AIIM - The Global Community of Information Professionals

Top 10 Digital Landfill Blog Posts for June

Jun 30, 2017 11:38:41 AM by John Mancini

Check them out...

Read More

Topics: compliance, erm, electronic records management, content management, ecm, intelligent information management

What are you doing about GDPR? - 3 Keys to Compliance

Jun 7, 2017 9:22:38 AM by John Mancini

May 2018 is just around the corner, and there is a mad scramble to figure out what to do about GDPR. Here are the 3 Keys to Your GDPR Compliance Strategy.

Read More

Topics: compliance, privacy, europe, gdpr

7 Trends That Are Changing the Content Management Landscape

Dec 4, 2016 2:55:21 PM by John Mancini

It’s the best of times for those in the content biz -- content has never been more important in creating and delivering value to customers.  And it is also the worst of times – ECM is increasingly viewed as a dated and artificially narrow term, creating an untethered feel to the content “industry” right now.

Read More

Topics: compliance, content management, ecm, trends, Industry statistics and research

Four Safeguards You Can Take to Protect Your Information - Part 3 of 3

May 19, 2016 9:21:49 AM by Mark Brousseau

4 Safeguards to Protect Your Information

I’m doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml.  The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes. 

This is the third post in the series; the first one is HERE, and the second one is HERE.

About our guest poster:  Mark Brousseau is a noted marketer, analyst, speaker and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full service marketing PR and business development firm specializing in the payments and document automation arenas.

Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.

Free white paper from ibml

-----

Where we left off in our first post…Risks you face from antiquated capture systems:

  1. Not encrypting the data while it's in motion.
  2. Unsecured log files.
  3. Poor visibility into operator activities.
  4. Poor security management.

-----

New technology can help mitigate the above risks. I'm not here to sell you a system, I'm here to sell you an approach to a system. I'm telling you that if you're sitting on years old document scanning system, you're probably at risk and it's time for you to look for a system. Get out your legal pad. Get out your pen and get ready to write down the four things I'm about to tell you to look for in a new document scanning system.

Safeguard Number One – Impersonation.

The first safeguard is “impersonation.” No, no. Don't start belting out Elvis tunes. What you want is a system that writes data to a different user account than the one used by the scanner operator -- no more having the fox mind the chicken coop. You want to eliminate access to the network files and you want to ensure that operators can only access images through the capture platform. This keeps them from looking at things they shouldn't be looking at and doing anything with the images and data that they shouldn't be doing.

Safeguard Number Two – Protect your images and data.

The second safeguard is to look for systems that protect imaging data.  You want to look for strong encryption algorithms. Don't believe those that say, "Oh, you don't want to encrypt things, it'll slow your systems down." That is ten year old thinking. You need strong encryption algorithms that automatically protect all data stored on all hard drives and PCs and it won't impact your system performance.

In this kind of environment, your users can access data via an authentication device.  It might be a password, it might be a key. This enables the system to retrieve the information and decrypt it. Of course, your IT and your security folks can help you select and manage exactly what kind of full disk encryption technology is used. The key thing is you want to make sure that you have a scanning solution that supports full disk encryption.

You want to look for a document imaging system that uses Internet Protocol Security (IPSec) tunnels to encrypt data and images that are in motion. This is basically a framework of open standards that the propeller heads have come up with to help ensure private, secure communications over IP networks. It uses cryptographic security services. This hardened security will keep information in motion safe, and supports network level data integrity. It also supports data confidentiality and authenticates data. It makes sure that folks can't intercept your information.

Here again, your IT and your security staff can work with your vendor to configure IPSec based on your organization's requirements and needs. The key thing is you want to make sure that you have a document scanning solution that supports IPSec. You don't want to write sensitive information to a hard drive of a host PC. That makes no sense. If your solution is doing this, you need to look for a new system that will only write it into memory and not to a host PC that somebody can gain access to.

Safeguard Number Three – Secure your audit logging processes.

The third safeguard is audit logging. Audit logging is a really good way to monitor the health and operation of a document scanning system. Yet, it's really overlooked when it comes to security. When you look for a document scanning solution, look for one that supports detailed audit. You want to track every activity that occurs within the software and the hardware. This includes things like changes to admin passwords, and anything that might have been faxed or emailed or downloaded.

If your auditors haven't told you this already, log files are also critical for regulatory compliance. It's something that auditors expect and obviously something for which they are looking.  You want to make sure that batch log files are written directly to a network and not to a local drive. Finally, when it comes to audit logging, make sure that any sensitive information is sanitized in the log file. Today's document scanning solutions can sanitize information so that nothing is left out in the open.

Safeguard Number Four – Strong security management.

The fourth safeguard in a document scanning solution is strong security management. You should be able to do this yourself. You should be able to do it yourself with the security control panel. Dashboards should provide easy control of configuration. This makes it easy for your administrators to review security settings to help change them based on the needs of the business. It saves them a lot of time for network administrators as well as for IT professionals. It's easy to change the configurations.

-----

About ibml (sponsor of the original webinar)

ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements.  Combining intelligent scanners, software and services, ibml solutions  automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at sales@ibml.com.

Check out 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations from ibml.

Read More

Topics: compliance, imaging, scanning, capture, security, information security

4 Risks from Antiquated Document Capture Systems - Part 2 of 3

May 17, 2016 8:58:26 AM by Mark Brousseau

4 Risks from Antiquated Document Capture Systems

I’m doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml.  The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes. This is the second post; the first one is HERE.

About our guest poster:  Mark Brousseau is a noted marketer, analyst, speaker and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full service marketing PR and business development firm specializing in the payments and document automation arenas.

Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.

Free white paper from ibml

-----

Where we left off in our first post…

Despite all these investments you're making at the macro level, despite all the efforts that your IT department is doing on your behalf, there's a gap in your information security systems and it is in the unlikeliest of places -- your document scanning and data capture systems.  Your information on-ramp is leaving you vulnerable to the bad guys. A typical document imaging system is creating four major vulnerabilities that substantially increase the potential for data theft and violations of information management regulations.

-----

Risk One from antiquated capture systems – Not encrypting the data while it's in motion.

The first risk that organizations face when it comes to antiquated systems is they don't have any protection for the images or data as they travel through their capture workflows.

Think about your operations for a second. You don't just scan something and let it sit there. Your image is likely involved in a workflow and that workflow probably is increasingly touching people who are on different floors, in different buildings and maybe in different countries. Yet, most old document imaging systems aren't encrypting this data or these images. While they're travelling across the enterprise or the extended enterprise, they're left literally out in the open for the bad guys to intercept them.

What's more, in most scanning environments, operators must have network or file system rights to the location where images are written. Think about this for a moment.  Images and data aren't being encrypted, and anyone who operates the system is going to have access to them unencrypted.  This obviously opens the door for an operator to read information that they shouldn't be reading. If you're processing medical records, if you're processing financial documents, or if you're processing something on behalf of a sensitive government entity, you've now laid that information open to internal staff.  

Finally, images also can be written to the scanner's local hard drive prior to writing the data to a network file repository. Think about this for a second. Most folks assumed that once an image is captured on a scanner, it goes immediately to an archival. This isn't the case at all. With antiquated systems, they're written to a hard drive and then moved to a network file repository.  Here again, the information is out in the open for a bad guy to be able to look at or to intercept.

Risk Two from antiquated scanning systems – Unsecured log files.

The second risk organizations face is unsecured log files. A key tool in recognizing security breaches is a log file. We all have them. It's a standard feature in every operating system, application, server platform, scanning software, it's everywhere. It shows you what's going on with the health and operation of your system. By monitoring log files, you can identify potential wrongdoing. It helps you and prevent security breaches.

This creates a problem. Antiquated document scanning systems write log files to a local hard drive of the scanner's host PC.  What this does is it puts them beyond the control of the system administrator.  Essentially, this means you've got the fox minding the chicken coop. It is difficult for the administrator to watch that log file and see what's going on. As has been well chronicled at AIIM studies, we know that there's more and more data being captured and put into those log files. That's information you don't want sitting out in the open. This is tantalizing stuff for somebody who's up to no good.

Risk Three from antiquated scanning systems – Poor visibility into operator activities.

The third risk from antiquated document scanning systems is poor visibility into operator activities. Old scanning systems make it difficult to track and audit the activities of their staff and this opens the door for unauthorized access or even distribution of sensitive data in an undetected environment. If you can't track it, you can't fix it and you can't catch it.  17% of organizations admit that their staff already bypasses security restrictions placed on them. That's not to say those folks are up to no good, it's just to show that staff will do the most expedient thing.

Now, think about introducing a bad guy into the kind of environment where it's okay that one in five staff goes around security steps. When you have an environment where it's difficult to track and audit, you have an environment where you're leaving yourself open to risk.

Risk Four from antiquated scanning systems – Poor security management.

The fourth risk that organizations face with antiquated security systems is poor security management. Older systems require manual processes for network administrators to review and to change security settings. In most cases, this stuff is set up when somebody originally came to install the system and is left alone until something goes wrong. That's what is wrong with this scenario. It's a hassle for the administrator to change the settings and this leads to less frequent security configuration reviews and this puts you at risk. Manual processes do not provide a comprehensive view on a network and they don't make it easy for you to adjust to change in business requirements to ensure that you're not at risk.

In our next post, Mark will take a look at the safeguards you can take to protect yourself against these 4 risks.

-----

About ibml (sponsor of the original webinar)

ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements.  Combining intelligent scanners, software and services, ibml solutions  automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at sales@ibml.com.

Check out 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations from ibml.

Read More

Topics: compliance, imaging, scanning, capture, security, information security

Increasing Security and Compliance Concerns for Document Capture – Part 1 of 3

May 13, 2016 10:09:04 AM by Mark Brousseau

Think Your Scanned Images are Safe?  Think Again

I’ll be doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml.  The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes.

About our guest poster:  Mark Brousseau is a noted marketer, analyst, speaker and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full service marketing PR and business development firm specializing in the payments and document automation arenas.

Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.

Free white paper from ibml

-----

As we begin 2016, the biggest threat to your business probably isn't the proverbial competitor down the street. It's someone who wants to take advantage of your corporate information. We know that a growing number of businesses and government entities have already become cyber war victims.

  1. It wasn't that long ago that there were front page headlines when tens of millions of Target and Home Depot customers had their information stolen from those retailers.
  2. Just last March, health insurance company Anthem admitted that it was attacked. The personal information of as many as 80 million Americans information was vulnerable as a result of that attack. 80 million -- that's one quarter of the entire U.S. population.
  3. Last Fall, the U.S. government's Office of Personnel Management admitted that their employee database was hacked. The bad guys got personnel data on millions of federal employees, including their fingerprints and their job applications. Think about what must be on those job applications.
  4. Even the people who are protecting us are not immune. Just recently, Juniper Networks -- these are the guys who make firewalls and network security equipment -- admitted that they were hacked.

2015 was the compliance and security wake up call for businesses and 2016 needs to be the year you get your act together. You can't afford any more data leaks, lost patient records or corporate espionage. You can’t afford the cost, the penalties, the fines and the reputational risk that comes with these violations and data loss and the impacts of data leaks are significant.

Two-thirds of companies say the potential impact of a data leak would be high. 13% of companies say the potential impact of a data leak would be disastrous. That's not so hard to believe when you consider what that stake from a reputational and financial standpoint. In fact, a lot of folks focus on the financial piece of this. According to studies, the average cost of a single data leak is $7.2 million. When you think about what Target went through with their breach, $7.2 million seems like table stakes.

These costs are only going to go up. Increased regulations, standards, and rules are raising the stakes. They're raising the potential cost and penalties that you could suffer if your data is lost or you have a compliance violation.  Two-thirds of organizations see that ensuring the privacy of customer data is essential. Well, that's good news. Two-thirds of organizations also see that compliance with industry and government regulations is also essential. This is a big driver behind a lot of data capture system purchases.

In fact, 30% of organizations say that compliance and security considerations is the most significant business driver of document and record management projects. That's staggering; most assume it's cost efficiency and productivity.

PCI (payment card industry) compliance is going to take more and more of the headlines as corporate America continues to push harder and harder away from paper based checks and toward electronic transactions. We're going to find that while many organizations knew how to safeguard check information, they really don't understand how to do the same in an electronic world, where it's easier for folks to intercept that information. That’s just the tip of the iceberg. There are 13,982 other regulations that are impacting businesses, all of them with their own cost and their own risk. Every day, there are people in Washington DC dreaming up more regulations about how to manage your data.

You've undoubtedly put in permissions and access controls, and you've implemented antivirus and malware tools. You've probably regulated the passwords your staff uses so they can't use their birth dates or 123456 anymore. You've implemented perimeter security so that folks can't walk in and out your front and back doors and literally take your information with them.

Despite all these investments you're making at the macro level, despite all the efforts that your IT department is doing on your behalf, there's a gap in your information security systems and it is in the unlikeliest of places -- your document scanning and data capture systems.  Your information on-ramp is leaving you vulnerable to the bad guys.

A typical document imaging system is creating four major vulnerabilities that substantially increase the potential for data theft and violations of information management regulations.  In our next post, Mark will discuss the four risks of antiquated scanning systems:

  1. Not encrypting the data while it's in motion.
  2. Unsecured log files.
  3. Poor visibility into operator activities.
  4. Poor security management.

-----

About ibml (sponsor of the original webinar)

ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements.  Combining intelligent scanners, software and services, ibml solutions  automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at sales@ibml.com.

Check out 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations from ibml.

Read More

Topics: compliance, imaging, scanning, capture, security, information security

The Brave New World of Scanning and Capture -- Really?

Aug 2, 2012 5:00:00 AM by John F. Mancini

I recently purchased a new car from one of the largest car dealers in the country (privately owned, $55 million in annual revenues).  Given that I am notoriously cheap about cars, it was a very inexpensive car, and we paid cash.  After negotiating the deal, we went to the back room where we signed all of the documentation.  We signed the following forms:

Read More

Topics: Ford, automobiles, compliance, documentation, records, documents

33 Fast Facts About the #ECM Industry

Apr 15, 2011 6:53:55 AM by John F. Mancini

We recently released our 2011 State of the ECM Industry Report, and I thought it timely to summarize the key findings in the report. 

Per AIIM's in-house analyst, Doug Miles, "Over the last few years, Enterprise Content Management has been one of the fastest growing areas of IT,outstripping traditional enterprise applications with its double-digit growth. Driven partly by the need to contain content chaos, but more positively, by the need to maximize employee productivity, improve knowledge sharing andreduce fixed costs, ECM has taken its place at the IT top-table, both as a concept and as a product."

Doug believes that organizations are struggling to achieve the vision of a single ECM system -- one that manages all types of content, across the whole enterprise. "The vision of 'a single source of information for all' can be achieved through many different strategies. It may involve linking repositories, integrating applications, and implementing search portals. For many organizations, SharePoint plays its part in this ECM infrastructure, but it is by no means an exclusive part. As we will see, industry-specific needs are an important factor in setting ECM requirements for a significant number of organizations, and may call into play vertical market specialists, robust repositories, best-of-breed integrations, open source components and SharePoint add-ons."

So without further ado, here are 33 things you need to know about the current state of the ECM/content management industry.  And as you look through them, remember that it is FREE (yes, as in we don't charge) to download the original 2011 State of the ECM Industry report.  Just do it. And also that you are free (with attribution - name of the report and a link) to use the data in your own presentations.
  1. Improving efficiency and optimizing processes are the key drivers for continued ECM investment across all sizes of organization. 
  2. Compliance is still a significant driver, especially in larger organizations, but has fallen from a peak in 2007.
  3. Improved collaboration is increasingly recognized as an important benefit of ECM. 
  4. Two-thirds of those without systems have concerns about information accuracy and accessibility, particularly with regard to emails. ECM systems improve confidence in the integrity and retrievability of electronic information by a factor of three. 
  5. 50% of all respondents describe their management of instant messages as “chaotic,” 31% feel the same about emails, and 28% for Office documents. “Content chaos” is by far the biggest trigger-factor for buying or replacing ECM systems.
  6. Although 39% are still filing important emails in personal Outlook folders, 18% now have automatic capture to document or records management systems, or dedicated email management systems, with 19% relying on manual indexing by staff. 
  7. 15% delete all emails over a certain age, whereas 16% keep them indefinitely. 27% have no policy.
  8. Within the AIIM community, 16% of respondents consider they have achieved an enterprise scale ECM capability, up from 12% in the 2010 survey. 29% are in the process of implementing one. 
  9. 72% of larger organizations have 3 or more ECM/DM/RM systems. 25% have 5 or more.
  10. Consolidation of existing systems into a single-vendor ECM suite is a preferred strategy for 42% of organizations surveyed, with 19% utilizing an existing suite and 23% buying a new suite. 29% have a chosen strategy to maintain and update departmental or dedicated systems.
  11. Amongst the largest organizations (over 5,000 employees), 4% are looking to a new single-vendor suite as their first content management project, compared to 16% of both small and mid-sized organizations. However, 15% of the largest organizations have no content management strategy in place. 
  12. Over 60% of organizations would look to their ECM system to provide management of physical (paper) records as well as long-term electronic records retention. 40% also look for compliance with ISO, DoD or MoReq standards - and not just in government organizations. 
  13. Case Management is important for 38%, and technical/large-format drawings for 33%. Overall, 30% cited a range of more specific requirements for their industry sector.  
  14. 18% of respondents chose an industry-specific vendor in order to achieve their particular requirements. For those who chose a generic ECM vendor or suite, 35% took careful account of the ability to meet their industry requirements. 
  15. 57% have some degree of local customization, and 27% have add-on products, or best-of-breed integrations. 
  16. 28% feel constrained by their ECM/workflow system when it comes to making process changes, and for 15% it has limited their ability to achieve an enterprise-wide solution. 60% feel that their industry-specific requirements may restrain their ability to use SaaS or Cloud solutions.
  17. Portalling is a popular option to provide employees across the enterprise with a single point of information access.
  18. 19% are using their main ECM suite as a portal to other repositories and 23% are using SharePoint as a portal.
  19. 28% are migrating content to a single ECM system.
  20. 68% of installed ECM systems have no browser or mobile access options. 
  21. 6% of organizations currently use Open Source ECM systems, and this is set to double in the next 2 years. In smaller organizations, 8% are using Open Source now and 13% have plans. 
  22. 32% of organizations use outsourcing for paper archives, but only 7% outsource their electronic document archive. 4% are using SaaS or Cloud for ECM or document management, and this is set to double in the next 12 months. 
  23. In particular, 6% are using internal corporate clouds, and less than 3% are using external public clouds. Use of outsourced corporate clouds is set to treble. 
  24. 53% of larger organizations are using social business or Enterprise 2.0 collaboration tools inside the organization, compared with 29% of smaller organizations.
  25. 55% have no policy on how long information stored on internal social business sites should be retained, and 32% have no acceptable-use policy for employees.
  26. 54% are using SharePoint tools for collaboration and social sites. Only 34% of users are using dedicated, paid-for products, or SharePoint add-ons. 
  27. Increased collaboration within and between teams is by far the largest benefit of social/collaboration tools. 
  28. 58% of surveyed organizations have now implemented SharePoint, compared to 45% in 2010 and 33% in 2009.
  29. This rises to 70% in the largest organizations. 6% are live on SharePoint 2010, with 27% in the process of upgrading. For 13%, the 2010 version is their first use of SharePoint.  
  30. 23% of SharePoint implementations can be considered as optimized and mature ECM systems. Governance is still a big issue for 40%, including 27% who have yet to commit to a full roll out. 12% of SharePoint users are not using it in an ECM or DM mode. 
  31. 49% have a defined strategy to integrate SharePoint with their existing ECM or DM systems, or even a new ECM system (6%). Only 4% are phasing out their existing systems in favor of SharePoint. 24% have yet to agree a strategy. 
  32. Implementing electronic records management and agreeing on a corporate taxonomy are the two highest ECM priorities, followed by integration of repositories. 
  33. Spending in most areas of ECM is set to increase once more in 2011, particularly for software licenses. Scanners and MFPs will hold their own. Outsourcing may fall slightly.
Read More

Topics: statistics, oracle, E2.0, information management, compliance, IBM, erm, kofax, technology, data, content management, ecm, microsoft, sharepoint, Compliance and records management, aiim, emc, ediscovery, records management, IT, Hyland, trends, Industry statistics and research

Continuing to extend the paper-centric records paradigm is like having a blacksmith work on your Lexus

Feb 8, 2011 4:29:12 AM by John F. Mancini

Here is my latest keynote (at @Newsgator Collective conference) on responsible implementation of social technologies. It raises questions about the challenges of continuing to extend our paper-based paradigm further and further into the world of electronic and social information. It builds on an earlier post -- Poking at the Soft Underbelly of Social Media. Another interesting blog post you should check out is by @juliecolgan, Retention Needs an Enema.

Read More

Topics: garp, facebook, E2.0, compliance, ecm, economist, Compliance and records management, social media, records management, social business, linkedin, google+, twitter, Industry statistics and research

Thinking about implementing social business responsibly

Feb 3, 2011 4:17:56 AM by John F. Mancini

Just back from keynoting the Newsgator Collective (#ngcollective) conference. Lots of interesting end users building social systems on top of SharePoint 2010, and also some with an implementation background from the Tomoye acquisition.

Read More

Topics: hisoftware, tomoye, risk management, E2.0, Newsgator, avanade, compliance, web 2.0, ecm, rightpoint, cognizant, microsoft, sharepoint, orbitalrpm, aiim, slalom consulting, social media, mancini, social business, aspect, ascentium

About AIIM

AIIM provides market research, expert advice, and skills development to an empowered community of leaders committed to information-driven innovation.

Click to Learn More About Unlimited Training

Subscribe to Email Updates