Doc & Data Security Steward: An Introduction
The Imaging Channel, together with Dave Anastasi, is launching a new resident blog on the site: Doc & Data Security Steward.
Dave is the CEO of eDocument Sciences, a company specializing in securing information through developing data governance/security programs focusing on people, process and technology. They work with technologies such as enterprise digital rights management (EDRM), secure file transfer and collaboration, electronic signatures and remote IT support services to help customers control and protect the information that is critical to their businesses and customers.
Anastasi has dealt with document and data management and security throughout his career. He has extensive channel management and international management experience and has seen the critical need for data and document security measures while he served as the CEO of Captaris, a publicly traded company acquired by Open Text. He has been part the advancements of technology during his 14 years in the office products industry with Neopost, and network infrastructure while an officer at U S WEST, Chip Technology as founder and CEO of the Global Chipcard Alliance and now helps companies and VARs protect themselves and their customers against security breaches.
Along with his extensive knowledge, Anastasi will bring together industry and domain experts and companies he has worked with to address all things security-related concerning documents and data.
Get to know Dave and what you will find on this blog in the coming months:
TIC: What is your background? What makes you a “Doc & Data Security Steward?”
Anastasi: Throughout my career, I have been involved in many businesses and industries – having an undergraduate degree in Marketing and masters in International Management as well as cutting my teeth in the advertising business. My focus has always been to look from the customer’s perspective and then through the eyes of the distribution channel. Also, having been a public company CEO and sitting on multiple company and private organizations boards, I have had the benefit of seeing data and document security issues from many different angles and perspectives.
Everything starts with knowing your customer’s industry, business, goals, risks and business landscape. Document and data security requires a commitment to understanding who they’re serving, what their business is and the environment that they’re operating in. However it is most important to approach data and document security not just trying to find a way to make them more secure or compliant. More importantly, it’s about making your customers more efficient, more successful and profitable. It’s not just about supplying technology it is about improving scalability and ultimately measurable value.
With my time in document and enterprise content management, I understand the channel dealer network very well – the hardware portion as well as the intersection with services and software. Neopost was basically the same kind of business model as the copier, scanner, printing and managed services markets. Actually, almost 20 years ago, I started the first managed services partnership between Xerox Business Services and Neopost combining copying, printing and mailing services.
Ultimately though, it is my experience as a customer that led to the conclusion that document and data security is rapidly becoming one of the most strategic concerns of any type of organization. As I’ve sat in board audit and compliance, merger and acquisition, strategy and other meetings one of my deepest concerns was, how do we protect our most important asset: our information? I spent many a sleepless night worrying about breaches, both malicious and unintended. With that, I was both at risk in my job and personally as an officer and board member and ultimately the company value and brands reputation were at serious risk.
In time, it became apparent that the best approach to consistently dealing with this fragmented, complex and ever-growing issue was focusing on the culture, people, process and technology of an organization, also it’s extended network including partners and customers and creating a “Control Conscience Corporate Culture.”
Finally, due to the nature of the businesses I was in, I learned how to make money for my organization and our channel and strategic partners by using it as a tool to improve our customers overall business and financial results.
TIC: Why is security such a concern today?
Anastasi: It’s important to understand data security has been a concern for a long time. For example: organizations (and even home’s) have spent billions of dollars on network security, virus and malware protection for many years. Those have been billion-dollar industries for a long time. So people have always understood that they needed security, but it has been historically focused on protecting unauthorized access to networks and devices.
What’s really changed is that today, there’s this convergence. Everything is moving so quickly; technology is moving rapidly and converging. Documents are converted from hard copy to electronic files, expanded workstations and devices (desktops, laptops, pads, PDA’s along with networked intelligent copiers, printers and scanners) and locations where data can be moved and stored including the rapid emergence of cloud and applications.
In this industry historically copiers, printers and scanners were not networked, had minimal if no memory, unsophisticated keyboards and limited simple applications. Before they were networked and had expanded capabilities weren’t as significant a data security risk. The paradigm has shifted; today they are not just copiers, printers and scanners but workstations with computer capabilities. In reality they are computers that copy, scan, print.
It’s now one of those things that regulators, boards, executives, auditors, lawyers, insurers and most importantly those trying to breach critical information realize, and all these people have to think more seriously about securing their devices and data. Unauthorized access is an issue, but protecting critical content or data is really the goal.
So organizations have already have spent billions of dollars on security – realizing the importance of protecting data – but now the real question really is are traditional methods sufficient in today’s and tomorrow’s environments?
TIC: How does security relate to managed services/managed print services? Can providers turn these security concerns into opportunities? If so, how?
Anastasi: Providers’ awareness that they are part of the process is essential because they are managing print, documents and data, so they’re right in the middle. They are touching, moving and accessing important data, so they could become point of the breach, which could cause liability for them. They need to make sure they have proper protection in their environment when they are doing managed print services. The bad news is, if they don’t take security seriously, they could be negligent and accountable.
The good news is, because they are in the middle, it provides an opportunity for them to create their own document/data practice, expanding their business opportunities by providing services, solutions and technology to their customers in a way to help them manage their data security.
It is a massive and fast growing market that will never go away, it’s only going to get bigger. So, if providers are looking for market opportunities, why not look where they already are, both reducing their risk and expanding their business opportunity in an area that compliments what you are already offering. The great news it is an existing market on the leading edge not the bleeding edge.
And people today are aware and understand how important security is. In many cases, it’s a requirement for companies to pay attention to it, 46 states have deployed breach notification laws requiring organizations to respond quickly and effectively to data breaches or they face expanded damages due to negligence. So if providers become good at it, there are going to be massive dollars and opportunities, and if they become the go-to provider, think about the potential.
TIC: What kind of information will readers find on the Doc & Data Security Steward blog?
Anastasi: Throughout the years, I attended many conferences, and heard only about technology. I listened to auditors many who were primarily focused on financial people, processes and technology, and lawyers talking about my risk and litigation but not about prevention. There was no answer in one place, primarily because it’s so fragmented. We recognized a need for somebody to help facilitate a collaborative approach.
Our focus is to draw not only from my experience, but also from all the domain expertise out there that I know and work with, we will have a variety of expert guests join me in some of the blogs. The focus will be on culture, people, process and technology because all are critical. We will show that there’s opportunity to build a document/data security practice and to sell additional services like assessment services, technology, tools, training and technology that improves security and adds value.
Most importantly, I’d like to teach readers how to protect themselves because it starts there. From there, we’ll get into how to build a strategy and package an approach showing measurable ROI. We’ll introduce key verbiage and teach readers how to speak the language – not just sell the tools. We will talk about developing training and marketing strategies and tools. Then finally, I plan to help providers expand their offering and help their customers develop a “Control Conscience Corporate Culture” making then more competitive, scalable and valuable as an organization.
Posted by David Anastasi on 01/17/2012