Layer 1: Process and information security

Digitalization requires the integration of digital technology across all areas of the business, fundamentally changing how we operate and deliver value to our customers. It also brings a cultural change that requires employees to adapt to a more dispersed workplace, adopting new processes that can enable them to be productive both in the office and remotely. Business leaders must adapt and become aware of the process and data security risks.

Information governance

Poor information administration practices can expose any organization to a variety of risks that can lead to significant financial penalties and reputational loss. Understanding what information and data you need to keep, and how you can improve the way it is managed, reduces these risks and protects you from scrutiny.

Information governance security services support establishing and maintaining ongoing information confidentiality, integrity, and availability. These focused services assist organizations in meeting security policies and achieving compliance with a variety of federal, state, and industry regulations — including the ability to audit and demonstrate compliance in an efficient manner.

Every digital transaction between businesses and their customers produces a trail of data. Data may be highly sensitive, requiring security, privacy, and discovery controls; other data has no value and simply takes up space, commonly referred to as ROT (redundant, obsolete, or trivial) data. It is estimated that ROT data accounts for a minimum of 25-30% of company data, with other sources saying it can be much higher.

Knowledge of the information you have and where it’s located is a fundamental first step to information security. Ensuring the protection of sensitive data such as personally identifiable information (PII) and payment card industry (PCI) information is critical in mitigating potential risk.

  
Unstructured data is information that hasn’t been organized into a traditional, structured database format, which means it isn’t accessible, tracked, or leveraged for business insights. Without managing your repository — most of which is unstructured — you’re at risk of storing high quantities of ROT data and exposing your organization to risk and vulnerability if breached.

Unstructured data is a key contributor to security breaches, privacy violations, high IT costs, and compliance penalties. When considering cybersecurity, unstructured data is often the low-hanging fruit cyber criminals will target to gain access to deeper systems. They are looking for things they can monetize, such as names, addresses, dates of birth, social security numbers, passwords, credit card numbers, banking information, or contracts. Unfortunately, this sensitive data is often found throughout the infrastructure, making it difficult to track and keep secure.

Here are four key areas to improve the handling of data and information governance

1. Data discovery solutions
   Automated data discovery solutions are an efficient and secured way to identify and locate sensitive data ownership and permissions across unlimited endpoints. Protect your organization by reducing ROT data assets, proactively managing the lifecycle of your data, and ensuring compliance with privacy regulations. Data discovery also remediates data by restricting access, encrypting, archiving, redacting, or moving sensitive data to secured locations.
2. Data lifecycle management
   This security best practice seeks to mitigate an organization’s risk through the management of data, including sensitive and valuable information throughout the entire information lifecycle. Ricoh professional services and managed services teams can assist in any step of this process.
3. File analysis
   The nature of your data is as varied as your business. Your responsibilities for safeguarding it and opportunities to benefit from it are hindered without reliable knowledge of what you have. By performing automated analysis of your file repositories and email systems, you can identify sensitive and valuable data and take necessary actions. Thorough file analysis is not just a point in time event — best practices state it should be incorporated into ongoing workflows.
4. Data classification
   Data classification uses automated AI-based technology to categorize or index your documents so the data can then be easily extracted, exported, accessed, and protected. Implementing a system to classify your data can strengthen your security and enforce policies. It can also transform data generated from various physical and digital workflows into intelligence to enable better decision-making, more responsive customer service, and efficient operations. Ricoh security and process specialists have a deep understanding of information generated from print and digital workflows as well as archiving and email security — so the right approach is applied when classifying your data.

Transaction and process automation

Most transactions and business processes essentially follow a similar path. We collect or capture information, store and manage it, share and collaborate with the information, and then preserve or dispose of the results.

As the way we communicate, collaborate and create evolves, the need for secured and sustainable solutions becomes more apparent. The core of what we do — sourcing, creating, capturing, and managing information — is integral to success, and, therefore, must be protected from potential threats.

Automated business processes streamline how information moves and flows through your business, which is especially important with hybrid workplaces and remote workforces that need secured access everywhere.

Robotic process automation (RPA) provides organizations with a virtual workforce or bots that tackle repetitive business tasks, accelerating the way we work. RPA tools have their set of security standards with measures such as enterprise-grade encryption, role-based and permission access, Active Directory authentication, database encryption, and more.

Inbound information such as email, mail, web form submissions, document scans, and e-commerce must be received and handled securely. Integrating them with secured, automated workflows helps ensure data is safe and assists with information governance and compliance.

Common processes where intelligent business platforms, such as data capture and workflow applications, can be applied are:

• Invoice processing
• Loan processing
• Claims management
• Human resources onboarding
• Patient records and forms
• Student transcripts and records
• Maintenance and sales orders

Outbound information is subject to the same security and privacy requirements; it’s the organization’s responsibility to determine whether the information you produce and distribute should be encrypted, require user authentication, or be tracked.

Business leaders should consider these processes:

• Accounts payable
• Secure e-signatures
• Mail processes
• Customer communications

Automating processes uncovers new possibilities for the way people work and offer many benefits — but digitized data requires focused protection from the point of origin and throughout its lifecycle. Scanned paper documents, fax transmissions, form submissions, captured images, and other data enter your organization’s systems through various methods, which warrants scrutiny of how you protect that valuable information.

Secure capture and digitized documents

Automating data capture, classification, extraction, and export can accelerate the flow of information, providing convenient access to those who need it. Controlling and governing access to information — especially sensitive information in digital formats — requires formidable security capabilities across multiple touchpoints.

Sensitive data can be personally identifiable information (PII), proprietary, intellectual property (IP), or fiduciary, among others, and can lead to hefty fines if not safeguarded. However, if the data is to be protected, it must be transformed from unstructured data into actionable, structured data. Let’s explore how intelligent capture and secure eForm solutions can protect your valuable data.

Intelligent document capture processes

Intelligent capture solutions transform documents into a structured, secured format so data can be exported into any workflow, application, or repository, such as ERP, ECM, CRM, RPA, iPaaS, analytics, or line of business system.

The documents must first be digitized or scanned. During the scanning process, authentication methods validate authorized users and administrators can lock down access to certain processes — even limiting what users can see — to prevent improper use. You can also protect converted files with permission settings and password control.

Most intelligent capture solutions do not store data; they simply pass the digitally transformed data through to other applications or repositories. Since information can be vulnerable to compromise if intercepted, security measures are used to protect data in use. Cloud services also make use of built-in encryption, decryption, authentication, and use Transport Layer Security (TLS) for transmission.

Secure eForms

Electronic forms provide a consistent way of submitting structured information into a system and can provide a secured option to the alternative paper or email approach. However, improperly coded or unprotected electronic forms can pose a security risk.

A form that has not been secured correctly can be a gateway to falsified information or attempts to introduce malicious code. Intelligent forms creation software can do the hard work for you, behind the scenes — constructing proper forms with features including electronic signature fields, location services, access control, attachment management and, most importantly, workflow management. Monitor and analyze your form-based workflows with full tracking of critical processes and approve or deny form submissions before they continue to their destination.

Secured management and administration

Securely managing large volumes of data while complying with regulatory controls and audits can be daunting. However, a data system that handles your information securely, seamlessly automates your workflows, and enables remote access is critical to optimizing your hybrid workplace’s business processes.

Document management services and solutions

Effective document management solutions provide much more than just a secured storage repository. Access controls limit use to only those who have authorization, along with permissions control of who can view, share or update certain documents. When document activity is tracked, you know who is viewing and using your data.

Audit trails provide a record of this activity and custody down to the individual document level. With versioning and retention policies, you can ensure documents are handled in accordance with financial, legal, or other requirements. Whether a document management solution is delivered as a cloud service (such as DocuWare) or deployed on-premises, stored files are protected at rest, during transmission, and at the time of access. This is accomplished through encryption, secured transmission, and various options for file controls.

Controlled print output

Multifunction printers bring efficient output to multiple users, along with the capability to protect printed information. Whether printing from desktop computers or mobile devices, outputting sensitive information remains in the authorized person’s control. In addition, fullfeatured cost control tracking and chargeback provide comprehensive accountability of user behavior and a way to identify out-of-the-ordinary patterns or abuse.

Secured document release

By incorporating Secured Document Release, sensitive information printed to centralized servers or cloud services will not be picked up by mistake or by anyone seeking to steal confidential information. Instead of submitted print jobs going directly to a device, they are encrypted and held in the originating user’s print queue.

The user can only release the print job when they are present at the device of their choice and have provided authentification. The print queue can reside on-premises or in the cloud, and print data can be sent over a secured web connection and encrypted in transit.

Mobile printing

With a changing workforce, mobile device printing is a critical capability in many organizations. Enabling this involves both process and technology infrastructure considerations. On the process side, users can prevent sensitive information from being left unattended at a printer by using authenticated print release with their mobile devices.

Printer selection is handled on the mobile device, and output takes place when someone is present to securely release and retrieve the information. For infrastructure, you can protect print stream data and manage mobile printing processes with various deployment choices — depending on security policies. These can include both an on-premises mobile print server(s) or an off-premises mobile print cloud platform. Activity from mobile devices can be tracked alongside traditional printing with user/device detail reporting — so that mobile printing is tracked. Mobile device management can also be supported.

Authentication and usage

Preventing the misuse of resources reduces operating costs, restricts user activity to enforce accountability, and provides insight to spot irregularities through reporting.

Printing rules can include setting page limits by device, restricting color usage, enforcing duplex, restricting access to certain settings, and more. Budgetary account limits for copying and printing can be set up by the user — and include tracking walk-up activity at a multifunction printer.

Because users must authenticate to print, the print rules you set are automatically enforced and activity is attributed back to the user. You can associate document printing, scanning, and faxing to a specific client/matter for the purpose of billing — which enables detailed activity reports around a project or confidential topic.

Secured sharing and collaboration

Sharing and collaborating may involve both sending and receiving information. It may rely on several systems validating information or it may involve human-in-the-loop processes that include all of the above. Information may be used internally or externally, or both, and it may be integrated into a collaborative system such as Microsoft Teams. Key considerations include how the collaborative systems use the information, and what the end state of the information will be when derived through the process.

Advanced faxing

Decrease the risks associated with stand-alone fax machines and replace manual routing with an automated delivery process. A safer method to get faxes into the hands of just the intended recipient often includes taking advantage of secured authentication, encrypted protocols, encrypting data at rest, and routing rules. This automation eliminates paper handling and reduces the risk of paper documents being picked up by unauthorized persons.

With administrative control over your fax environment, you can address compliance and policy requirements using several features — including verifiable document transmission and receipt, full audit trails of activity, and access to archived faxes of all inbound and outbound transactions.

Secured preservation and disposal

It’s too easy to lose track of how much sensitive data your organization has, where it’s located, and who has access to it. Without clear visibility of your organization’s sensitive data, risk increases, and your organization cannot meet baseline security requirements.

Retention and disposal

Information policies determine the lifecycle and handling of different classes of data. Retention policies can determine when and how data is moved from your active repositories into an archived state, moved into an off-site cloud repository, or expunged from systems as warranted by policy. End-of-Life Information Disposal Services encompass cleansing data from multifunction devices to ensure that the NVRAM and drives of retired customer devices are wiped clean before disposal. 

Source:  RICOH USA