information security in the new world of work
TRANSCRIPT
All Materials Confidential
1. Ask A Question
2. Download a PDF copy of today’s presentation
3. Social Networking Tools
All Materials Confidential
Moderator: James Hilliard– IT Business Edge Aaron Goldberg- CEO – Content 4 IT Louis Di Stefano - Senior Manager Services Channel &
Field Marketing – Ricoh Americas Corporation
The Problem
Many cyber security plans don’t protect the ENTIRE document lifecycle
And there’s another problem as old as the printer itself:
“Look what’s sitting at the printer” syndrome
Printing Scanning Encryption for output data streams
1. The vulnerabilities that escape notice
2. Compliance and privacy policies don’t
discriminate between lost
output/documents and actual intrusions
3. Extending encryption solutions
4. Improved management of scanning
activities
Today’s Agenda
Vulnerabilities That are Often Missed
Many output
devices are poorly
documented or
unmanaged
How a printer is
used hasn’t
changed in 35
years!
No ability to
manage the
scanning capability
Document
management
solutions that support
scan/print/share
security
Document queues
and print jobs are
often unprotected
5 Security Issues Arising from these
Vulnerabilities
Inability to meet the compliance requirements of
HIPAA, GLB, and others
Tracking lost output, or just determining that it has
been lost, is nearly impossible
Scanning adds a new set of problems for data
loss/leakage
Inability to document security practices for audits
The cost of physically securing output devices is
impossible to justify 5.
4.
3.
2.
1.
Create Store Share
There are a number of different
takes on the document lifecycle,
some of which are quite complex.
At its highest level, the
document lifecycle includes
three stages:
The Document Lifecycle
The ‘Last Mile’ of the document
lifecycle often escapes security rigor.
Common methods of sharing
documents, including print outs,
scans, and emailed copies don’t often
carry rules or permissions once
shared.
Security for the first two stages often relies on:
• Passwords
• Encryption
• Roles-based permissions
These are applied the endpoints where
documents are created and stored, as well as
shared drives and cloud-based repositories.
The Need for
“Locked Print”
Destroying
Latent Data
Rethinking Output Security
Unauthorized
Device Access
Improved Security
& Management
Output Devices
Protecting Sensitive Information
Ensure user presence when printing with user
authentication
Delete stored documents from output device
memory
Encrypt print streams that are sent via Wi-Fi
IP address filtering
Network port management 5.
4.
3.
2.
1.
5 steps you should already be taking
• Nearly all organizations will
encrypt stored data or data
moving between servers, but
not to output or MFP devices
• There are vulnerabilities that
exist:
• SNMP
• Printer password protection
Extending Encryption
Sensitive Data
Data Center Users
Printers/MFPs IT Security
& Compliance
Bringing Encryption to the Last Mile
New Encryption Solutions
SNMP v3
Encrypt
PDF’s Encrypt
Drivers
Encrypt Printer
Streams
• Without management tools,
securing scanned documents is
troublesome
• Scanning often puts documents
outside the control of email
systems
• Most organizations have little
management or oversight of this
capability
Increased Focus on Scanning
Active Directory
Integration
Identify and Automate
Workflows
Reporting and
Management
Meet Compliance
Requirements
Track and
Document
Control Scanning
Use
Manage & Secure
Scanned Docs
Key Steps for Securing Scanned Data
• The problem is very common at many organizations
that have focused cyber security on “traditional”
issues
• Document security issues can and will result in
breaching compliance
• Output devices are also a vulnerability
• A comprehensive solution is the best path
Summary
Safeguarding
documents at
Scan, Print and
Enterprise
Content
Management
October 28, 2015
Ricoh Americas
Safeguarding Information
without impeding its mobility
It’s an interconnected world
To safely share information and access it,
anywhere is critical in the New World of Work.
18
Roadmap to security
We can not effect what we do not understand so
Ricoh has a dedicated team of design consultants
that take the time to:
19
Evaluate
your process
Listen to
your goals
Show you
how to get there
Information comes in many forms…
…including paper, transaction data, emails, office
docs, images and faxes
21
23
At the file level
Ricoh solutions offer productivity enhancements,
but securing that data in critical
Your ECM system can also help…
Document Lifecycle Management
27
Integrate with other systems
Digital Rights Management
Connected and mobile world
We all agree it is truly a connected and mobile
world. Ricoh can help you safeguard it.
28