 |
 |
|
This article is the first in a series of articles
designed to bring awareness to the threats as well
as the opportunities that you and your customers
face when it comes to protecting their and your
most valuable asset—information. The series will
outline ways you can start to take steps to
protect your organization and your customer’s
organizations to mitigate the risks associated
with data breaches. Finally, the series will also
be designed to allow you to look at opportunities
to convert your and your customer’s risks into
business opportunities with significant financial
benefits for you and your customers.
So the first question you may ask is why should I care or invest time and resources to this issue? First, it is very important to understand that not one organization is immune to the significant risk and impact of data breaches. It is also a fact that a data breach in one organization can have a cascading impact on other organizations that they partner with, supply products or services to, or are supplied products and services by. On May 29, 2009 President Barack Obama stated, “It’s now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation… we’re not as prepared as we should be, as a government or as a country.” This statement has been followed by a number of significant actions by various government agencies on the international, federal, state and local levels. Also, there are many data governance, security and privacy requirements being put in place and expanded within the corporate, government, and private sectors. Here are some examples: • On June 23 2009, the Secretary of Defense Gates directed the Commander of U.S. Strategic Command (USSTRATCOM) to establish USCYBERCOM. In May 2010, General Keith Alexander outlined his views in a report for the United States House Committee on Armed Services subcommittee: “My own view is that the only way to counteract both criminal and espionage activity online is to be proactive. If the U.S. is taking a formal approach to this, then that has to be a good thing.” This is also a challenge faced by many organizations, as the ability to reach the offenders is very complicated. • As of March 2011, 46 States now have Breach Notification Laws (exceptions Alabama, Kentucky, New Mexico & South Dakota). These laws put responsibility squarely on the shoulders of organizations to both protect and notify their customers, partners, etc. of a breach, the severity of the breach, and if they do not take timely and proper action they can be deemed negligent. They are also required to determine the source of the risk whether the cause came directly from their organization or a downstream partner and to take appropriate steps to mitigate any future risks. The financial and brand impacts can be substantial and long-term. • The month of October was the eighth annual National Cyber Security Awareness Month sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance (NCSA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The overarching theme for National Cyber Security Awareness Month is “Our Shared Responsibility,” which reflects the interconnectedness of the modern world and the message that all computer users have a role in securing cyberspace. Through a series of events and initiatives across the US, Awareness Month engages public and private sector partners to raise awareness and educate Americans about cyber security, and increase the resiliency of the Nation and its cyber infrastructure. The future is seeing a continued convergence of the integration between devices (desktops, laptops, Pads, phones, printers, copiers, etc), storage (devices as well as on premise and cloud servers), software applications, and document and data management products and services, ultimately creating extreme complexity in managing the security of critical data. As more board directors, senior executives and investors (whether public or private market) are beginning to see the strategic necessity to develop data governance and data management plans, they will be required to invest more focus and resources to consistently address these concerns. Law firms, accounting and audit firms, and insurance providers are realizing their responsibility as trusted advisors to organizations, and the risk of not being properly prepared within their own organizations . They are taking aggressive steps to assure their clients are taking proper steps to implement strong data governance and internal controls to protect against these expanding risks. Also, all of the people above put their organizations and themselves personally at risk of negligence if they do not take proper steps to protect their organizations’ and customer’s critical information. Now let’s look at the market opportunities created by this convergence of technologies and the data breach risks that it raises. As you look at market share it is important to understand that you are most likely already playing in one or several of these environments that are all impacted by data security, whether it is physical documents, electronic data files or meta-data. Ask yourself how can I mitigate risk and maximize my customer relationship and opportunities by extending my current franchise and customer relationships. • According to Gartner, Managed Print Services (MPS) research, market size is expected to exceed $10 billion worldwide by 2013 from the present $7 billion. • The printer, copier and MFP market rebounded in 2010 after sluggish demand for two consecutive years. Shipments were up 12.3% with a total shipment of 121.6 million units. End-user spending expanded 4.6%, totaling $51.3 billion. Emerging countries accounted for 46% of total shipments. • Gartner shows the Enterprise Content Management market (ECM) grew by 4.8% in 2009 despite global economic conditions with global ECM revenues of $3.5 billion. Between 2010 and 2014 it is expected to grow at a compounded rate of 10.1% annually starting 2010 until 2014 when it is expected to be worth $5.7 billion globally. • Canalys predicted the global enterprise security market to grow by 13.8% in 2010, with end-user value forecast to reach $15 billion. 2011 will see growth of 9.2%, pushing end-user value to $16.3 billion, and the compound annual growth rate (CAGR) for 2010 to 2014 is forecast at 6.1%.
Now that we have looked at risk and market opportunity, what next? First, it is important to recognize that all types of organizations and even individuals investing in data protection are not new. For years there have been billions of dollars spent on network infrastructure protection as well as virus and malware applications. Data protection is a conversation that is not new. As technology has advanced it has become essential for organizations to take a cultural and strategic approach to data security. It is no longer sufficient to just protect the network infrastructure and assume virus and malware protection is enough. The primary reason that breaches occur is to steal information, so more focus and resources should be dedicated to protecting the data itself, not on unauthorized network access alone. Why start with cultural? Now more than ever it requires an organizational focus to ensure consistent and effective data governance and security. Data breaches can happen to any organization. All it takes is accidentally e-mailing a file or information to the wrong person, a break in, loss or theft of devices, unauthorized employee removal or theft of data, or poor execution and enforcement of data policies by employees or partners. According to the Verizon 2011 Data Breach Investigations Report, large-scale breaches dropped dramatically while small attacks increased. “The report notes there are several possible reasons for this trend, including the fact that small to medium-sized businesses represent prime attack targets for many hackers, who favor highly automated, repeatable attacks against these more vulnerable targets, possibly because criminals are opting to play it safe in light of recent arrests and prosecutions of high-profile hackers.” As stated, data governance is a hot topic among government officials, corporate officers, board members, investors, legal, financial, law enforcement, and technology professionals. Data privacy is a very important concern for organizations and individuals all over the world. As more and more of our communications and information become electronic, protecting that information becomes essential. That said; don’t underestimate the potential risk of a catastrophic data breach involving non-electronic documents and data, or the opportunities to assist your customers in protecting against it. In June 2010 in Seattle, WA, eDocument Sciences developed and ran in partnership with multiple organizations the Data Privacy, Governance and Business Ethics Summit (link: http://www.youtube.com/watch?v=blJSUT8nxPQ ), which demonstrated the level of focus on these important issues. This Summit involved many government, business and educational leaders and was attended by close to three hundred senior level executives. Nearly a day doesn’t go by without hearing about a data breach story that impacts many people’s lives and also the valuation of organizations. Understanding how to develop strategies and plans, and having the right people, processes and technology to mitigate these risks is at the forefront of your customer’s minds and should be high on your list of potential business opportunities. The reality is, it will impact your customers and your business. The question is will you lead, follow or get out of the way? In the future articles I will focus more on the details of the subjects listed below and how your organization and customers can begin to create a Control Conscience Corporate Culture ™ and a practice that allows you and them to enjoy the business and financial benefits of doing so. Culture & Strategy • Control Conscience Corporate Culture ™ • Tone at the Top • Data & Document Security Review • Policy Development & Planning • Data Governance Plan • Risk Management • Standard of Care People - Employee Awareness • Recruiting & Succession • Employee Responsibility Policies • Data Security Training • Internal Threat Analysis Plans, Policies & Procedures Process - Process Gap Analysis • Operational Controls • Records Management • Jurisdiction & Legal Review • Independent Process Review Technology - Technology Gap Analysis • Network Security • Virus and Malware Protection • Storage Security • Software Applications (On-premise and Cloud) • Device Security • Secure Printing & Scanning • Penetration Testing • Document & File Security Secure Collaboration & DataTransfer David Anastasi is currently the CEO of eDocument Sciences LLC, as well as Board Member of Onehub Inc. Prior to eDocument Sciences he was President & CEO of Captaris, Inc. which was acquired by OpenText in October 2008. eDocument Sciences partners work with public, private, and government organizations securing their most important asset, mission-critical data. They assist in the development and management of Data Governance programs that focus on People, Processes, and Technology. They deliver results by matching technology, distribution and services companies focused on data security with each other, distribution partners and customers. Their focus is on delivering highly secure environments increasing productivityand ultimately higher value. |
||||||||||||||||||||||||||||||||||||||||||
Document,
Data Security: Turning Risks Into Opportunities