Future

May 18, 2016 9:41:04 AM by John Mancini

Last month, I put together the following posts containing my thoughts about the future of Information Professionals.  

The first installment was called -- From Jurassic Park to Digital Transformation -- a Tale of Information Professionals.  Part Two was called -- A Short History of Where Information Professionals Came From.  Part Three was Disruptive Technologies Create Need for Information Professionals.  The last post follows in a moment after two updates...

Since I originally published these posts, 2 updates:

1 -- We've published a white paper on the Future of Information Professionals.

It's free.  Download it.  Send the link to your friends and colleagues.  Give it to your kids to show them what you do and why it's important!  Defining the Information Professional of the Future.

Future of an Information Professional

2 -- We've launched the brand spanking new CIP (Certified Information Professional)

Copies of the new study guide are FREE to AIIM Professional members and $69 to everyone else.  CIP Study guide is HERE.

CIP Study Guide

Defining the Information Professional of the Future

I concluded my previous post with this thought:

In the mainstream, the focus is still on on-premise applications built on and for the PC. The core skills that are valued in the mainstream are focused on building and developing systems. At the edge, the focus shifts to the cloud, mobile technologies become the Lego building blocks of systems, and the skill sets that are valued within our IT staffs shift from building and developing to configuring and connecting.

More to come in the next post.

-----

So continuing....

So let’s return to our PEOPLE -- PROCESS -- TECHNOLOGY triad and think about how the world has changed -- and will continue to change.

On the PROCESS side, a revolutionary thing has happened. Process owners can now implement their OWN solutions. This creates incredible pressure to take monolithic business processes and turn them into applications. On top of this, the world is rapidly shifting to one in which most interactions will be on mobile devices. This means all processes must be reformulated from a mobile perspective.



This has interesting implications when we think about the world of TECHNOLOGY. As mentioned earlier, configuring, connecting, and mobile skills are now critical and in short supply. We need to rethink the entire notion of security. Security that was once defined purely in terms of what was inside and outside the firewall now needs to be reconstructed around individual information assets. And organizations are experiencing a massive Legacy drain on their ability to innovate.

Perhaps the most extreme change has been on the PEOPLE side of the equation. We have moved into a world in which usability is EVERYTHING. Even individual users can implement their own enterprise-like solutions, and if we try to get in their way they will do it anyway. There has been an enormous blurring of the lines between what is the home and what is the office. There is no way to put this genie back in the bottle, and organizations must understand that Millennials operate in a fundamentally different fashion than the email generation.

The implications of this relative to how we manage information are profound. The kinds of questions that are being asked in our organizations vary greatly depending on whether you view the world from a PROCESS perspective, a TECHNOLOGY perspective, or a PEOPLE perspective. And in an era in which enterprise-like capabilities are increasingly available without IT intervention, the short-term pressure for each of these people to actually communicate and cooperate with each other is decreasing.

Each of these players in the information management story has a different role to play in the organization, and in some ways they are all versions of information professionals. However their needs and requirements are vastly different.



End users need education on responsible computing practices and need to understand how their organization wishes to place boundaries on their use of information. Now that process automation solutions are available to a much wider range of companies than ever before through SaaS solutions, line of business executives must be educated to better understand what is possible. And technology specialists must keep up with a wide range of content and information management solutions, understand the relative strengths and weaknesses of each, and try to forecast the survivability of individual companies into the future.

But this still leaves the fundamental question of the role of the Information Professional in all of this.

Someone needs to own the big picture.

Someone needs to provide adult supervision to the process people, technology people, and end users that interact with content and information management systems.

Someone needs to help the organization think through what it means to manage information as a critical business asset.

Someone needs to act as the translator of the unique language of each of the people who interact with our information systems, whether they are from a PEOPLE perspective a PROCESS perspective or a TECHNOLOGY perspective.

We believe that that person is an Information Professional, and the CIP ( Certified Information Professional) is his/her badge.

Free e-book -- What is the new Role of an Information Professional?

-----

A bit more from my keynote at #AIIM16 on the Future of Information Professionals.

 

Read More

Topics: cip, certified information professional, information professional, information professionals

4 Risks from Antiquated Document Capture Systems - Part 2 of 3

May 17, 2016 8:58:26 AM by Mark Brousseau

4 Risks from Antiquated Document Capture Systems

I’m doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml.  The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes. This is the second post; the first one is HERE.

About our guest poster:  Mark Brousseau is a noted marketer, analyst, speaker and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full service marketing PR and business development firm specializing in the payments and document automation arenas.

Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.

Free white paper from ibml

-----

Where we left off in our first post…

Despite all these investments you're making at the macro level, despite all the efforts that your IT department is doing on your behalf, there's a gap in your information security systems and it is in the unlikeliest of places -- your document scanning and data capture systems.  Your information on-ramp is leaving you vulnerable to the bad guys. A typical document imaging system is creating four major vulnerabilities that substantially increase the potential for data theft and violations of information management regulations.

-----

Risk One from antiquated capture systems – Not encrypting the data while it's in motion.

The first risk that organizations face when it comes to antiquated systems is they don't have any protection for the images or data as they travel through their capture workflows.

Think about your operations for a second. You don't just scan something and let it sit there. Your image is likely involved in a workflow and that workflow probably is increasingly touching people who are on different floors, in different buildings and maybe in different countries. Yet, most old document imaging systems aren't encrypting this data or these images. While they're travelling across the enterprise or the extended enterprise, they're left literally out in the open for the bad guys to intercept them.

What's more, in most scanning environments, operators must have network or file system rights to the location where images are written. Think about this for a moment.  Images and data aren't being encrypted, and anyone who operates the system is going to have access to them unencrypted.  This obviously opens the door for an operator to read information that they shouldn't be reading. If you're processing medical records, if you're processing financial documents, or if you're processing something on behalf of a sensitive government entity, you've now laid that information open to internal staff.  

Finally, images also can be written to the scanner's local hard drive prior to writing the data to a network file repository. Think about this for a second. Most folks assumed that once an image is captured on a scanner, it goes immediately to an archival. This isn't the case at all. With antiquated systems, they're written to a hard drive and then moved to a network file repository.  Here again, the information is out in the open for a bad guy to be able to look at or to intercept.

Risk Two from antiquated scanning systems – Unsecured log files.

The second risk organizations face is unsecured log files. A key tool in recognizing security breaches is a log file. We all have them. It's a standard feature in every operating system, application, server platform, scanning software, it's everywhere. It shows you what's going on with the health and operation of your system. By monitoring log files, you can identify potential wrongdoing. It helps you and prevent security breaches.

This creates a problem. Antiquated document scanning systems write log files to a local hard drive of the scanner's host PC.  What this does is it puts them beyond the control of the system administrator.  Essentially, this means you've got the fox minding the chicken coop. It is difficult for the administrator to watch that log file and see what's going on. As has been well chronicled at AIIM studies, we know that there's more and more data being captured and put into those log files. That's information you don't want sitting out in the open. This is tantalizing stuff for somebody who's up to no good.

Risk Three from antiquated scanning systems – Poor visibility into operator activities.

The third risk from antiquated document scanning systems is poor visibility into operator activities. Old scanning systems make it difficult to track and audit the activities of their staff and this opens the door for unauthorized access or even distribution of sensitive data in an undetected environment. If you can't track it, you can't fix it and you can't catch it.  17% of organizations admit that their staff already bypasses security restrictions placed on them. That's not to say those folks are up to no good, it's just to show that staff will do the most expedient thing.

Now, think about introducing a bad guy into the kind of environment where it's okay that one in five staff goes around security steps. When you have an environment where it's difficult to track and audit, you have an environment where you're leaving yourself open to risk.

Risk Four from antiquated scanning systems – Poor security management.

The fourth risk that organizations face with antiquated security systems is poor security management. Older systems require manual processes for network administrators to review and to change security settings. In most cases, this stuff is set up when somebody originally came to install the system and is left alone until something goes wrong. That's what is wrong with this scenario. It's a hassle for the administrator to change the settings and this leads to less frequent security configuration reviews and this puts you at risk. Manual processes do not provide a comprehensive view on a network and they don't make it easy for you to adjust to change in business requirements to ensure that you're not at risk.

In our next post, Mark will take a look at the safeguards you can take to protect yourself against these 4 risks.

-----

About ibml (sponsor of the original webinar)

ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements.  Combining intelligent scanners, software and services, ibml solutions  automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at sales@ibml.com.

Check out 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations from ibml.

Read More

Topics: compliance, imaging, scanning, capture, security, information security

Increasing Security and Compliance Concerns for Document Capture – Part 1 of 3

May 13, 2016 10:09:04 AM by Mark Brousseau

Think Your Scanned Images are Safe?  Think Again

I’ll be doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml.  The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes.

About our guest poster:  Mark Brousseau is a noted marketer, analyst, speaker and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full service marketing PR and business development firm specializing in the payments and document automation arenas.

Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.

Free white paper from ibml

-----

As we begin 2016, the biggest threat to your business probably isn't the proverbial competitor down the street. It's someone who wants to take advantage of your corporate information. We know that a growing number of businesses and government entities have already become cyber war victims.

  1. It wasn't that long ago that there were front page headlines when tens of millions of Target and Home Depot customers had their information stolen from those retailers.
  2. Just last March, health insurance company Anthem admitted that it was attacked. The personal information of as many as 80 million Americans information was vulnerable as a result of that attack. 80 million -- that's one quarter of the entire U.S. population.
  3. Last Fall, the U.S. government's Office of Personnel Management admitted that their employee database was hacked. The bad guys got personnel data on millions of federal employees, including their fingerprints and their job applications. Think about what must be on those job applications.
  4. Even the people who are protecting us are not immune. Just recently, Juniper Networks -- these are the guys who make firewalls and network security equipment -- admitted that they were hacked.

2015 was the compliance and security wake up call for businesses and 2016 needs to be the year you get your act together. You can't afford any more data leaks, lost patient records or corporate espionage. You can’t afford the cost, the penalties, the fines and the reputational risk that comes with these violations and data loss and the impacts of data leaks are significant.

Two-thirds of companies say the potential impact of a data leak would be high. 13% of companies say the potential impact of a data leak would be disastrous. That's not so hard to believe when you consider what that stake from a reputational and financial standpoint. In fact, a lot of folks focus on the financial piece of this. According to studies, the average cost of a single data leak is $7.2 million. When you think about what Target went through with their breach, $7.2 million seems like table stakes.

These costs are only going to go up. Increased regulations, standards, and rules are raising the stakes. They're raising the potential cost and penalties that you could suffer if your data is lost or you have a compliance violation.  Two-thirds of organizations see that ensuring the privacy of customer data is essential. Well, that's good news. Two-thirds of organizations also see that compliance with industry and government regulations is also essential. This is a big driver behind a lot of data capture system purchases.

In fact, 30% of organizations say that compliance and security considerations is the most significant business driver of document and record management projects. That's staggering; most assume it's cost efficiency and productivity.

PCI (payment card industry) compliance is going to take more and more of the headlines as corporate America continues to push harder and harder away from paper based checks and toward electronic transactions. We're going to find that while many organizations knew how to safeguard check information, they really don't understand how to do the same in an electronic world, where it's easier for folks to intercept that information. That’s just the tip of the iceberg. There are 13,982 other regulations that are impacting businesses, all of them with their own cost and their own risk. Every day, there are people in Washington DC dreaming up more regulations about how to manage your data.

You've undoubtedly put in permissions and access controls, and you've implemented antivirus and malware tools. You've probably regulated the passwords your staff uses so they can't use their birth dates or 123456 anymore. You've implemented perimeter security so that folks can't walk in and out your front and back doors and literally take your information with them.

Despite all these investments you're making at the macro level, despite all the efforts that your IT department is doing on your behalf, there's a gap in your information security systems and it is in the unlikeliest of places -- your document scanning and data capture systems.  Your information on-ramp is leaving you vulnerable to the bad guys.

A typical document imaging system is creating four major vulnerabilities that substantially increase the potential for data theft and violations of information management regulations.  In our next post, Mark will discuss the four risks of antiquated scanning systems:

  1. Not encrypting the data while it's in motion.
  2. Unsecured log files.
  3. Poor visibility into operator activities.
  4. Poor security management.

-----

About ibml (sponsor of the original webinar)

ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements.  Combining intelligent scanners, software and services, ibml solutions  automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at sales@ibml.com.

Check out 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations from ibml.

Read More

Topics: compliance, imaging, scanning, capture, security, information security

About AIIM

AIIM provides market research, expert advice, and skills development to an empowered community of leaders committed to information-driven innovation.

Subscribe to Email Updates

Process Improvement and Automation 2016