Information Security & Governance - Overview

The challenge of protecting business critical information has never been greater, with the increasing amounts, remote and mobile sources, different formats, and value of information — coupled with the rising costs and financial penalties for failure. Most important of all, earning your customers’ trust by securely managing their private information is essential to keeping and growing your market share.

The average organizational cost of a data breach this year increased to $4 million, up 18 percent from 2009… The United States had the most expensive average cost of $7.2 million. Germany came in second with $4.7 million. The United Kingdom and France had nearly identical average costs at $3.1 million apiece. Australia had the cheapest average cost of $2 million.¹

These “organizational costs” include only those from breaches of personally identifiable information (PII)— not compromised sensitive customer information nor intellectual property, and do not account for fines, lawsuits, nor damage to brand or customer trust and loyalty.

The majority of information security breaches come from within the organization, whether through negligence, incompetence, or malicious intent.²

Internal issues are the most frequent causes of security breaches

 

More Details

Information Security & Governance - Business Outcomes

Prioritizing Security Efforts

You want to identify and map where your business critical information resides and how it is used in order to prioritize your security efforts.

Understanding where your sensitive data resides is fundamental to being proactive about creating a culture of security. Enterprises embodying a culture of security experience fewer breaches and can more successfully maintain their customers’ trust.

Ricoh MDS Output Analysis identifies the type, location, layout and connectivity of each device in your business critical document processes, along with supporting IT infrastructure: factors such as network security protocols (TCP/IP, IPX/SPX), type of servers, integrations to back-end systems, etc. This “map” helps in the evaluation of potential security issues and prioritizing opportunities for improvement in device and network security.

Examining output infrastructure is only part of the picture; Ricoh MDS Process Analysis also looks at the strength of your security in the input and throughput processes of your business critical information. This process analysis includes taking into account human factors as well as the technical components.

Together, these services can provide baselines to help you design specific initiatives to optimize security measures so they better align with your strategic information governance objectives.

Not All PR is Good PR

You are acutely aware of highly publicized business information breaches; recovering from them can be operationally costly, can result in fines, and most importantly, they can damage your reputation and relationship with customers.

Ensuring your information governance is comprehensive and defensible and practiced consistently across the enterprise keeps you safely out of the news—and protects your bottom line.

Strategies and policies for strengthening device security are an important part of the Ricoh MDS Output Solution Design service. Recommendations may include stronger data encryption, user authentication, deployment of locked and follow-the-user printing, secure fax routing, and data overwrite. Ricoh MDS can help you design continuity plans for mission-critical devices.

Ricoh MDS Process Solution Design provides for fortified security measures based on the analysis of your current business critical document processes and the technology that supports them (IT platforms, equipment, software, data migration and facilities).

In order to fully realize the benefits of security improvements in processes and technology, you must also ensure that the people who use them are on board. Ricoh MDS Organizational Change Management employs individual change management practices based on the Prosci® ADKAR® Model, one of several core components of the overall Prosci® Change Management Process®. The Prosci® ADKAR® Model is a model of the change process at an individual level which can be applied organizationally through the broader Prosci® 3-phase Change Management Process®.

Doing much with limited resources

You have been tasked with managing security across all current operations and locations—a huge undertaking given limited resources.

Outsourcing to a trusted partner can help you meet corporate security mandates while working within your current staffing levels. You may be able to achieve a better security posture because you can leverage your partner’s broad and deep experience derived from service to a diverse customer base. Choosing the right managed service provider enables consistent security management across departments (from AP to HR to Manufacturing) in locations across the globe.

Ricoh MDS Security Management service can be leveraged to help you identify and develop controls to mitigate risks to the confidentiality, integrity, and availability of your business critical information throughout the document lifecycle—including setting sensitive information to expire automatically and ensuring outdated information is made unavailable.

These controls help ensure that deployed security technology fully corresponds to the enterprise’s information security objectives and policy. The controls protect confidential business critical information that needs to be shared with the appropriate employees, customers, and partners, providing consistent protection for sensitive documents even after they have been saved to a user’s desktop from a repository (i.e., network share, e-mail, electronic content management system [ECM]).

Security best practices are built into Ricoh MDS Document Lifecycle Services. Leveraging Ricoh’s experience derived from serving a global, diverse customer base allows you to focus on core business processes rather than on managing specific security tasks related to document input, distribution, output, archival, and disposal.

For example, Ricoh MDS Document Lifecycle Services can help ensure valuable corporate information is available at the right time in the right format, in a secure and compliant manner. Ricoh MDS can also help by storing or archiving documents, such as legal or compliance requirements, for future use with an audit trail to track user activities within documents and throughout the system.

Ricoh MDS can identify a secure document disposal solution to address compliance and environmental challenges of destroying documents at the end of their useful life. For example, with a certificate of destruction, you can be assured that your company’s sensitive information is legally and credibly destroyed.

Measuring and Monitoring Security Performance

You are looking for ways to measure and monitor your information protection performance, such that your security program meets your corporate governance, risk management, and compliance (GRC) objectives.

Demonstrable and measureable Key Performance Indicators (KPIs) around information governance programs are critical for compliance and audits, and proactively creating a culture of security.

By providing accurate and timely reports on document centric activity, Ricoh MDS Management Information Reporting can give you the information you need to make sound, proactive, and defensible data protection decisions. These reports can be departmental or global, and aligned with corporate governance objectives.

The single point of contact (SPOC) offered by Ricoh MDS Service Desk Integration can be used to increase the control over your printer fleet infrastructure and end use. The expertise provided can be leveraged to help you ensure appropriate security protocols are deployed and functioning as required, and alert management to anomalous behavior.

Ricoh MDS can provide a single point of contact for managing multiple vendors, and monitoring Service Level Agreements (SLAs). Ricoh MDS Multi-Vendor Management simplifies reporting, escalation activities, and consistent application of security protocols. Ricoh MDS Service Level Management monitors service levels, and can be structured to include adherence to security requirements enterprise-wide to help you achieve contractual obligations. By maintaining a high level of device uptime, you mitigate risk to business critical document processes and business continuity.

Protecting Persistent Data

You are aware of the need to protect your business critical information including customer data that is printed and persists on devices throughout the organization.

By extending security to the edges of the information enterprise, including both mobile platforms and document devices, you decrease risk and ensure maximum protection of customer and other business critical data.

Ricoh’s IMAC-D (Install-Move-Add-Change-Disposal) service performs proactive portfolio management for devices to improve availability and protect business continuity. The service also includes safe and secure removal of customer data still held on hard drives, with an option for complete onsite destruction of customer-specific data.

Ricoh MDS Delivery Installation and Configuration service can be structured to identify whether hardware and software solutions and network connectivity are not only set up to work correctly, but are configured according to the security policies and procedures that you have defined regardless of their geographical location of operation. Select Ricoh hardware devices have obtained Common Criteria certification conforming to the IEEE 2600.1 international standard for IT security products.

Information Security & Governance - Best Practices

Securing your information capital throughout the document lifecycle preserves the trust your customers place in you to protect their personal and private information—and potentially grow the relationship. Comprehensive information governance also helps mitigate the cost and risk of non-compliance with growing business information regulations.

Ricoh is a global leader in MDS. The knowledge and best practices we accumulate in thousands of engagements worldwide become powerful assets in our Ricoh MDS portfolio. Application of this knowledge and these best practices is the engine that drives our continuous improvement efforts.

Here are some best practices derived from Ricoh MDS customer deployments that you could employ to help realize the benefits of comprehensive information security governance:

• Define Information Access Based on User Credentials
• Extend Security Policies to the Edges of the Enterprise
• Encrypting Business Data on Devices
• Monitor Security across the Entire Document Lifecycle
• Secure Destruction of Information on the Device

Click below for detailed explanations of these best practices:

More Details

Information Security & Governance - How We Solve This

The Ricoh MDS Services Delivery Portfolio offers all the services required to design, construct, maintain, and optimize a highly efficient information infrastructure that is aligned with your information security goals and governance needs. Examples of Ricoh MDS service offerings are:

• Output Analysis
• Process Analysis
• Output Solution Design
• Process Solution Design
• Delivery Installation & Configuration
• Document Lifecycle Services
• Document Process Optimization
• Environmental Sustainability Governance
• Management Information Reporting
• Service Level Management
• IMAC-D
• Security Management
• Multi-vendor Management
• Asset Management
• Service Desk Integration

While every Ricoh Managed Document Services Engagement is unique and tailored to your environment, you can see examples of Ricoh MDS services that address Information Security & Governance.

Information Security & Governance - Related Info