eDocument Sciences » News & Events

Fasoo Monthly Newsletter – May 2012

Ron Arden — Wed, 30 May 2012 12:47:06 +0000

Secure sensitive files on your PC from the beginning

10% of laptops are stolen within the first 12 months of purchase and 60% of all corporate data assets reside on unprotected PCs. At least 25% of all reported data breaches involve missing laptops. Corporate insiders and outside thieves can steal information from unprotected PCs and cause countless damage to businesses.

Fasoo Secure Node (FSN) encrypts your documents automatically on your PC and protects them throughout the entire document lifecycle so that even if they are lost or stolen, your information is still safe. The persistent security policy defines who can view, edit, print and screen capture. Documents are encrypted, controlled, and traced and thus safe from any unauthorized access or use.

With an optional module, CAP (Context Aware Protection), businesses can protect confidential data including PII (Personally Identifiable Information). Information is scanned and classified based on predefined patterns of regular expressions, such as SSN, telephone number or bank account number. CAP applies the appropriate security policy to the documents that contain those patterns.

Companies and organization that have concerns about data breaches from their PCs benefit from this solution. More than 1,000 companies and organizations applied FSN to protect sensitive data from their PCs, and demands has been increasing for banks and medical institutions since the ‘Privacy Protection Law’ went into effect in Korea in September of 2011.

▶ Key Features of FSN
• Encrypt all PC files automatically
• Grant granular user permissions
• Protect sensitive files on a lost PC
• Prevent intentional or accidental file disclosure

Fasoo attracted visitors at IST 2012 with various document security solutions

Fasoo.com demonstrated existing document security solutions and successfully launched new solutions, like ‘Secure Wrap for Dropbox’ and ‘Mail CAP’, during the Information Security Expo (IST) 2012. Fasoo received positive feedback from visitors because these new solutions provided a fit for their current needs. People saw how easy they were to use in an environment that increasingly relies on cloud computing tools and document repositories.

Visitors to Fasoo’s booth were very interested in Mail CAP and FSE (Fasoo Secure Exchange) which prevents information leaks through email. Email security has become a major issue after several incidents occurred in Japan last year, such as the theft of House of Representatives’ emails by a secretary. Visitors also had a lot of questions and interest in the mobile security solution, FMG (Fasoo Mobile Gateway), as smartphones and tablet PCs are widely used in businesses in Japan.

Fasoo was able to better understand the current Japanese market and its interests by having conversations with visitors during the show. With various document security solutions that satisfy market needs, Fasoo plans to expand its presence in the Japanese market.

Korea Medical Institute (KMI) selects Fasoo to secure patient’s PII

The Korea Medical Institute (KMI) was established in 1985 to provide high quality medical services, including a health examination service, and is now running seven branches in Korea. KMI saves a lot of patient information on different systems, such as EMR, OCS, and PACS, and its staff frequently downloads that information onto PCs to improve work efficiency.

KMI has been hampered with leaks of PII. Most of the leaks came from insiders. Once documents were saved on PCs, they can easily be leaked through emails, USB drives and printouts. KMI needed a fundamental security solution to protect documents saved on PCs, attached to emails, and printouts to meet the growing government regulation from the “Privacy Protection Act” and to reduce the risk of PII exposure.

Based on an analysis of KMI’s environment, Fasoo suggested several E-DRM solutions to strengthen KMI’s document security and improve its work efficiency. Fasoo deployed the following to KMI’s headquarters and its seven branches.

FSN (Fasoo Secure Node) to secure documents created on PCs
FSE (Fasoo Secure Exchange) to protect confidential documents sent to external parties through email
FSP (Fasoo Secure Print) to secure printouts and an optional module for protecting PII
FUT (Fasoo Usage Tracer) to monitor DRM document usage and to analyze usage patterns of sensitive documents

After the successful implementation of Fasoo’s DRM solutions, KMI complied with the “Privacy Protection Act” and could download and save patients’ information to its PCs without any concerns of PII leaks. The implementation of E-DRM is regarded as a successful case for PII protection and is presented in conferences and seminars related to PII protection for the medical industry.

Fasoo Monthly Newsletter – April 2012

Ron Arden — Thu, 26 Apr 2012 11:37:37 +0000

Robust and powerful privacy protection solution for financial and medical institutions

CAPP (Context Aware Privacy Protection) is a robust and powerful privacy protection solution which goes beyond a mere passive security measure that searches for personally identifiable information (PII) and monitors its status. CAPP detects PII in real-time when it is created and blocks possible leaks through persistent encryption, permission control, and print control.

If CAPP detects PII through a context aware function, the file containing PII will be automatically encrypted or deleted based on predefined policy and only authorized users can access the encrypted file with the given permission. It also alerts administrator/user/manager to the risk of possible data breaches so that they can take necessary actions in a timely manner.

CAPP captures the status of files containing PII, creates statistics, traces and analyzes changes regarding the possession of PII and provides graphical results so that organizations can systematically manage PII that employees possess. It is easy to identify who has PII , so that administrators can audit access and users can search for it on their computers.

CAPP, Fasoo’s next-generation privacy protection solution, protects organizations from brand damage, excess financial cost and legal responsibility that can be caused by PII leaks.

▶ Key Features
   • Real-time detection of PII by administrator and user
   • Automatic encryption or permanent deletion of files containing PII
   • Permission control over encrypted files
   • Stop printing file containing PII
   • Managing history of possession and usage of files containing PII
   • Providing statistics on present status and changes of PII possession
   • Blocking or providing administrator approval and automatic DRM encryption when sending email with PII

Fasoo introduces how to secure documents persistently in the cloud at IST 2012

Fasoo will introduce new security solutions that enable unparalleled protection for data in the cloud, during the Information Security Expo 2012, taking place from May 9 – 11 at Tokyo Big Sight Exhibition Center.

Fasoo is planning to demonstrate ‘Secure Wrap for Dropbox’ and ‘Mail CAP’, which are new security solutions for secure collaboration, that were launched and attracted a lot of attention at the RSA Conference 2012 in San Francisco. In addition, FED (Fasoo Enterprise DRM) and FUT (Fasoo Usage Tracer) for monitoring and administration of DRM file usage along with security solutions for privacy protection, mobile devices, printed information, and displayed information will be demonstrated.

• Visit us at booth #EST23-10 and find out how to secure document persistently in the cloud

Fasoo opens ‘Smart office’ in Kangnam, Seoul

Fasoo opened its ‘smart office’ in Kangnam, Seoul on April 18th to improve work efficiency and customer service.

Fasoo aims to increase productivity and decrease unnecessary time loss by offering a smart work environment where Fasoo employees can work anytime and anywhere flexibly and reduce commute time to their customers. Cost reduction are also expected through efficient office space utilization.

Fasoo already offered a mobile office at its headquarters early this year for sales and project managers who spend most of their time in the field and is now expanding it by offering a smart office in the convenient Kangnam business district. Fasoo continues to embrace the fast changing IT environment and is improving the work environment for its customers and employees.

While the cloud storage market is heating up, are your files safe?

Most business users are working with multiple devices, such as a PC at the office, a Mac at home, and mobile devices that blur the boundaries between work and personal life. They want to share files with co-workers and business partners using all of these devices. Cloud storage services such as Dropbox lets them do that conveniently.

Dropbox is expecting to have 100 million users by the end of this year (double last year) and over 100,000 companies are using Box. These services pose a danger for companies. Sharing confidential data with unauthorized users inside or outside the organization can lead to data leaks. Administrators and users have no control over shared files and often have no idea who has access to them. There are security glitches that potentially expose confidential data to hackers and unauthorized users. Users sharing PII with unauthorized users puts the enterprise at risk of compliance violations.

Cloud storage users, both at the enterprise and at the private level, have been looking for solutions to protect them from these dangers. A cloud storage security solution should provide persistent security. Files should be encrypted when they are synced and shared as well as remain encrypted whether they are stored, being used, being transmitted, or even after transmission. These file should also be persistently secured with access control. Administrators or folder owners should be able to monitor and track all file sharing and user activities. DRM technology makes this possible.

Enterprises and private users can ensure that confidential and private data remains secure by deploying a DRM based security solution for cloud storage services.

Lock Down Your Data With Persistent Document Security

Ron Arden — Fri, 30 Mar 2012 20:46:49 +0000

Join our partners, Brite Computers, for a great webinar on locking down your important documents and other critical information with Persistent Document Security.

Do you wonder how many sensitive documents leave your organization via DropBox, Gmail, USB Device, or Corporate Email and have the potential to fall into the wrong hands? With all the data breaches and loss of sensitive information in the news lately, you have to wonder if you are next. It might be embarrassing, but it could also get you into a lawsuit.

Join Brite on Wednesday, April 18, 2012, for 1 hour to learn about Fasoo’s Digital Rights Management platform; the next generation of data loss prevention techniques that are reshaping the data and network security industry.

Click here for more information. Register Now.

Fasoo Monthly Newsletter – March 2012

Ron Arden — Fri, 23 Mar 2012 15:00:21 +0000

Securely sync and share files through Dropbox

Fasoo is scheduled to release Secure Wrap for Dropbox in the beginning of the second half of this year. Secure Wrap for Dropbox is designed specifically for Dropbox and protects digital content uploaded into the popular cloud collaboration system with E-DRM functionality. This enables organizations to provide persistent data protection in the cloud, and securely sync and share files on PCs and mobile devices. With more than 45 million users and over one million files saved on its site every five minutes, Dropbox has made significant inroads into the enterprise environment and is frequently used to share and collaborate on files. Yet, files uploaded to shared folders can become vulnerable to data leaks and unauthorized access.Secure Wrap for Dropbox enforces security policies on shared files in Dropbox folders by encrypting and controlling the access rights to the files when they are uploaded. The files also remain persistently secure, even after they are downloaded from shared folders. All files can also be traced to control and monitor their usage and access.

▶ Key Features
• Securely share files wherever they go

• Encrypt files while they are uploaded to the secured Dropbox folder

• Limit user rights to shared files

• Maintain persistent control of files, even on mobile devices

Fasoo launches three new E-DRM solutions at RSA 2012

Fasoo.com successfully launched three new security solutions for the North American market and showcased them during the RSA Conference 2012.

Secure Wrap for Dropbox and Mail CAP (which is a security solution that combines DLP functionality with DRM, enables organizations to completely stop information leaks through email) attracted many visitors during the expo because these solutions are easy to integrate into any business environment.

With the concept of monitoring document usage with pattern based strategy, Fasoo Usage Tracer (FUT) also caught the attention of visitors as well as the media. FUT enables information governance by allowing organizations to overcome the limitations of security silos, which results from the fragmented and partial security approach to each cloud- driven infrastructure. Organizations can detect, analyze and proactively react through FUT’s features before data breaches occur.

Fasoo’s North American partners, Toshiba America Business Solutions, Ricoh USA, Brite Computers, and eDocument Sciences demonstrated Fasoo’s solutions to potential customers and also made periodic presentations to groups of onlookers to build an even stronger network for sales and also to continue to promote Fasoo to those in the US. Over 300 attendees visited the Fasoo booth showing interest in Enterprise DRM (E-DRM) solutions. Fasoo also received positive feedback from one of the Gartner analysts who commented that E-DRM will become a noticeable solution in new IT trends such as mobile and cloud environments.

Fasoo’s CEO, Dr. Kyugon Cho, elected as chairman of KISIA

Fasoo’s CEO, Dr. Kyugon Cho, was elected as the chairman of the Korea Information Security Industry Association (KISIA) on February 22, 2012, which was established in 1998 as a non-profit organization for the development of the information security industry in Korea.KISIA represents more than 150 member companies dealing with anti-virus; intrusion detection and firewall systems; VPN (Virtual Private Network) services; encryption and PKI; security of the wireless Internet; secure OS; security consulting services and security ESM; and biometric systems.As the chairman of KISIA, Dr. Kyugon Cho will select the top 4 priority projects that will be worked on for the next 2 years. During his presidency, from the beginning of 2012 to the end of 2013, he will strive to improve the purchasing system for IT security solutions in Korea, to create new markets of convergence and integration with IT security and physical security system, to encourage overseas business for outstanding domestic security solutions, and to domestically strengthen security awareness.

‘Digital textbook on N-Screen’, is a next-generation smart online learning solution

The rapid growth in the use of mobile devices such as smartphones and tablet accelerate the growth of online learning. Businesses are turning their eyes to digital textbooks as one of these smart online learning solutions. Recently, Apple released iBooks 2 which supports digital textbooks using text, diagram, image, video, etc., and the Korean Government announced that all textbooks will be shifted to digital ones by 2015 using government funds.In order to satisfy fast growing market demands, Fasoo plans to release their digital textbook solution and platform for smart online learning contents in the first half of this year. With Fasoo’s digital textbook solution and cross platform technology, students will be able to receive online lectures on N-Screen, where you are able to view the contents from your PC on your mobile devices simultaneously, as well as on smart televisions, etc.Armed with the technology of content DRM (for document, multimedia, and ePub), DRM standard, mobile DRM viewer & video player, Fasoo believes that they will provide the most secure and competitive digital textbook solution through N-Screen. Fasoo and other smart online learning businesses continue to discuss how to provide better solutions to the market.

Marketing materials: Brochure & demo video of Fasoo products and solutions

Fasoo recently updated their product brochures and video clips to help customers better understand Fasoo’s products and solutions.

▶ Brochures

• Fasoo Enterprise DRM (E-DRM)

• Fasoo Secure Node (FSN)

• Fasoo Secure Document (FSD)

• Fasoo Secure Exchange (FSE)

• Fasoo Secure Print (FSP)

• Fasoo Secure File-Server (FSF)

• Fasoo Secure Screen (FSS)

• Fasoo Mobile Gateway

• Fasoo Usage Tracer

• Fasoo MFP Shell

• Mail CAP

• Secure Wrap for Dropbox

▶ Demo Videos

• Fasoo Enterprise DRM

• Fasoo Secure Node

• Fasoo Secure Exchange

• Fasoo Secure Print

• Fasoo Secure Screen

• Fasoo Mobile Gateway

• Fasoo Usage Tracer

• Fasoo MFP Shell

• Mail CAP

eDocument Sciences Joins Fasoo at RSA 2012

Ron Arden — Wed, 07 Mar 2012 13:57:43 +0000

eDocument Sciences and Fasoo.com joined forces with partners Brite Computers, Ricoh and Toshiba this year in a booth at the RSA Conference 2012 in San Francisco. At times the place was wall to wall humanity with customers interested in everything from analyzing real time threats to the latest in cryptography.

The customer interest in document security this year was phenomenal. The booth was mobbed and I had a lot of conversations with people about securing documents in the cloud and on mobile devices. You could see how much of an issue this will be by seeing how many people were working on documents on their smart phones and tablets.

A lot of people were concerned about protecting their intellectual property (IP) from walking out the door. With the ubiquity of file sharing services like Box, Dropbox, and SugarSync, it’s important to know where your sensitive information is. Gone are the days when everyone puts documents into the official document management system.

Fasoo had a new booth this year which gave everyone an opportunity to give hourly presentations on a huge LCD screen. There were two really cool touch screens in the booth where people could run videos and some flash applications showing the four areas that Fasoo focuses its technology:

Information Governance
Secure Collaboration
Mobile Security
Output Security

A lot of attendees were asking about securing documents on iPads and phones. With Bluetooth keyboards and a lot of new docking stations, many people are just carrying these smaller devices as their computers. They were concerned about people reading confidential documents on their mobile devices and what would happen if the device was lost or stolen. Also, how could they control access to the documents once they were moving around through email. I was showing a demo of the Fasoo Mobile Gateway on my iPad where I opened a secure Microsoft Word document from Dropbox. The interface is very easy to use and with a few taps and a login, I could access secure content. I emailed it to a colleague and he opened it on his iPad in a few seconds.

A big topic in the sessions and hallways was about all the hacking done on behalf of causes. Groups like LulzSec and Anonymous are practicing what many refer to as Hactivism. They are becoming the new whistleblowers and protesters in the online world. One of the good things that’s come out of this mischief is its brought poor information security to light. When a hacker with a few free tools can easily break into a website or database and steal confidential documents, passwords and credit card numbers, companies have a lot to answer for. Many of these attacks were on unpatched and outdated software systems. It’s like someone left their front door open and then was surprised when their television was stolen.

One of the great things about RSA is the chance to kick back a little and join friends and colleagues in some down time. After a long day on the show floor, it’s great to relax with a good meal. Fasoo held a thank you dinner for its partners at McCormick & Kuleto’s in Ghirardelli Square. Some of the pictures below will give you a good idea of the great food. The Guittard Chocolate Ganache Tart was unbelievable.

Check out more photos at Flickr.

Fasoo Monthly Newsletter – February 2012

Ron Arden — Fri, 17 Feb 2012 14:50:47 +0000



Collaboration between DRM and DLP to secure external communications

Fasoo released ‘Mail CAP’ for its Asian customers on February 14th. Mail CAP is an advanced email context aware protection system that secures all sensitive email attachments by filtering, administrator approval, automatic DRM encryption, and permission control.If the Mail CAP server detects sensitive information by filtering email attachments based on predefined patterns, the files will be encrypted automatically and sent to the recipient after administrator approval.Only authorized recipients can access sensitive documents within the given permission (view, edit, print, screenshot, etc.) and constraints (valid access period, offline access, number of devices, etc.) by a simple and secure email authentication process using the recipient’s email address. It allows users to communicate externally without security concerns.Organizations that need to collaborate and share sensitive data securely and safely with external parties, such as partners and customers, can benefit from this solution.▶ Key Features • Searching & filtering sensitive data • Automatic DRM encryption when predefined patterns of sensitive data are detected • Permission control over document usage of recipient • Simple and secure email authentication process

Visit us at RSA booth #2445 and see how to secure documents persistently in the cloud

Fasoo will be introducing and demonstrating new solutions with the main theme “Persistent data protection in the cloud” at the RSA 2012 conference.Fasoo is planning to provide demonstrations for each solution focusing around four sub themes including Information Governance, Secure Collaboration, Mobile Security and Peripheral Security. FED (Fasoo Enterprise DRM) & Fasoo Usage Tracer will be presented for information governance and Fasoo Mobile Gateway will be introduced for mobile security. FSS (Fasoo Secure Screen), FSP (Fasoo Secure Print) and Fasoo MFP Shell will be demonstrated for peripheral security. Mail CAP to secure all sensitive email attachments and Secure Wrap to protect Dropbox with DRM will be showcased for the first time through this conference under the theme of secure collaboration.Fasoo has prepared four demonstration areas to emphasize the importance of DRM solutions in fast-changing IT trends such as mobile and cloud computing environments. Fasoo and its US partners (RICOH USA, Toshiba America Business Solutions, eDocument Sciences and Brite Computers) will provide presentations on Fasoo’s E-DRM solutions. ▶ Four Subthemes and Related Solutions Information Governance: Overcome limitations of security silos FED (Fasoo Enterprise DRM), FUT (Fasoo Usage Tracer) Mobile Security: Keep control of data on the go Fasoo Mobile Gateway Peripheral Security: Secure displayed, printed and scanned information FSS (Fasoo Secure Screen), FSP (Fasoo Secure Print), Fasoo MFP Shell Secure Collaboration: Securely sync and share files Secure Wrap for Dropbox, Mail CAP

Fasoo is planning to open a US branch in San Jose, California

Fasoo plans to establish a US branch, called Fasoo USA Inc., that is located at Plug and Play Tech Center in San Jose, California at the beginning of March to expand its overseas business. This branch will be the central point of contact for US partners as well as customers. Sales and technical support to promote Fasoo’s E-DRM solutions will be provided for existing US partners. ▶ Fasoo USA Inc. • Address: 440 N. Wolfe Rd., Suite# W036, Sunnyvale, CA 94085 • Phone: 408-524-1523

How to prevent PII leakage from medical institutions

In 2011, the enforcement of the Privacy Protection Act began, and in addition, damages caused by security incidents such as hacking, distributions of malicious code, data leakage by company insiders or external parties are rapidly increasing. Under these circumstances, the protection of Personally Identifiable Information (PII) is becoming a matter of paramount concern for public organizations and businesses. Medical institutions that contain countless amounts of patient information cannot be an exception.In one particular case, 2,000 patients’ personal information was leaked from six major hospitals in Korea. In another case, almost 4 million patients’ medical information was leaked from a medical foundation after a PC was stolen and victims of this incident sued the medical foundation last year requesting more than $100 billion.Most PII leakages in medical institutions are caused by unprotected PCs and the use of removable media (USB, CD, etc.). A majority of patient information is saved and managed in a Hospital Information System (HIS) such as EMR, OCS and PACS. Medical staff frequently downloads patient information including PII from HIS to their PCs for work. In order to prevent PII leakage from medical institutions, Fasoo provides various functions for PII protection such as, ‘Real-time detection and automatic encryption of document containing PII’, ‘Permission control to restrict access to the document containing PII’, and ‘Log management for document usage’ to cover those requirements. FSN (Fasoo Secure Node) to protect documents created on PCs with automatic encryption and permission control, and FSE (Fasoo Secure Exchange) to protect documents shared with partners and customers through email or USB have been mainly adapted to medical centers in Korea.

Fasoo Monthly Newsletter – January 2012

Ron Arden — Mon, 23 Jan 2012 17:20:37 +0000

Sensitive data can be leaked during printing and scanning

Fasoo provides endpoint security solutions with Fasoo MFP Shell to prevent information leakage through scanned files and printed documents from multifunction printers (MFPs)along with FSP (Fasoo Secure Print) and FSS (Fasoo Secure Screen).Fasoo MFP Shell prevents data leaks by protecting files from unauthorized access using automatic encryption, file usage permission control, pull printing, and print watermarking. The documents scanned from an MFP are saved to a designated folder on a file server and encrypted with DRM. Based on a predefined policy, the scanned files are not accessible if the user does not have the proper permission. With pull printing, unintended recipients can’t pick up printouts left at an MFP, since a user must enter a PIN code or use an ID card to release the print job. A print watermark which contains a user name, IP address, time and date, helps to track the information of printouts, thus improving security awareness among employees.

Organizations, especially enterprises and financial companies that have security concerns caused by using MFPs need Fasoo MFP Shell to strengthen their endpoint security.

▶ Key Features

Automatic encryption and permission control for scanned files
Pull printing to protect printouts from being mishandled
Print watermark to trace the source of printouts

Fasoo will showcase document security in cloud computing at RSA 2012

Fasoo will participate at ‘RSA Conference 2012’ to introduce and suggest new solutions for persistent document security in cloud computing, which is scheduled to be held from February 28 to March 1at the Moscone Center in San Francisco, CA.With this year marking its 4th participation in a row, Fasoo along with its US partners are planning to present several DRM solutions by giving demonstrations under the themes of output security, mobile security, lifecycle management, and information governance. For all booth visitors and presentation attendees, Fasoo will give away iPads, t-shirts, and other exciting novelties.

▶ Fasoo Booth #: 2445

▶ The 4 Partners Joining Fasoo in its Booth

Fasoo celebrates the end of the year by helping others

Fasoo conducted a charity program through ‘Fasoo Flea Market’ at its annual end of the year party, called ‘Fasoo Year-End Party’, on December 28, 2011. Fasoo donated profits from the sale of second hand goods, such as clothes, electronics, books, toys, fashion accessories, etc., which are donated by employees, to a non-profit charitable organization called “The Beautiful Store”.In addition to this charity program, Fasoo held various special events, such as ‘Fasoo Restaurant’ with the concept of sharing foods made by each department, ‘Fasoo Wanna B” to select the best barista/bartender, and “Best Employees of the Year” who were given a prize based on nominations from their colleagues due to their dedication and cooperation with others.

POSCO selects Fasoo to build their security infrastructure with DRM solution

Fasoo is building an infrastructure for document security to share documents more safely and effectively within POSCO and its 24 affiliated companiesboth domestically and internationally including POSCO E&C, POSCO Engineering, POSCO Research Institute, and etc.POSCO currently has over 50 affiliated companies including 21 international corporations in the US, China, Japan, Australia, South Asia, etc., and was named as the most competitive steelmaker in the world for the second consecutive year by WSD (World Steel Dynamics).

Since last year, they have considered several security systems for preventing possible security breaches. Fasoo’s DRM solution has been selected as one of those essential security systems and POSCO will deploy FSN (Fasoo Secure Node) for securing documents created on a PC and FSE (Fasoo Secure Exchange) for securing confidential documents sent to external parties via email, to their affiliated companies.

POSCO has been facing problems caused by restrictive sharing of information due to security concerns. By implementing a document security infrastructure, it will improve work efficiency as well as solve security issues such as sensitive data leakage when employees are creating and sharing documents.

Fasoo is expecting to deploy these DRM solutions to the remaining affiliated companies after successful implementation to 19 domestic & 5 overseas offices.

David Anastasi Writes New Doc & Data Security Steward Blog

Ron Arden — Fri, 20 Jan 2012 13:22:05 +0000

Dave Anastasi, CEO of eDocument Sciences, had a debut article in a new blog called Doc & Data Security Steward for The Imaging Channel, an online and printed resource for the print and imaging industry that brings together the leading market information, business concepts, strategies, and people in managed print.

In this blog, Dave is looking at more than just data and document security from a technical viewpoint. Implementing technology is important, but if these tools aren’t aligned with the people and processes inside an organization, nothing will work.

I can have the most sophisticated alarm system in the world, but if I forget to turn it on or close my front door, it’s useless. It’s the same in businesses. Teaching people that they must address all of these elements to develop and maintain a secure environment is very important. Security is only as good as the people using it.

Most of the article is below, but click on the following link to read the article in its entirety.

Doc & Data Security Steward: An Introduction

TIC: What is your background? What makes you a “Doc & Data Security Steward?”

Anastasi: Throughout my career, I have been involved in many businesses and industries – having an undergraduate degree in Marketing and masters in International Management as well as cutting my teeth in the advertising business. My focus has always been to look from the customer’s perspective and then through the eyes of the distribution channel. Also, having been a public company CEO and sitting on multiple company and private organizations boards, I have had the benefit of seeing data and document security issues from many different angles and perspectives.

Everything starts with knowing your customer’s industry, business, goals, risks and business landscape. Document and data security requires a commitment to understanding who they’re serving, what their business is and the environment that they’re operating in. However it is most important to approach data and document security not just trying to find a way to make them more secure or compliant. More importantly, it’s about making your customers more efficient, more successful and profitable. It’s not just about supplying technology it is about improving scalability and ultimately measurable value.

With my time in document and enterprise content management, I understand the channel dealer network very well – the hardware portion as well as the intersection with services and software. Neopost was basically the same kind of business model as the copier, scanner, printing and managed services markets. Actually, almost 20 years ago, I started the first managed services partnership between Xerox Business Services and Neopost combining copying, printing and mailing services.

Ultimately though, it is my experience as a customer that led to the conclusion that document and data security is rapidly becoming one of the most strategic concerns of any type of organization. As I’ve sat in board audit and compliance, merger and acquisition, strategy and other meetings one of my deepest concerns was, how do we protect our most important asset: our information? I spent many a sleepless night worrying about breaches, both malicious and unintended. With that, I was both at risk in my job and personally as an officer and board member and ultimately the company value and brands reputation were at serious risk.

In time, it became apparent that the best approach to consistently dealing with this fragmented, complex and ever-growing issue was focusing on the culture, people, process and technology of an organization, also it’s extended network including partners and customers and creating a “Control Conscience Corporate Culture.”

Finally, due to the nature of the businesses I was in, I learned how to make money for my organization and our channel and strategic partners by using it as a tool to improve our customers overall business and financial results.

TIC: Why is security such a concern today?

Anastasi: It’s important to understand data security has been a concern for a long time. For example: organizations (and even home’s) have spent billions of dollars on network security, virus and malware protection for many years. Those have been billion-dollar industries for a long time. So people have always understood that they needed security, but it has been historically focused on protecting unauthorized access to networks and devices.

What’s really changed is that today, there’s this convergence. Everything is moving so quickly; technology is moving rapidly and converging. Documents are converted from hard copy to electronic files, expanded workstations and devices (desktops, laptops, pads, PDA’s along with networked intelligent copiers, printers and scanners) and locations where data can be moved and stored including the rapid emergence of cloud and applications.

In this industry historically copiers, printers and scanners were not networked, had minimal if no memory, unsophisticated keyboards and limited simple applications. Before they were networked and had expanded capabilities weren’t as significant a data security risk. The paradigm has shifted; today they are not just copiers, printers and scanners but workstations with computer capabilities. In reality they are computers that copy, scan, print.

It’s now one of those things that regulators, boards, executives, auditors, lawyers, insurers and most importantly those trying to breach critical information realize, and all these people have to think more seriously about securing their devices and data. Unauthorized access is an issue, but protecting critical content or data is really the goal.

So organizations have already have spent billions of dollars on security – realizing the importance of protecting data – but now the real question really is are traditional methods sufficient in today’s and tomorrow’s environments?

TIC: How does security relate to managed services/managed print services? Can providers turn these security concerns into opportunities? If so, how?

Anastasi: Providers’ awareness that they are part of the process is essential because they are managing print, documents and data, so they’re right in the middle. They are touching, moving and accessing important data, so they could become point of the breach, which could cause liability for them. They need to make sure they have proper protection in their environment when they are doing managed print services. The bad news is, if they don’t take security seriously, they could be negligent and accountable.

The good news is, because they are in the middle, it provides an opportunity for them to create their own document/data practice, expanding their business opportunities by providing services, solutions and technology to their customers in a way to help them manage their data security.

It is a massive and fast growing market that will never go away, it’s only going to get bigger. So, if providers are looking for market opportunities, why not look where they already are, both reducing their risk and expanding their business opportunity in an area that compliments what you are already offering. The great news it is an existing market on the leading edge not the bleeding edge.

And people today are aware and understand how important security is. In many cases, it’s a requirement for companies to pay attention to it, 46 states have deployed breach notification laws requiring organizations to respond quickly and effectively to data breaches or they face expanded damages due to negligence. So if providers become good at it, there are going to be massive dollars and opportunities, and if they become the go-to provider, think about the potential.

TIC: What kind of information will readers find on the Doc & Data Security Steward blog?

Anastasi: Throughout the years, I attended many conferences, and heard only about technology. I listened to auditors many who were primarily focused on financial people, processes and technology, and lawyers talking about my risk and litigation but not about prevention. There was no answer in one place, primarily because it’s so fragmented. We recognized a need for somebody to help facilitate a collaborative approach.

Our focus is to draw not only from my experience, but also from all the domain expertise out there that I know and work with, we will have a variety of expert guests join me in some of the blogs. The focus will be on culture, people, process and technology because all are critical. We will show that there’s opportunity to build a document/data security practice and to sell additional services like assessment services, technology, tools, training and technology that improves security and adds value.

Most importantly, I’d like to teach readers how to protect themselves because it starts there. From there, we’ll get into how to build a strategy and package an approach showing measurable ROI. We’ll introduce key verbiage and teach readers how to speak the language – not just sell the tools. We will talk about developing training and marketing strategies and tools. Then finally, I plan to help providers expand their offering and help their customers develop a “Control Conscience Corporate Culture” making then more competitive, scalable and valuable as an organization.

Photo credit DaveBleasdale

eDocument Sciences Joins DocuSign for eSignature Webinar

Ron Arden — Thu, 12 Jan 2012 11:45:41 +0000

Join eDocument Sciences on January 12, 2012 at 2:00pm EST for a joint webinar with DocuSign on “Using e-Signatures to streamline your business processes and enhance your data security”.

Signing documents with paper and pen can cost you time and money. You do most of your communicating electronically on your laptop, smartphone or tablet, so why not do the same when you need to sign something. Join us for an informative look at how electronic signatures can make your life easier and more secure, by completing transactions in minutes while eliminating errors and guaranteeing the identity of signers, authorizing access to information or for approval processes.

>> Click here to sign up for the Webinar

David Anastasi Writes December 2011 Article on Document, Data Security

Ron Arden — Fri, 16 Dec 2011 21:22:02 +0000

The December 2011 issue of ENX Magazine features an article titled “Document, Data Security: Internal Controls, Data Governance, and Measuring & Managing Risk” written by Dave Anastasi, CEO of eDocument Sciences. This is the second in a series of articles where Dave looks at how data and document security are paramount concerns for all organizations of any size.

Below is the article in its entirety.

In my first article (November) of the Document, Data Security: “Turning Risks Into Opportunities” series, the initial goal was to bring high level awareness to the threats and opportunities that you and your customers face when it comes to protecting their and your most valuable asset, information.

Having looked at the high level risks and market opportunities in the first article, this month’s article will focus on three key areas (listed below) that individual organizations and their leaders (Public, Private, Government, Educational, and Non-Profit) are all responsible for with the objective of one important outcome; focusing on People, Processes and Technology ultimately creating a Control Conscience Corporate Culture™ (4 C’s). Also, then looking at creating a strategy that is highly effective, scalable and sustainable consistently creating strong value (financial, services and solutions) for its shareholders and/or constituents. Anything that impedes an organization from doing so negatively impacts the value that it provides.

1. Internal Controls

2. Data Governance

3. Measuring and Managing Risk

So why is all of this so important? Simply put, it is about value! An organizations value is built on its ability to provide services and/or solutions to its customers/constituents. If it is a for profit organization then it also must create an acceptable financial return to its shareholders whether that be public or private. You can ask how does this impact my business and why should I spend any time or resources worrying about this? The reality is that you are already in the middle of it every day through handling documents, selling equipment that prints, copies, scans and stores data, selling software or solutions (that impact business processes, document or file transfer or data storage) managing print services or other environments, accessing equipment to service it. So the real question is how are you going to let it impact you and your customers and your financial results?

There are four outside entities that have strong influence on how organizations go about providing that return: Government/Regulatory, Auditors/Accountants, Law Firms and Insurance Providers (ironically they are also subject to these same issues and requirements so they are potential customers as well).

Historically, the focus of these outside entities has been on the financial reporting and systems of organizations. With the advancement of technology, regulatory changes (i.e. Sarbanes Oxley, Regulation Fair Disclosure, HIPAA, Breach Notification, Data Privacy, etc.) global expansion and cultural changes, the number of data breaches, leaks and identity thefts occurring and being identified has expanded exponentially. These issues are creating significant negative financial, customer relations and brand impacts on organizations. With that, the effect of these data events on earnings for organizations and ultimately their value as a public or private organization can be catastrophic.

There are important phrases that need to be recognized as major red flags. Fortunately, by recognizing a few key phrases, readers will be alerted to some very important information that will help avoid operational, legal and financial mistakes as well as allow you to talk with your customers at all levels of the organization. Focus on making the buying decisions strategic, not operational.

Three of these key phrases are listed below, it is very important to understand failing to protect important data can trigger any one or combination of these events:

Material Adverse Effect – is a significant event that may negatively affect an organizations (profit or non-profit) stock price, value or operations. A material adverse effect usually signals a severe decline in profitability and/or the possibility that the company’s operations and/or financial position may be seriously compromised.
Material Weakness – a material weakness is a deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis.
Significant Deficiency – a significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.

So where does an organization start to build a Control Conscience Corporate Culture™ (4 C’s)? It must start with Tone at the Top (a phrase well known to auditors, accountants, boards, executives, attorneys as it is directly referenced in Sarbanes Oxley) – it refers to how an organization’s leadership creates an ethical (or unethical) atmosphere in the workplace. Board and management’s tone has a trickle-down effect on employees and partners. If boards and top managers uphold ethics and integrity so will employees and partners. But if boards and upper management appear unconcerned with ethics and focuses solely on the bottom line, employees and partners will be more prone to lack of discipline, feel that ethical conduct isn’t a priority and even go as far as committing fraud. In short, people will follow the examples of their leaders and managers.

From there, the organization must develop a strategy that exceeds a Standard of Care (a legal term well know again by auditors, accountants, boards, executives and attorneys) – the watchfulness, attention, caution and prudence that a reasonable person in the circumstances would exercise. If a person’s actions do not meet this standard of care, then his/her acts fail to meet the duty of care which all people (supposedly) have toward others. Failure to meet the standard is negligence, and any damages resulting therefrom may be claimed in a lawsuit by the injured party. One challenge is that the “standard” is often a subjective issue upon which reasonable people can differ and certainly leaving that up to a jury can be very expensive.

Next, the focus needs to be put on identifying key components of Internal Controls, Data Governance and Measuring and Managing Risk with an emphasis on safeguarding the organization’s assets and resources, the most important being its information.

Internal Controls – Under the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control-Integrated Framework, widely-used in the United States and globally, internal control is broadly defined as a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a) Effectiveness and efficiency of operations; b) Reliability of financial reporting; and c) Compliance with laws and regulations.

COSO defines internal control as having five components:
Control Environment-sets the tone for the organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control.
Risk Assessment-the identification and analysis of relevant risks to the achievement of objectives, forming a basis for how the risks should be managed.
Information and Communication-systems or processes that support the identification, capture, and exchange of information in a form and time frame that enables people to carry out their responsibilities.
Control Activities-the policies and procedures that help ensure management directives are carried out.
Monitoring-processes used to assess the quality of internal control performance over time.

Data Governance – The Data Governance Institute’s definition in its simplest terms, “Data Governance is the exercise of decision making and authority for data-related matters.” In more detail; “it is a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods.”

When you reference governance, be sensitive to depending on context, “Data Governance” could refer to:
Organizational structure
Guidelines, business rules, policies and standards
How they “decide how to decide”
Accountability
Methods and metrics for people and information systems as they perform information-related processes.

Measuring & Managing Risk – What works and what doesn’t work? Over twenty years ago Morgan Henrion wrote about the 10 Golden Rules of Risk Analysis:

Do your homework with literature, experts and users.
Let the problem drive the analysis.
Make the analysis as simple as possible, but not simpler.
Identify all significant assumptions.
Be explicit about decision criteria and policy strategies.
Be explicit about uncertainties.
Perform systematic sensitivity and uncertainty analysis.
Iteratively refine the problem statement and analysis.
Document clearly and completely.
Expose to peer review.

Going forward, I will start to outline how to approach a data and document security review with the intent to develop internal threat analysis plans as well as identifying key policies and procedures. However, remember it all begins with people and culture. The more you can create employee awareness, recruiting and succession plans, employee responsibility policies and data security training the better chance you have of developing the desired culture. Followed with process and technology gap analysis and solutions and you have the opportunity to be the subject matter expert for your customers, expanding your relationship to a strategic level and the ability to develop a very lucrative document, data security practice that compliments and extends your core business.