4 Safeguards to Protect Your Information
I’m doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml. The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes.
This is the third post in the series; the first one is HERE, and the second one is HERE.
About our guest poster: Mark Brousseau is a noted marketer, analyst, speaker and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full service marketing PR and business development firm specializing in the payments and document automation arenas.
Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.
Where we left off in our first post…Risks you face from antiquated capture systems:
- Not encrypting the data while it's in motion.
- Unsecured log files.
- Poor visibility into operator activities.
- Poor security management.
New technology can help mitigate the above risks. I'm not here to sell you a system, I'm here to sell you an approach to a system. I'm telling you that if you're sitting on years old document scanning system, you're probably at risk and it's time for you to look for a system. Get out your legal pad. Get out your pen and get ready to write down the four things I'm about to tell you to look for in a new document scanning system.
Safeguard Number One – Impersonation.
The first safeguard is “impersonation.” No, no. Don't start belting out Elvis tunes. What you want is a system that writes data to a different user account than the one used by the scanner operator -- no more having the fox mind the chicken coop. You want to eliminate access to the network files and you want to ensure that operators can only access images through the capture platform. This keeps them from looking at things they shouldn't be looking at and doing anything with the images and data that they shouldn't be doing.
Safeguard Number Two – Protect your images and data.
The second safeguard is to look for systems that protect imaging data. You want to look for strong encryption algorithms. Don't believe those that say, "Oh, you don't want to encrypt things, it'll slow your systems down." That is ten year old thinking. You need strong encryption algorithms that automatically protect all data stored on all hard drives and PCs and it won't impact your system performance.
In this kind of environment, your users can access data via an authentication device. It might be a password, it might be a key. This enables the system to retrieve the information and decrypt it. Of course, your IT and your security folks can help you select and manage exactly what kind of full disk encryption technology is used. The key thing is you want to make sure that you have a scanning solution that supports full disk encryption.
You want to look for a document imaging system that uses Internet Protocol Security (IPSec) tunnels to encrypt data and images that are in motion. This is basically a framework of open standards that the propeller heads have come up with to help ensure private, secure communications over IP networks. It uses cryptographic security services. This hardened security will keep information in motion safe, and supports network level data integrity. It also supports data confidentiality and authenticates data. It makes sure that folks can't intercept your information.
Here again, your IT and your security staff can work with your vendor to configure IPSec based on your organization's requirements and needs. The key thing is you want to make sure that you have a document scanning solution that supports IPSec. You don't want to write sensitive information to a hard drive of a host PC. That makes no sense. If your solution is doing this, you need to look for a new system that will only write it into memory and not to a host PC that somebody can gain access to.
Safeguard Number Three – Secure your audit logging processes.
The third safeguard is audit logging. Audit logging is a really good way to monitor the health and operation of a document scanning system. Yet, it's really overlooked when it comes to security. When you look for a document scanning solution, look for one that supports detailed audit. You want to track every activity that occurs within the software and the hardware. This includes things like changes to admin passwords, and anything that might have been faxed or emailed or downloaded.
If your auditors haven't told you this already, log files are also critical for regulatory compliance. It's something that auditors expect and obviously something for which they are looking. You want to make sure that batch log files are written directly to a network and not to a local drive. Finally, when it comes to audit logging, make sure that any sensitive information is sanitized in the log file. Today's document scanning solutions can sanitize information so that nothing is left out in the open.
Safeguard Number Four – Strong security management.
The fourth safeguard in a document scanning solution is strong security management. You should be able to do this yourself. You should be able to do it yourself with the security control panel. Dashboards should provide easy control of configuration. This makes it easy for your administrators to review security settings to help change them based on the needs of the business. It saves them a lot of time for network administrators as well as for IT professionals. It's easy to change the configurations.
About ibml (sponsor of the original webinar)
ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements. Combining intelligent scanners, software and services, ibml solutions automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at email@example.com.
Check out 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations from ibml.