[webinar slides] 4 ways to protect your captured data from theft and compliance violations
TRANSCRIPT
Underwri(enby: Presentedby: Brousseau&Assoc.
#AIIMTheGlobalCommunityofInforma4onProfessionals
WebinarTitle
PresentedDATE
4WaystoProtectYourCapturedDatafromThe@andComplianceViola4ons
AnAIIMWebinardeliveredonJanuary20,2016
Underwri(enby: Presentedby: Brousseau&Assoc.
Today’sSpeakers
MarkBrousseauPresidentBrousseau&Associates
Host:TheresaResekDirectorAIIM
Underwri(enby: Presentedby: Brousseau&Assoc.
WhyWeAreHere
The2015securityandcompliancewake-upcall:§ Massivedataleaks§ LostpaJentrecords§ Espionage
Underwri(enby: Presentedby: Brousseau&Assoc.
TheImpactofDataLeaks
§ 60%oforganizaJonssaythepotenJalimpactofadataleakwouldbehigh
§ 13%oforganizaJonssaythepotenJalimpactofadataleakwouldbedisastrous
Source:AIIM
Underwri(enby: Presentedby: Brousseau&Assoc.
AverageCostofaDataLeak
$7.2MILLIONSource:PonemonInsJtute
Increasingregula-onsandstandardsareraisingthestakes.
Underwri(enby: Presentedby: Brousseau&Assoc.
What’sAtRisk
§ CustomerinformaJon§ Intellectualproperty§ Financialrecords§ Projectdocuments
Underwri(enby: Presentedby: Brousseau&Assoc.
Organiza4onsUnderstandtheStakes
§ 67%oforganizaJonsseeensuringtheprivacyofcustomerdataasessenJal.
§ 65%oforganizaJonsseecompliancewithindustryandgov’tregsasessenJal.
Source:AIIM
Underwri(enby: Presentedby: Brousseau&Assoc.
IncreasingRegulatoryPressure
14,000
Federal,stateandindustrylaws,standards
andregulaJonsgoverningthemanagementofinformaJon.
Source:CadenceGroup
Underwri(enby: Presentedby: Brousseau&Assoc.
ExamplesofKeyDataGovernanceRegula4ons
§ HealthInsurancePortabilityandAccountabilityAct(HIPAA)§ PaymentCardIndustryDataSecurityStandard(PCI-DSS)§ FederalInformaJonSecurityandManagementAct(FISMA)§ BankSecrecyAct(BSA)§ Gramm-Leach-BlileyAct(GLBA)§ Sarbanes-Oxley(SOX)§ DefenseInformaJonSystemsAgency(DISA)
Underwri(enby: Presentedby: Brousseau&Assoc.
HowOrganiza4onsareProtec4ngThemselves
49%oforganizaJonsbelieveunauthorizedaccessbyinternalstaffposesthebiggestthreattotheirdata.§ Permissionsandaccesscontrols§ AnJ-virus/malwaretools§ Strongpasswords§ Perimetersecurity
Underwri(enby: Presentedby: Brousseau&Assoc.
TheAchillesHeel:DocumentImagingSystems
AtypicaldocumentimagingsystemcancreateFOUR
vulnerabiliJesthatincreasethepotenJalfordatathe@andviola4onsofinformaJonmanagementregulaJons.
Underwri(enby: Presentedby: Brousseau&Assoc.
Risk#1:PryingEyes
NoencrypJonwhiledataisinmoJonandnoprotecJonforimagesordataastheytravelthroughthecaptureworkflow.
Underwri(enby: Presentedby: Brousseau&Assoc.
Risk#1:PryingEyes
MostdocumentimagingsystemshavenotmadetheleaptofulldiskencrypJon.
Underwri(enby: Presentedby: Brousseau&Assoc.
Risk#1:PryingEyes
OperatorshavenetworkorfilesystemrightstothelocaJonwhereimagesarewri(en.
Underwri(enby: Presentedby: Brousseau&Assoc.
Risk#1:PryingEyes
Imagesarewri(entothescanner’slocalharddriveprior
towriJngthedatatoanetworkfilerepository.
Underwri(enby: Presentedby: Brousseau&Assoc.
Risk#2:LogFilesLe@Unsecured
Mostdocumentimaging
systemswritebatchlogfilestothelocalharddriveofthe
scanner’shostPC.
Underwri(enby: Presentedby: Brousseau&Assoc.
Risk#2:LogFilesLe@Unsecured
LogfilesmaycontainPersonalInformaJon(PI)orPersonalHealthInformaJon(PHI)suchascheck
MICRinformaJonorOCR/ICRresultsfrommedicalforms.
Underwri(enby: Presentedby: Brousseau&Assoc.
Risk#3:PoorVisibilityintoOperatorAc4vi4es
DifficultytrackingandaudiJngtheacJviJesofoperaJonal
staff.
Underwri(enby: Presentedby: Brousseau&Assoc.
Risk#4:PoorSecurityManagement
Mostdocumentimagingsystemsrequiremanualprocessesfornetworkadministratorstoreview
securityseings.
Underwri(enby: Presentedby: Brousseau&Assoc.
ELIMINATETHESERISKSHOWADVANCEDDOCUMENTIMAGINGSYSTEMS
Underwri(enby: Presentedby: Brousseau&Assoc.
Safeguard#1:“Impersona4on”
Dataiswri(entoadifferentuseraccountthantheone
usedbythescanneroperator.
Underwri(enby: Presentedby: Brousseau&Assoc.
Safeguard#2:ProtectedImagesandData
StrongencrypJonalgorithmsthatdonotimpactsystem
performance.
Underwri(enby: Presentedby: Brousseau&Assoc.
Safeguard#2:ProtectedImagesandData
UseofInternetProtocolSecurity(IPSec)tunnelsto
encryptdatathatisinmoJon.
Underwri(enby: Presentedby: Brousseau&Assoc.
Safeguard#2:ProtectedImagesandData
Temporaryimagesarestoredonlyinmemorypriortobeingwri(entothenetworkstore.
Underwri(enby: Presentedby: Brousseau&Assoc.
Safeguard#3:SecureAuditLogging
Detailedauditloggingtoacustomer’ssyslogserver.
Underwri(enby: Presentedby: Brousseau&Assoc.
Safeguard#3:SecureAuditLogging
Batchlogfilesarewri(endirectlytoauser’snetwork,insteadoftoalocaldrive.
Underwri(enby: Presentedby: Brousseau&Assoc.
Safeguard#3:SecureAuditLogging
NosensiJveinformaJonisincludedinlogfiles.
Underwri(enby: Presentedby: Brousseau&Assoc.
Safeguard#4:StrongSecurityManagement
AsecuritycontrolpanelthatprovidesinsightsandeasycontrolofconfiguraJons.
Underwri(enby: Presentedby: Brousseau&Assoc.
Summary
§ Securityandcomplianceisonthecorporateagenda§ OrganizaJonsknowtheymustworkhardertoprotectcontent§ MostscanningsystemscreateFOURvulnerabiliJes§ Advancedcapturesystemseliminatetheseissueswhile
aligningdocumentprocessingwithcorporatesecuritygoals
Underwri(enby: Presentedby: Brousseau&Assoc.
ibml
ibmlprovidesintelligentinformaJoncapturesoluJonsthatdrivebusinessprocessimprovements.Combiningintelligentscanners,somwareandservices,ibml’scomprehensivesoluJonsautomatethemostdemandingdocumentapplicaJonsinbanking,financialservices,healthcare,governmentservices,outsourcingandmore.Everyday,ibmlcustomersin48countriesrelyonourtechnologytoaccurately,efficientlyandsecurelycaptureandprocessmillionsofdocuments.Learnmoreatwww.ibml.com
Underwri(enby: Presentedby: Brousseau&Assoc.
SecureDocumentCaptureSolu4ons
FormoreinformaJon,emailDanLucariniat
Underwri(enby: Presentedby: Brousseau&Assoc.
#AIIMTheGlobalCommunityofInforma4onProfessionals
TakeyourskillstothenextlevelbylearningbestpracJcesandtechnologiesfordigitalimagingwithAIIM’sCapture&Imagingtrainingcourse.
Visit:AIIM.org/CaptureTraining
Underwri(enby: Presentedby: Brousseau&Assoc.
AIIMistheCommunityforInforma4onProfessionals
AIIMbelievesthatinforma4onisyourmostimportantasset–learntheskillstomanageit.
Ourmissionistoimprove
organizaJonalperformancebyempoweringacommunityofleaderscommi(edtoinformaJon-driven
innovaJon.
Learnmoreatwww.aiim.org