Information Security and Privacy
Solutions for Data Protection and Compliance
Data breaches are on the rise, making information security and privacy top priorities for business and IT leaders. Today’s threats are more potent than ever, with employees cited as the primary risk. This trend, coupled with the expansion of data privacy laws around the world, has led to the growing realization that Enterprise Information Management solutions are must-have tools for data protection and regulatory compliance.
- Business Needs
It’s only through a robust Enterprise Information Management strategy and layered, thoughtful security practices that you can protect your organization and its data.
Information security is the practice of defending information – in all forms - from unauthorized access, use, examination, disclosure, modification, copying, moving, or destruction. There are numerous global and industry standards and regulations mandating information security practices for organizations.
Information privacy, or data privacy is the relationship between the collection and dissemination of data and the public expectation of privacy. The safeguarding of personal data is the objective i.e. data about individuals such as contact information, health, financial, and family information; these individuals could be your employees, your customers and other stakeholders. There are various legal, regulatory, political, and technological issues surrounding the issue of data privacy.
Information security and privacy were cited as the top two risk concerns in the AIIM survey and whitepaper - Managing Governance, Risk and Compliance with ECM and BPM, May 2015.
Enterprise Information Management is one of the most important tools for meeting compliance goals, and should be central to your data protection strategy.
Securing information assets within an enterprise requires a comprehensive approach that considers both information states: (1) content at rest and (2) in motion, or data being processed or in use.
Securing content at rest
Securing content at rest starts with identifying where sensitive information resides within your content management system as well as in file servers and personal storage repositories across the organization. Once sensitive content is discovered it can be defended using core capabilities of Enterprise Information Management solutions including:
- Access controls – Ensure that content is retrievable and usable for those who need it and protected against unauthorized access and alteration from those who don’t.
- Security classifications - Data classification can be one of the most powerful practices in information security. Applying security classifications such as Top Secret, Secret, Confidential, Restricted, and Public helps ensure information is managed and secured accordingly.
- Records management – Information security becomes more manageable and realistic when you reduce data volumes. Effective RM programs ensure records are retained according to policy and disposed of when no longer required.
- Archive Encryption - Information at rest can be vulnerable. Archive Server solutions allow your organization to encrypt its information within the archive.
Securing content in motion and in use
Securing content at rest is a must but alone it is not enough. To deliver its business value, information needs to be accessed, collaborated on, and shared. A comprehensive information security program needs to consider securing content in motion and securing content in use. There are numerous features and controls within Enterprise Information Management solutions to meet these objectives:
- Secure information exchange – Secure transfer of extremely large files and sensitive business information inside and outside the enterprise with air-tight security and complete audit tracking.
- Secure communication – Secure emailing of confidential information between employees, customers and partners.
- Secure electronic fax - Securely track all faxes, inbound and outbound, with an audit trail. Protect privacy by routing inbound faxes to the recipient’s email address.
- Redaction - Redaction tools mask or remove sensitive data from documents e.g. credit card information for PCI-DSS compliance.
- Meet privacy requirements - Maintain compliance with HIPAA, PCI-DSS and other privacy regulations
- Audit trails – Allow content authors and consumers the ability to view the full information lifecycle, all of the actions that have been performed on a document, by whom and when.
- Email integrity - Email documents to and from the central repository using links to the “single source of the truth”; this prevents the proliferation of duplication of email attachments, protects information integrity, and access controls.
Confidentiality, Integrity and Availability are widely accepted as the Information Security Triad, describing the three core objectives of information security. All OpenText products, solutions, and services are designed, developed, and maintained with security in mind, to provide our customers with assurance that their important assets and information are protected at all times.
Confidentiality is the application of rules that limits access to information. Confidential information has the highest risk of being compromised with employee records, customer records, and intellectual property being the most impacted by security incidents.
Integrity represents the assurance that the information is trustworthy and accurate. Business records provide the evidence to demonstrate regulatory compliance so organizations must be able to attest to the integrity and authenticity of its records.
Availability refers to the guarantee of reliable access to the information by authorized people. Availability is a key objective of enterprise information management, with the scope of availability including issues from information exchange to systems of record and records retention.