A Focus on Security
A number of reasons (both financial and strategic) are driving companies to online document management services from trusted vendors such as BMI Imaging. This shift away from traditional in-house approaches is well underway with more than 70% of organizations actively planning or implementing cloud technologies today (according to InformationWeek April 2015 survey).
In the first of our 3-part “Moving to the Cloud” blog series, we focus on document hosting solutions, the core of cloud-based document management, and its key underlying requirement – security.
Security: The Number One Concern when it comes to Cloud-Based Document Management
Whether you’re a new company or an established organization, your customers’ trust is your number one asset. That’s why your move to the cloud-based document management requires a secure foundation that protects customer data and your business reputation.
In the InformationWeek survey mentioned above, almost 90% of respondents are very or moderately concerned about cloud-based security. Specifically, 45% of IT organizations are concerned about general security and 41% of IT organizations are worried about data loss / leakage.
5 Steps to a Secure, Cloud-Based Document Management Foundation
There are five steps that you should consider to minimize your risk when moving to cloud-based document management systems.
Step 1: Partner with a Trusted Cloud-Based Document Management Provider
Moving to cloud-based document management is not only about technology, but also about updating and integrating with key business processes already in place. BMI Imaging provides over 50 years of know-how, with more than 2,000 customers (commercial and government). We have developed over 400 unique image and data management tools and process control routines. In addition, we offer dedicated project management staff for personalized attention to your needs.
Step 2: Review Critical Vendor Infrastructure
It is important to review the vendor infrastructure. Example questions include: Is there 24/7/365 monitoring of all IT operations? What about redundancy protection? Is it N+2 (or better) for all critical systems? Is 2N+2 electrical power redundancy in place? Where are the local and remote (Disaster Recovery / Continuity) locations?
Step 3: Investigate Industry Certifications and Compliance
Does the cloud-based document management vendor undertake regular and rigorous SSAE-16 Type II/SAS 70 audits, with zero exceptions? Is PCI DSS compliance in place Existing Federal FISMA compliance with NIST 800-53 moderate baseline controls?
Step 4: Ensure Offline Security
Don’t forget about security of the physical facilities. Is there any public access to the facilities? Do 100% of vetted personnel have to be securely signed in and escorted at all times? What about multi-factor identification, including biometric and multi-level security zones? Are there digital cameras installed to monitor secure areas 24/7? Is there a physically separate caged environment within the secure data center?
Step 5: Secure End-User and Administrative Access
Are there simple administration and user selection and access rights? Is SSL encryption and IP lock security in place? Can you access the full audit trail and report on any document accessed?
The five steps above are a good foundation for ensuring that you minimize any risks associated with your cloud-based document management project. Contact a BMI specialist if you’d like to walk through any specific requirements.