AIIM - The Global Community of Information Professionals

Governance and Compliance Processes Ripe for AI Automation

Oct 29, 2018 11:05:00 AM by John F. Mancini

In The State of Intelligent Information Management: Getting Ahead of the Digital Transformation Curve and in GDPR after the Deadline: Progress, But a Long Way to Go, AIIM began an examination of one of the four key IIM practice areas — Automating Compliance and Governance.

Read More

Topics: governance, compliance, records management, automation

Preview - 5 Things You Need to Know About Information Overload and Automating Governance

Aug 10, 2018 1:32:24 PM by John Mancini

As a preview to our upcoming multi-client market research report on the emerging intersection between information governance & security and analytics & machine learning, we asked 50 senior executives and decision-makers for their perspectives on five of the questions we’ll be asking in our research (just a snapshot of the 20+ questions we’ll be asking in the actual survey).

Read More

Topics: information governance, information security, compliance, automation

Information Security and Compliance Through the Prism of Healthcare and Retail

Feb 21, 2018 9:30:00 AM by John F. Mancini

Organizations must focus strategically on how to manage digital content and understand that: 1) end-users are consuming technology differently; 2) consumer devices are being increasingly used as “on-ramps” to digital workflows; and 3) how you secure the scan and capture process becomes increasingly important.

Let’s explore how these concepts relate to two specific industries – healthcare and retail.

Read More

Topics: compliance, information security, healthcare, retail, scanning, information capture

5 Questions to Ask About Your Social Media Records as Legal Evidence 

Dec 11, 2017 10:00:00 AM by John Mancini

It's an embarrassing question to ask most organizations, but does your social media presence reflect the reality that the responsibility of business documentation doesn’t go away just because the information is on social media?

Read More

Topics: social meda, electronic records management, compliance

Top 10 Digital Landfill Blog Posts for June

Jun 30, 2017 11:38:41 AM by John Mancini

Check them out...

Read More

Topics: ecm, erm, content management, intelligent information management, electronic records management, compliance

What are you doing about GDPR? - 3 Keys to Compliance

Jun 7, 2017 9:22:38 AM by John Mancini

May 2018 is just around the corner, and there is a mad scramble to figure out what to do about GDPR. Here are the 3 Keys to Your GDPR Compliance Strategy.

Read More

Topics: gdpr, compliance, privacy, europe

7 Trends That Are Changing the Content Management Landscape

Dec 4, 2016 2:55:21 PM by John Mancini

It’s the best of times for those in the content biz -- content has never been more important in creating and delivering value to customers.  And it is also the worst of times – ECM is increasingly viewed as a dated and artificially narrow term, creating an untethered feel to the content “industry” right now.

Read More

Topics: trends, Industry statistics and research, ecm, content management, compliance

Four Safeguards You Can Take to Protect Your Information - Part 3 of 3

May 19, 2016 9:21:49 AM by Mark Brousseau

4 Safeguards to Protect Your Information

I’m doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml.  The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes. 

This is the third post in the series; the first one is HERE, and the second one is HERE.

About our guest poster:  Mark Brousseau is a noted marketer, analyst, speaker and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full service marketing PR and business development firm specializing in the payments and document automation arenas.

Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.

Free white paper from ibml

-----

Where we left off in our first post…Risks you face from antiquated capture systems:

  1. Not encrypting the data while it's in motion.
  2. Unsecured log files.
  3. Poor visibility into operator activities.
  4. Poor security management.

-----

New technology can help mitigate the above risks. I'm not here to sell you a system, I'm here to sell you an approach to a system. I'm telling you that if you're sitting on years old document scanning system, you're probably at risk and it's time for you to look for a system. Get out your legal pad. Get out your pen and get ready to write down the four things I'm about to tell you to look for in a new document scanning system.

Safeguard Number One – Impersonation.

The first safeguard is “impersonation.” No, no. Don't start belting out Elvis tunes. What you want is a system that writes data to a different user account than the one used by the scanner operator -- no more having the fox mind the chicken coop. You want to eliminate access to the network files and you want to ensure that operators can only access images through the capture platform. This keeps them from looking at things they shouldn't be looking at and doing anything with the images and data that they shouldn't be doing.

Safeguard Number Two – Protect your images and data.

The second safeguard is to look for systems that protect imaging data.  You want to look for strong encryption algorithms. Don't believe those that say, "Oh, you don't want to encrypt things, it'll slow your systems down." That is ten year old thinking. You need strong encryption algorithms that automatically protect all data stored on all hard drives and PCs and it won't impact your system performance.

In this kind of environment, your users can access data via an authentication device.  It might be a password, it might be a key. This enables the system to retrieve the information and decrypt it. Of course, your IT and your security folks can help you select and manage exactly what kind of full disk encryption technology is used. The key thing is you want to make sure that you have a scanning solution that supports full disk encryption.

You want to look for a document imaging system that uses Internet Protocol Security (IPSec) tunnels to encrypt data and images that are in motion. This is basically a framework of open standards that the propeller heads have come up with to help ensure private, secure communications over IP networks. It uses cryptographic security services. This hardened security will keep information in motion safe, and supports network level data integrity. It also supports data confidentiality and authenticates data. It makes sure that folks can't intercept your information.

Here again, your IT and your security staff can work with your vendor to configure IPSec based on your organization's requirements and needs. The key thing is you want to make sure that you have a document scanning solution that supports IPSec. You don't want to write sensitive information to a hard drive of a host PC. That makes no sense. If your solution is doing this, you need to look for a new system that will only write it into memory and not to a host PC that somebody can gain access to.

Safeguard Number Three – Secure your audit logging processes.

The third safeguard is audit logging. Audit logging is a really good way to monitor the health and operation of a document scanning system. Yet, it's really overlooked when it comes to security. When you look for a document scanning solution, look for one that supports detailed audit. You want to track every activity that occurs within the software and the hardware. This includes things like changes to admin passwords, and anything that might have been faxed or emailed or downloaded.

If your auditors haven't told you this already, log files are also critical for regulatory compliance. It's something that auditors expect and obviously something for which they are looking.  You want to make sure that batch log files are written directly to a network and not to a local drive. Finally, when it comes to audit logging, make sure that any sensitive information is sanitized in the log file. Today's document scanning solutions can sanitize information so that nothing is left out in the open.

Safeguard Number Four – Strong security management.

The fourth safeguard in a document scanning solution is strong security management. You should be able to do this yourself. You should be able to do it yourself with the security control panel. Dashboards should provide easy control of configuration. This makes it easy for your administrators to review security settings to help change them based on the needs of the business. It saves them a lot of time for network administrators as well as for IT professionals. It's easy to change the configurations.

-----

About ibml (sponsor of the original webinar)

ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements.  Combining intelligent scanners, software and services, ibml solutions  automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at sales@ibml.com.

Check out 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations from ibml.

Read More

Topics: compliance, imaging, scanning, capture, security, information security

4 Risks from Antiquated Document Capture Systems - Part 2 of 3

May 17, 2016 8:58:26 AM by Mark Brousseau

4 Risks from Antiquated Document Capture Systems

I’m doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml.  The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes. This is the second post; the first one is HERE.

About our guest poster:  Mark Brousseau is a noted marketer, analyst, speaker and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full service marketing PR and business development firm specializing in the payments and document automation arenas.

Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.

Free white paper from ibml

-----

Where we left off in our first post…

Despite all these investments you're making at the macro level, despite all the efforts that your IT department is doing on your behalf, there's a gap in your information security systems and it is in the unlikeliest of places -- your document scanning and data capture systems.  Your information on-ramp is leaving you vulnerable to the bad guys. A typical document imaging system is creating four major vulnerabilities that substantially increase the potential for data theft and violations of information management regulations.

-----

Risk One from antiquated capture systems – Not encrypting the data while it's in motion.

The first risk that organizations face when it comes to antiquated systems is they don't have any protection for the images or data as they travel through their capture workflows.

Think about your operations for a second. You don't just scan something and let it sit there. Your image is likely involved in a workflow and that workflow probably is increasingly touching people who are on different floors, in different buildings and maybe in different countries. Yet, most old document imaging systems aren't encrypting this data or these images. While they're travelling across the enterprise or the extended enterprise, they're left literally out in the open for the bad guys to intercept them.

What's more, in most scanning environments, operators must have network or file system rights to the location where images are written. Think about this for a moment.  Images and data aren't being encrypted, and anyone who operates the system is going to have access to them unencrypted.  This obviously opens the door for an operator to read information that they shouldn't be reading. If you're processing medical records, if you're processing financial documents, or if you're processing something on behalf of a sensitive government entity, you've now laid that information open to internal staff.  

Finally, images also can be written to the scanner's local hard drive prior to writing the data to a network file repository. Think about this for a second. Most folks assumed that once an image is captured on a scanner, it goes immediately to an archival. This isn't the case at all. With antiquated systems, they're written to a hard drive and then moved to a network file repository.  Here again, the information is out in the open for a bad guy to be able to look at or to intercept.

Risk Two from antiquated scanning systems – Unsecured log files.

The second risk organizations face is unsecured log files. A key tool in recognizing security breaches is a log file. We all have them. It's a standard feature in every operating system, application, server platform, scanning software, it's everywhere. It shows you what's going on with the health and operation of your system. By monitoring log files, you can identify potential wrongdoing. It helps you and prevent security breaches.

This creates a problem. Antiquated document scanning systems write log files to a local hard drive of the scanner's host PC.  What this does is it puts them beyond the control of the system administrator.  Essentially, this means you've got the fox minding the chicken coop. It is difficult for the administrator to watch that log file and see what's going on. As has been well chronicled at AIIM studies, we know that there's more and more data being captured and put into those log files. That's information you don't want sitting out in the open. This is tantalizing stuff for somebody who's up to no good.

Risk Three from antiquated scanning systems – Poor visibility into operator activities.

The third risk from antiquated document scanning systems is poor visibility into operator activities. Old scanning systems make it difficult to track and audit the activities of their staff and this opens the door for unauthorized access or even distribution of sensitive data in an undetected environment. If you can't track it, you can't fix it and you can't catch it.  17% of organizations admit that their staff already bypasses security restrictions placed on them. That's not to say those folks are up to no good, it's just to show that staff will do the most expedient thing.

Now, think about introducing a bad guy into the kind of environment where it's okay that one in five staff goes around security steps. When you have an environment where it's difficult to track and audit, you have an environment where you're leaving yourself open to risk.

Risk Four from antiquated scanning systems – Poor security management.

The fourth risk that organizations face with antiquated security systems is poor security management. Older systems require manual processes for network administrators to review and to change security settings. In most cases, this stuff is set up when somebody originally came to install the system and is left alone until something goes wrong. That's what is wrong with this scenario. It's a hassle for the administrator to change the settings and this leads to less frequent security configuration reviews and this puts you at risk. Manual processes do not provide a comprehensive view on a network and they don't make it easy for you to adjust to change in business requirements to ensure that you're not at risk.

In our next post, Mark will take a look at the safeguards you can take to protect yourself against these 4 risks.

-----

About ibml (sponsor of the original webinar)

ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements.  Combining intelligent scanners, software and services, ibml solutions  automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at sales@ibml.com.

Check out 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations from ibml.

Read More

Topics: compliance, imaging, scanning, capture, security, information security

Increasing Security and Compliance Concerns for Document Capture – Part 1 of 3

May 13, 2016 10:09:04 AM by Mark Brousseau

Think Your Scanned Images are Safe?  Think Again

I’ll be doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml.  The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes.

About our guest poster:  Mark Brousseau is a noted marketer, analyst, speaker and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full service marketing PR and business development firm specializing in the payments and document automation arenas.

Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.

Free white paper from ibml

-----

As we begin 2016, the biggest threat to your business probably isn't the proverbial competitor down the street. It's someone who wants to take advantage of your corporate information. We know that a growing number of businesses and government entities have already become cyber war victims.

  1. It wasn't that long ago that there were front page headlines when tens of millions of Target and Home Depot customers had their information stolen from those retailers.
  2. Just last March, health insurance company Anthem admitted that it was attacked. The personal information of as many as 80 million Americans information was vulnerable as a result of that attack. 80 million -- that's one quarter of the entire U.S. population.
  3. Last Fall, the U.S. government's Office of Personnel Management admitted that their employee database was hacked. The bad guys got personnel data on millions of federal employees, including their fingerprints and their job applications. Think about what must be on those job applications.
  4. Even the people who are protecting us are not immune. Just recently, Juniper Networks -- these are the guys who make firewalls and network security equipment -- admitted that they were hacked.

2015 was the compliance and security wake up call for businesses and 2016 needs to be the year you get your act together. You can't afford any more data leaks, lost patient records or corporate espionage. You can’t afford the cost, the penalties, the fines and the reputational risk that comes with these violations and data loss and the impacts of data leaks are significant.

Two-thirds of companies say the potential impact of a data leak would be high. 13% of companies say the potential impact of a data leak would be disastrous. That's not so hard to believe when you consider what that stake from a reputational and financial standpoint. In fact, a lot of folks focus on the financial piece of this. According to studies, the average cost of a single data leak is $7.2 million. When you think about what Target went through with their breach, $7.2 million seems like table stakes.

These costs are only going to go up. Increased regulations, standards, and rules are raising the stakes. They're raising the potential cost and penalties that you could suffer if your data is lost or you have a compliance violation.  Two-thirds of organizations see that ensuring the privacy of customer data is essential. Well, that's good news. Two-thirds of organizations also see that compliance with industry and government regulations is also essential. This is a big driver behind a lot of data capture system purchases.

In fact, 30% of organizations say that compliance and security considerations is the most significant business driver of document and record management projects. That's staggering; most assume it's cost efficiency and productivity.

PCI (payment card industry) compliance is going to take more and more of the headlines as corporate America continues to push harder and harder away from paper based checks and toward electronic transactions. We're going to find that while many organizations knew how to safeguard check information, they really don't understand how to do the same in an electronic world, where it's easier for folks to intercept that information. That’s just the tip of the iceberg. There are 13,982 other regulations that are impacting businesses, all of them with their own cost and their own risk. Every day, there are people in Washington DC dreaming up more regulations about how to manage your data.

You've undoubtedly put in permissions and access controls, and you've implemented antivirus and malware tools. You've probably regulated the passwords your staff uses so they can't use their birth dates or 123456 anymore. You've implemented perimeter security so that folks can't walk in and out your front and back doors and literally take your information with them.

Despite all these investments you're making at the macro level, despite all the efforts that your IT department is doing on your behalf, there's a gap in your information security systems and it is in the unlikeliest of places -- your document scanning and data capture systems.  Your information on-ramp is leaving you vulnerable to the bad guys.

A typical document imaging system is creating four major vulnerabilities that substantially increase the potential for data theft and violations of information management regulations.  In our next post, Mark will discuss the four risks of antiquated scanning systems:

  1. Not encrypting the data while it's in motion.
  2. Unsecured log files.
  3. Poor visibility into operator activities.
  4. Poor security management.

-----

About ibml (sponsor of the original webinar)

ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements.  Combining intelligent scanners, software and services, ibml solutions  automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at sales@ibml.com.

Check out 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations from ibml.

Read More

Topics: compliance, imaging, scanning, capture, security, information security

About AIIM

AIIM provides market research, expert advice, and skills development to an empowered community of leaders committed to information-driven innovation.

Click to download 14 Steps to a Successful ECM Implementation

Subscribe to Email Updates

Recent Posts