Dave Anastasi, CEO of eDocument Sciences, had a debut article in a new blog called Doc & Data Security Steward for The Imaging Channel, an online and printed resource for the print and imaging industry that brings together the leading market information, business concepts, strategies, and people in managed print.

In this blog, Dave is looking at more than just data and document security from a technical viewpoint.  Implementing technology is important, but if these tools aren’t aligned with the people and processes inside an organization, nothing will work.

I can have the most sophisticated alarm system in the world, but if I forget to turn it on or close my front door, it’s useless.  It’s the same in businesses.  Teaching people that they must address all of these elements to develop and maintain a secure environment is very important.  Security is only as good as the people using it.

Most of the article is below, but click on the following link to read the article in its entirety.

Doc & Data Security Steward: An Introduction

TIC: What is your background? What makes you a “Doc & Data Security Steward?”

Anastasi: Throughout my career, I have been involved in many businesses and industries – having an undergraduate degree in Marketing and masters in International Management as well as cutting my teeth in the advertising business. My focus has always been to look from the customer’s perspective and then through the eyes of the distribution channel. Also, having been a public company CEO and sitting on multiple company and private organizations boards, I have had the benefit of seeing data and document security issues from many different angles and perspectives.

Everything starts with knowing your customer’s industry, business, goals, risks and business landscape. Document and data security requires a commitment to understanding who they’re serving, what their business is and the environment that they’re operating in. However it is most important to approach data and document security not just trying to find a way to make them more secure or compliant. More importantly, it’s about making your customers more efficient, more successful and profitable. It’s not just about supplying technology it is about improving scalability and ultimately measurable value.

With my time in document and enterprise content management, I understand the channel dealer network very well – the hardware portion as well as the intersection with services and software. Neopost was basically the same kind of business model as the copier, scanner, printing and managed services markets. Actually, almost 20 years ago, I started the first managed services partnership between Xerox Business Services and Neopost combining copying, printing and mailing services.

Ultimately though, it is my experience as a customer that led to the conclusion that document and data security is rapidly becoming one of the most strategic concerns of any type of organization. As I’ve sat in board audit and compliance, merger and acquisition, strategy and other meetings one of my deepest concerns was, how do we protect our most important asset: our information? I spent many a sleepless night worrying about breaches, both malicious and unintended. With that, I was both at risk in my job and personally as an officer and board member and ultimately the company value and brands reputation were at serious risk.

In time, it became apparent that the best approach to consistently dealing with this fragmented, complex and ever-growing issue was focusing on the culture, people, process and technology of an organization, also it’s extended network including partners and customers and creating a “Control Conscience Corporate Culture.”

Finally, due to the nature of the businesses I was in, I learned how to make money for my organization and our channel and strategic partners by using it as a tool to improve our customers overall business and financial results.

TIC: Why is security such a concern today?

Anastasi: It’s important to understand data security has been a concern for a long time. For example: organizations (and even home’s) have spent billions of dollars on network security, virus and malware protection for many years. Those have been billion-dollar industries for a long time. So people have always understood that they needed security, but it has been historically focused on protecting unauthorized access to networks and devices.

What’s really changed is that today, there’s this convergence. Everything is moving so quickly; technology is moving rapidly and converging. Documents are converted from hard copy to electronic files, expanded workstations and devices (desktops, laptops, pads, PDA’s along with networked intelligent copiers, printers and scanners) and locations where data can be moved and stored including the rapid emergence of cloud and applications.

In this industry historically copiers, printers and scanners were not networked, had minimal if no memory, unsophisticated keyboards and limited simple applications. Before they were networked and had expanded capabilities weren’t as significant a data security risk. The paradigm has shifted; today they are not just copiers, printers and scanners but workstations with computer capabilities. In reality they are computers that copy, scan, print.

It’s now one of those things that regulators, boards, executives, auditors, lawyers, insurers and most importantly those trying to breach critical information realize, and all these people have to think more seriously about securing their devices and data. Unauthorized access is an issue, but protecting critical content or data is really the goal.

So organizations have already have spent billions of dollars on security – realizing the importance of protecting data – but now the real question really is are traditional methods sufficient in today’s and tomorrow’s environments?

TIC: How does security relate to managed services/managed print services? Can providers turn these security concerns into opportunities? If so, how?

Anastasi: Providers’ awareness that they are part of the process is essential because they are managing print, documents and data, so they’re right in the middle. They are touching, moving and accessing important data, so they could become point of the breach, which could cause liability for them. They need to make sure they have proper protection in their environment when they are doing managed print services. The bad news is, if they don’t take security seriously, they could be negligent and accountable.

The good news is, because they are in the middle, it provides an opportunity for them to create their own document/data practice, expanding their business opportunities by providing services, solutions and technology to their customers in a way to help them manage their data security.

It is a massive and fast growing market that will never go away, it’s only going to get bigger. So, if providers are looking for market opportunities, why not look where they already are, both reducing their risk and expanding their business opportunity in an area that compliments what you are already offering. The great news it is an existing market on the leading edge not the bleeding edge.

And people today are aware and understand how important security is. In many cases, it’s a requirement for companies to pay attention to it, 46 states have deployed breach notification laws requiring organizations to respond quickly and effectively to data breaches or they face expanded damages due to negligence. So if providers become good at it, there are going to be massive dollars and opportunities, and if they become the go-to provider, think about the potential.

TIC: What kind of information will readers find on the Doc & Data Security Steward blog?

Anastasi: Throughout the years, I attended many conferences, and heard only about technology. I listened to auditors many who were primarily focused on financial people, processes and technology, and lawyers talking about my risk and litigation but not about prevention. There was no answer in one place, primarily because it’s so fragmented. We recognized a need for somebody to help facilitate a collaborative approach.

Our focus is to draw not only from my experience, but also from all the domain expertise out there that I know and work with, we will have a variety of expert guests join me in some of the blogs. The focus will be on culture, people, process and technology because all are critical. We will show that there’s opportunity to build a document/data security practice and to sell additional services like assessment services, technology, tools, training and technology that improves security and adds value.

Most importantly, I’d like to teach readers how to protect themselves because it starts there. From there, we’ll get into how to build a strategy and package an approach showing measurable ROI. We’ll introduce key verbiage and teach readers how to speak the language – not just sell the tools. We will talk about developing training and marketing strategies and tools. Then finally, I plan to help providers expand their offering and help their customers develop a “Control Conscience Corporate Culture” making then more competitive, scalable and valuable as an organization.

Photo credit DaveBleasdale

Join eDocument Sciences on January 12, 2012 at 2:00pm EST for a joint webinar with DocuSign on “Using e-Signatures to streamline your business processes and enhance your data security”. 

Signing documents with paper and pen can cost you time and money.  You do most of your communicating electronically on your laptop, smartphone or tablet, so why not do the same when you need to sign something.  Join us for an informative look at how electronic signatures can make your life easier and more secure, by completing transactions in minutes while eliminating errors and guaranteeing the identity of signers, authorizing access to information or for approval processes.

>> Click here to sign up for the Webinar

The December 2011 issue of ENX Magazine features an article titled “Document, Data Security: Internal Controls, Data Governance, and Measuring & Managing Risk” written by Dave Anastasi, CEO of eDocument Sciences.  This is the second in a series of articles where Dave looks at how data and document security are paramount concerns for all organizations of any size. 

Below is the article in its entirety.

In my first article (November) of the Document, Data Security: “Turning Risks Into Opportunities” series, the initial goal was to bring high level awareness to the threats and opportunities that you and your customers face when it comes to protecting their and your most valuable asset, information.

Having looked at the high level risks and market opportunities in the first article, this month’s article will focus on three key areas (listed below) that individual organizations and their leaders (Public, Private, Government, Educational, and Non-Profit) are all responsible for with the objective of one important outcome; focusing on People, Processes and Technology ultimately creating a Control Conscience Corporate Culture™ (4 C’s). Also, then looking at creating a strategy that is highly effective, scalable and sustainable consistently creating strong value (financial, services and solutions) for its shareholders and/or constituents. Anything that impedes an organization from doing so negatively impacts the value that it provides.

1. Internal Controls

2. Data Governance

3. Measuring and Managing Risk

So why is all of this so important? Simply put, it is about value! An organizations value is built on its ability to provide services and/or solutions to its customers/constituents. If it is a for profit organization then it also must create an acceptable financial return to its shareholders whether that be public or private. You can ask how does this impact my business and why should I spend any time or resources worrying about this? The reality is that you are already in the middle of it every day through handling documents, selling equipment that prints, copies, scans and stores data, selling software or solutions (that impact business processes, document or file transfer or data storage) managing print services or other environments, accessing equipment to service it. So the real question is how are you going to let it impact you and your customers and your financial results?

There are four outside entities that have strong influence on how organizations go about providing that return: Government/Regulatory, Auditors/Accountants, Law Firms and Insurance Providers (ironically they are also subject to these same issues and requirements so they are potential customers as well).

Historically, the focus of these outside entities has been on the financial reporting and systems of organizations. With the advancement of technology, regulatory changes (i.e. Sarbanes Oxley, Regulation Fair Disclosure, HIPAA, Breach Notification, Data Privacy, etc.) global expansion and cultural changes, the number of data breaches, leaks and identity thefts occurring and being identified has expanded exponentially. These issues are creating significant negative financial, customer relations and brand impacts on organizations. With that, the effect of these data events on earnings for organizations and ultimately their value as a public or private organization can be catastrophic.

There are important phrases that need to be recognized as major red flags. Fortunately, by recognizing a few key phrases, readers will be alerted to some very important information that will help avoid operational, legal and financial mistakes as well as allow you to talk with your customers at all levels of the organization. Focus on making the buying decisions strategic, not operational.

Three of these key phrases are listed below, it is very important to understand failing to protect important data can trigger any one or combination of these events:

• Material Adverse Effect – is a significant event that may negatively affect an organizations (profit or non-profit) stock price, value or operations. A material adverse effect usually signals a severe decline in profitability and/or the possibility that the company’s operations and/or financial position may be seriously compromised.
• Material Weakness – a material weakness is a deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis.
• Significant Deficiency – a significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.

So where does an organization start to build a Control Conscience Corporate Culture™ (4 C’s)? It must start with Tone at the Top (a phrase well known to auditors, accountants, boards, executives, attorneys as it is directly referenced in Sarbanes Oxley) – it refers to how an organization’s leadership creates an ethical (or unethical) atmosphere in the workplace. Board and management’s tone has a trickle-down effect on employees and partners. If boards and top managers uphold ethics and integrity so will employees and partners. But if boards and upper management appear unconcerned with ethics and focuses solely on the bottom line, employees and partners will be more prone to lack of discipline, feel that ethical conduct isn’t a priority and even go as far as committing fraud. In short, people will follow the examples of their leaders and managers.

From there, the organization must develop a strategy that exceeds a Standard of Care (a legal term well know again by auditors, accountants, boards, executives and attorneys) – the watchfulness, attention, caution and prudence that a reasonable person in the circumstances would exercise. If a person’s actions do not meet this standard of care, then his/her acts fail to meet the duty of care which all people (supposedly) have toward others. Failure to meet the standard is negligence, and any damages resulting therefrom may be claimed in a lawsuit by the injured party. One challenge is that the “standard” is often a subjective issue upon which reasonable people can differ and certainly leaving that up to a jury can be very expensive.

Next, the focus needs to be put on identifying key components of Internal Controls, Data Governance and Measuring and Managing Risk with an emphasis on safeguarding the organization’s assets and resources, the most important being its information.

Internal Controls – Under the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control-Integrated Framework, widely-used in the United States and globally, internal control is broadly defined as a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a) Effectiveness and efficiency of operations; b) Reliability of financial reporting; and c) Compliance with laws and regulations.

• COSO defines internal control as having five components:
• Control Environment-sets the tone for the organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control.
• Risk Assessment-the identification and analysis of relevant risks to the achievement of objectives, forming a basis for how the risks should be managed.
• Information and Communication-systems or processes that support the identification, capture, and exchange of information in a form and time frame that enables people to carry out their responsibilities.
• Control Activities-the policies and procedures that help ensure management directives are carried out.
• Monitoring-processes used to assess the quality of internal control performance over time.

Data Governance – The Data Governance Institute’s definition in its simplest terms, “Data Governance is the exercise of decision making and authority for data-related matters.” In more detail; “it is a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods.”

• When you reference governance, be sensitive to depending on context, “Data Governance” could refer to:
• Organizational structure
• Guidelines, business rules, policies and standards
• How they “decide how to decide”
• Accountability
• Methods and metrics for people and information systems as they perform information-related processes.

Measuring & Managing Risk – What works and what doesn’t work? Over twenty years ago Morgan Henrion wrote about the 10 Golden Rules of Risk Analysis:

1. Do your homework with literature, experts and users.
2. Let the problem drive the analysis.
3. Make the analysis as simple as possible, but not simpler.
4. Identify all significant assumptions.
5. Be explicit about decision criteria and policy strategies.
6. Be explicit about uncertainties.
7. Perform systematic sensitivity and uncertainty analysis.
8. Iteratively refine the problem statement and analysis.
9. Document clearly and completely.
10. Expose to peer review.

Going forward, I will start to outline how to approach a data and document security review with the intent to develop internal threat analysis plans as well as identifying key policies and procedures. However, remember it all begins with people and culture. The more you can create employee awareness, recruiting and succession plans, employee responsibility policies and data security training the better chance you have of developing the desired culture. Followed with process and technology gap analysis and solutions and you have the opportunity to be the subject matter expert for your customers, expanding your relationship to a strategic level and the ability to develop a very lucrative document, data security practice that compliments and extends your core business.

The November 2011 issue of ENX Magazine features an article titled “Document, Data Security: Turning Risks Into Opportunities” written by Dave Anastasi, CEO of eDocument Sciences.

This is the first in a series of articles where Dave looks at how data and document security are paramount concerns for all organizations of any size.  Whether you are a private or public company, a non-profit or government entity, securing your confidential and sensitive information is critical to your business.  Without that, you lose trust and credibility with your suppliers, partners and customers.  Without trust, your business may cease to exist.

Almost everyday you hear about data breaches that affect small and large organizations alike.  It doesn’t matter if you are Sony, the US government or a local accountant.  Losing critical information can have a devastating effect on your business.  Addressing the problem puts you in the driver’s seat rather than worrying about who is next.

Click on the link below to read the article in its entirety.

Document, Data Security: Turning Risks Into Opportunities

This article is the first in a series of articles designed to bring awareness to the threats as well as the opportunities that you and your customers face when it comes to protecting their and your most valuable asset – information. The series will outline ways you can start to take steps to protect your organization and your customer’s organizations to mitigate the risks associated with data breaches. Finally, the series will also be designed to allow you to look at opportunities to convert your and your customer’s risks into business opportunities with significant financial benefits for you and your customers.

So the first question you may ask is why should I care or invest time and resources to this issue?

First, it is very important to understand that not one organization is immune to the significant risk and impact of data breaches. It is also a fact that a data breach in one organization can have a cascading impact on other organizations that they partner with, supply products or services to, or are supplied products and services by.

On May 29, 2009 President Barack Obama stated, “It’s now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation… we’re not as prepared as we should be, as a government or as a country.”

This statement has been followed by a number of significant actions by various government agencies on the international, federal, state and local levels. Also, there are many data governance, security and privacy requirements being put in place and expanded within the corporate, government, and private sectors.

Here are some examples:

• On June 23 2009, the Secretary of Defense Gates directed the Commander of U.S. Strategic Command (USSTRATCOM) to establish USCYBERCOM. In May 2010, General Keith Alexander outlined his views in a report for the United States House Committee on Armed Services subcommittee: “My own view is that the only way to counteract both criminal and espionage activity online is to be proactive. If the U.S. is taking a formal approach to this, then that has to be a good thing.” This is also a challenge faced by many organizations, as the ability to reach the offenders is very complicated.
• As of March 2011, 46 States now have Breach Notification Laws (exceptions Alabama, Kentucky, New Mexico & South Dakota). These laws put responsibility squarely on the shoulders of organizations to both protect and notify their customers, partners, etc. of a breach, the severity of the breach, and if they do not take timely and proper action they can be deemed negligent. They are also required to determine the source of the risk whether the cause came directly from their organization or a downstream partner and to take appropriate steps to mitigate any future risks. The financial and brand impacts can be substantial and long-term.
• The month of October was the eighth annual National Cyber Security Awareness Month sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance (NCSA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).  The overarching theme for National Cyber Security Awareness Month is “Our Shared Responsibility,” which reflects the interconnectedness of the modern world and the message that all computer users have a role in securing cyberspace.  Through a series of events and initiatives across the US, Awareness Month engages public and private sector partners to raise awareness and educate Americans about cyber security, and increase the resiliency of the Nation and its cyber infrastructure.

The future is seeing a continued convergence of the integration between devices (desktops, laptops, Pads, phones, printers, copiers, etc), storage (devices as well as on premise and cloud servers), software applications, and document and data management products and services, ultimately creating extreme complexity in managing the security of critical data. As more board directors, senior executives and investors (whether public or private market) are beginning to see the strategic necessity to develop data governance and data management plans, they will be required to invest more focus and resources to consistently address these concerns.

Law firms, accounting and audit firms, and insurance providers are realizing their responsibility as trusted advisors to organizations, and the risk of not being properly prepared within their own organizations . They are taking aggressive steps to assure their clients are taking proper steps to implement strong data governance and internal controls to protect against these expanding risks.

Also, all of the people above put their organizations and themselves personally at risk of negligence if they do not take proper steps to protect their organizations’ and customer’s critical information.

Now let’s look at the market opportunities created by this convergence of technologies and the data breach risks that it raises. As you look at market share it is important to understand that you are most likely already playing in one or several of these environments that are all impacted by data security, whether it is physical documents, electronic data files or meta-data. Ask yourself how can I mitigate risk and maximize my customer relationship and opportunities by extending my current franchise and customer relationships.

• According to Gartner, Managed Print Services (MPS) research, market size is expected to exceed $10 billion worldwide by 2013 from the present $7 billion.
• The printer, copier and MFP market rebounded in 2010 after sluggish demand for two consecutive years. Shipments were up 12.3% with a total shipment of 121.6 million units. End-user spending expanded 4.6%, totaling $51.3 billion. Emerging countries accounted for 46% of total shipments.
• Gartner shows the Enterprise Content Management market (ECM) grew by 4.8% in 2009 despite global economic conditions with global ECM revenues of $3.5 billion. Between 2010 and 2014 it is expected to grow at a compounded rate of 10.1% annually starting 2010 until 2014 when it is expected to be worth $5.7 billion globally.
• Canalys predicted the global enterprise security market to grow by 13.8% in 2010, with end-user value forecast to reach $15 billion. 2011 will see growth of 9.2%, pushing end-user value to $16.3 billion, and the compound annual growth rate (CAGR) for 2010 to 2014 is forecast at 6.1%.

Now that we have looked at risk and market opportunity, what next?

First, it is important to recognize that all types of organizations and even individuals investing in data protection are not new. For years there have been billions of dollars spent on network infrastructure protection as well as virus and malware applications. Data protection is a conversation that is not new.

As technology has advanced it has become essential for organizations to take a cultural and strategic approach to data security. It is no longer sufficient to just protect the network infrastructure and assume virus and malware protection is enough. The primary reason that breaches occur is to steal information, so more focus and resources should be dedicated to protecting the data itself, not on unauthorized network access alone.

Why start with cultural? Now more than ever it requires an organizational focus to ensure consistent and effective data governance and security. Data breaches can happen to any organization. All it takes is accidentally e-mailing a file or information to the wrong person, a break in, loss or theft of devices, unauthorized employee removal or theft of data, or poor execution and enforcement of data policies by employees or partners.

According to the Verizon 2011 Data Breach Investigations Report, large-scale breaches dropped dramatically while small attacks increased. “The report notes there are several possible reasons for this trend, including the fact that small to medium-sized businesses represent prime attack targets for many hackers, who favor highly automated, repeatable attacks against these more vulnerable targets, possibly because criminals are opting to play it safe in light of recent arrests and prosecutions of high-profile hackers.”

As stated, data governance is a hot topic among government officials, corporate officers, board members, investors, legal, financial, law enforcement, and technology professionals.  Data privacy is a very important concern for organizations and individuals all over the world.  As more and more of our communications and information become electronic, protecting that information becomes essential. That said; don’t underestimate the potential risk of a catastrophic data breach involving non-electronic documents and data, or the opportunities to assist your customers in protecting against it.

In June 2010 in Seattle, WA, eDocument Sciences developed and ran in partnership with multiple organizations the Data Privacy, Governance and Business Ethics Summit, which demonstrated the level of focus on these important issues. This Summit involved many government, business and educational leaders and was attended by close to three hundred senior level executives.

Nearly a day doesn’t go by without hearing about a data breach story that impacts many people’s lives and also the valuation of organizations. Understanding how to develop strategies and plans, and having the right people, processes and technology to mitigate these risks is at the forefront of your customer’s minds and should be high on your list of potential business opportunities. The reality is, it will impact your customers and your business. The question is will you lead, follow or get out of the way?

On November 17, 2011, Bill Blake, President & COO of eDocument Sciences, joins partners Fasoo and Toshiba Business Solutions (TBS) in jointly hosting a seminar on document security and document management.  The event is at One Financial Center in Boston, Massachusetts and focuses on many of the issues related to document security and how to resolve them.  The keynote speakers for the seminar are David Drab, who is a Cyber Security Expert and Former FBI Agent, and Bill Blake.  Their focus is on security threats and the direction and need of document security.

Fasoo along with DocuWare and Drivve are presenting at breakout sessions. Fasoo is presenting on the topic “Protect, Control and Trace Your Sensitive Document with Fasoo E-DRM” and focusing on introducing current and new solutions for document security and management. Such new products include Fasoo MFP Shell, Fasoo Mobile Gateway, Fasoo Secure Screen, Fasoo Context-Sensitive DRM, and Fasoo Usage Tracer.

▶ General Session

• Security Threats- David Drab, Cyber Security Expert and former FBI agent (1 hour)

• Document Security- Bill Blake, eDocument Sciences (1 hour)

▶ Breakout Session

• Fasoo DRM (40 min.)

• DocuWare (40 min.)

• Drivve with Fasoo Integration (40 min.)

>> Click for the Event Details

Bill Blake, President and COO of eDocument Sciences, will speak on data security to a Forensic Accounting class at Canisius College in Buffalo, NY on October 17, 2011.  Bill is a member of the Canisius Business Advisory Council whose principal purpose is to provide support and advice that will enhance the educational experience of students.

Patricia A. Johnson, Assistant Professor in Accounting and Program Coordinator for the master’s program in Forensic Accounting, asked Bill to speak to students on data security and what happens when that security is breached.  Bill will focus on the causes and costs of data breaches, securing documents using Enterprise Digital Rights Management and ensuring contract authenticity through electronic signatures.

The Forensic Accounting program at Canisius helps develop skills in detecting and preventing fraud, and in helping organizations develop a good corporate governance program.  Forensic Accounting encompasses financial expertise, fraud knowledge and a sound knowledge and understanding of business reality and the workings of the legal system.  This is immensely important today in light of Sarbanes Oxley compliance and the financial “troubles” that are plaguing every area of business.

The rash of data breaches in the past year has been staggering and affected millions of people all over the world.  Some of these are high profile, like Epson Korea, the rash of Sony hacks, and of course the US government documents posted on Wikileaks.  Some are small, like an incident in Louisiana where copies of confidential documents were found on a city street.  And some just make you shake your head, like the play book of the Green Bay Packers being scattered all over the street. 

Protecting this information is critical to business and private citizens.  A little prevention sometimes saves a lot of heartache later, but if (or when) that breach occurs, it’s important to understand what to do.  Bill will give Canisius’ students some insight into understanding data breach causes and how to prevent them.

Congratulations to Dr. Cho and everyone at Fasoo.com for winning the prestigious 2011 Global Frost & Sullivan Award for Competitive Strategy Innovation of the Year.

In the global enterprise digital rights management (EDRM) market Fasoo dominates the APAC markets, notably Japan and Korea, and is now expanding into major markets such as China in the East, and North America and Europe in the West, through a combination of strategic partnerships and organic growth. Fasoo is the only major player in the EDRM market who has remained a pure EDRM vendor.  The others have been acquired by major companies, such as EMC and Oracle, and either been integrated into existing products or dropped altogether.  Fasoo products are agnostic and work with all office productivity applications, regardless of vendor.

While acquisition by large corporations offers competitors the strength of better sales resources and a more established customer base, Fasoo is countering this in two ways. In the North American and European markets, it is joining efforts with established channel partners such as IKON Office Solutions, a wholly owned subsidiary of Ricoh Americas Corporation, and Toshiba America Business Solutions, Inc to reach customers and win market share. Second, Fasoo is being proactively sought out as a partner by leading data loss prevention (DLP) vendors who are trying to break into the APAC region.

Watch this video showing the award presentation.

Click here to view the complete Multimedia News Release.

eDocument Sciences’ partner Fasoo.com was honored with the 2011 Global Frost & Sullivan Award for Competitive Strategy Innovation of the Year.  Each year, Frost & Sullivan presents this award to the company that has demonstrated uniqueness of strategy, leveraging competitive intelligence to improve market position.

Fasoo’s Enterprise Digital Rights Management (EDRM) software lets a business or individual control who accesses electronic files, for how long, and what rights they have.  It does this by encrypting the file and applying a persistent security policy that defines who can view, print, save, and edit it.  The policy travels with the file so that if it gets into the wrong hands, it can be disabled.  Without the rights to view the file, it becomes useless.  The file looks like random characters.

In the global EDRM market Fasoo competes with Microsoft that has the strength of its Windows Server and Office products, which are mainstay applications for enterprises worldwide. Fasoo’s technology approach is driven by security and practical considerations. By overriding an application’s memory space, it provides a strong approach to document protection that integrates smoothly with the end-user experience even for third party applications, where EDRM vendors do not have access to the program code.

“This is a difficult approach for several reasons, including risk of performance impact and the requirement of keeping pace with application and document format updates,” said Frost & Sullivan Research Analyst Avni Rambhia. “Fasoo has developed the technical strength and deployment process to execute it well.”

“Fasoo effectively articulates shortcomings in competing offerings, while highlighting its own strengths in the context of customer pain points, to craft compelling sales messaging and marketing communication,” said Rambhia. “Its blue ocean strategy is to position the company as a pure EDRM vendor with the technology that is agnostic to asset management, server software and DLP systems, but which interoperates with all market leading applications and platforms and is scalable to meet the needs of large enterprises with global footprints.”

By using Fasoo EDRM products, many companies may have prevented the data breaches we read about every day.  If a hacker or other criminal stole a document that has Fasoo’s persistent security policy, they wouldn’t be able to read its contents.  It would look like gibberish and these breaches would be non-events.

I had the opportunity as part of our new strategic partnership to attend the recent DocuSign Summit 2011 held at the Hyatt Regency SF Airport.  The major takeaway from the Summit was the rapid and broad adoption of eSignature that is occurring.  With the continued regulatory environment supporting the use of eSignature both domestically and internationally it is clear that in time this will become a common way of executing transactions.  From a security perspective authenticating and approving processes and transactions will become the norm, since it provides high levels of security and an detailed audit trail. The rate of adoption is growing exponentially!

At the Summit there were multiple education sessions and case study reviews including ID Check Authentication, real estate transactions, loan application, as well as many other multiple general business process improvement examples. Also there was new emphasis on Mobile eSignature and data security opportunities. There are numerous new application partners working with DocuSign to build integrations. I had the chance to spend some time with multiple integration  partners including Salesforce.com, to learn more about how we at eDocument Sciences and several of our other partners can help you understand the many opportunities to improve the efficiency and security of your business through the use of eSignature.

Check out some of our recent articles on how to use eSignature.

• Sign your vacation rental electronically
• What did we do before eSignature?
• Stop signing documents like Fred Flintstone

And while you are at it, check out the free trial on DocuSign.