Guest post by Mike Feldman, President, Large Enterprise Operations, Xerox Services
Whether you’re talking about Managed Print Services, device endpoints, business processes, document-based information, user behavior, cloud infrastructure or any number of document management topics, there’s always the question, “What about security?” And rightfully so. Few if any areas of document and content management don’t have a need for a security component. The information contained in paper and digital documents is valuable, potentially confidential and probably at risk.
Although the need for content security is pervasive across organizations, different functions may have their own particular focus. The executive suite and the legal team want to protect intellectual property and keep customer account data safe from hackers. Employee records and personally identifiable information create concerns for Human Resources.
Industry regulations also add complexity and penalties for lax document security. In healthcare, for example, organizations must maintain the security of patient records to be in regulatory compliance. Financial firms have their own set of mandated requirements. And what about IT? Well, you’re involved in all of it.
Endpoint Security: Set Up a Strong Perimeter
No matter what lens you look through, content security depends heavily on making sure the network isn’t vulnerable. That includes endpoints like servers, printers, scanners and multifunction devices. This is one reason Managed Print Services (MPS) providers can be key allies in helping enterprises with their security strategies.
Next Generation MPS providers who manage connected print fleets already have solutions to address the security of their output devices. That puts your MPS provider in a good position to help with broader security concerns. Ask your provider to take a hard look at the current state of your content security policies and practices. Include other security stakeholders in the discussion to understand all viewpoints and requirements. You’ll want to cover issues like these ten to make sure you’ve covered all the angles and dark corners of content security.
- Information Access – What confidential information is accessible through your documents? Who has access to the information? What controls are in place to manage, track and trace this information?
- Device Security Policy – Consider access to network assets, not just the content that passes through them. Have you created a security policy for access and printing to network assets like multifunction printers?
- Employee Guidelines – What measures are in place to ensure employees adhere to guidelines?
- Device Vulnerability – What possible vulnerabilities might expose your devices to attack?
- Device Behavior Compliance – How can you ensure devices comply with the policy for network assets? What’s the enforcement process?
- Network Assurance – Has the firmware you approved been deployed?
- Security Configuration Verification – Has there been any change to the firmware you approved?
- Remediation Assurance – What happens if a device falls out of compliance with the security policy? Are you alerted when this happens? What’s needed to bring it back into compliance? Do you have a remediation policy? How do you know the policy is in place?
- Reporting – When a network asset becomes out of compliance, can you capture data for reporting? Is there an audit trail?
- Mobile Workforce – What is your strategy relative to secure printing for mobile workers?
After assessing the gaps, your MPS provider can help you secure and integrate your device environment and the documents that travel across it. The outcome will be tighter control not only for your networked devices, but also for your critical business information.
Learn more about information security practices.