Protecting Digital Print
I'm reporting from the 2008 PODi AppForum in Las Vegas. For those of you who haven't heard of the PODi AppForum before, it's an educational conference for digital print and direct marketing professionals to foster the growth of the digital printing industry through market and standards development activities.
At the conference today, I had the opportunity to speak with printing professionals about their security and data protection concerns. In my session, we talked about the importance of understanding security and ways to build confidence in managing it so that risk associated with routine business activities and practices can be reduced to an acceptable level. The 'business of business' often overrides the 'business of security.' Meaning, important information may be developed over time, increasing in value all the while, yet it is handled without security in mind. The lack of process and recognition of the increase in value makes the information more vulnerable to theft, loss or misappropriation.
For example, the absences of policies and documented procedures may result in the mishandling of proprietary customer information that results in compromise or unauthorized use or disclosure. Whether intentional or unintentional, such incidents inevitably result in damage to reputation and credibility. Similarly, a trusted inside employee that steals the "customer list," diminishes the company's bottom-line because competitors can use the information in a way that levels the competitive playing field. All too often, companies do not take inventory of such information that may have taken years to develop, and the cost is huge. Unfortunately, it is only when such information falls into the wrong hands that it's true value is appreciated. Then it is too late. I urged the attendees, like everyone else, to stop, think, comprehend and act by developing a strategic plan and a security implementation that serves to transform this paradigm.
Though security technologies cost good money, good security is not equivalent to good technology. Good security requires more than technology. It requires a culture of good people as well. Bad security on the other hand, can have good technologies, good intentions and good money, but fail because of this. The cost of bad security comes out of the pockets of those who get it wrong or don't get it at all.
Print professionals should get strategic and manage security as a process. Alignment with the internationally accepted information security standard - ISO/IEC 27002:2005 Information Technology, Security Techniques, Code of Practice for Information Security Management - provides a framework to develop an Information Security Management System (ISMS) that recognizes these elements and integrates them with business, regulatory and legal requirements.
Dave Drab, CISSP
Principal, Information Content Security Services
Xerox Global Services