Category: Encrypted Digital Media

Video Streaming Encryption

Can Streaming Video be Encrypted?

Our blog post – “Video Encryption – How to Secure Your Digital Content” – we covered the basics of the vulnerabilities video content is susceptible to, and available encryption techniques. With the increasing prevalence of streaming video content, a more in-depth look is now in order.

Streaming video is widely used in online education, from universities to specialty schools. Because such organizations charge tuition, videos that are used in the curriculum are school property – and as such, need to be kept out of the hands of non-students either looking for free instruction or to copy the streaming video and sell it for their own profit. The same applies to corporate training videos and webinars, which can give competitors an advantage if they gain access. And did we mention gaming?

But first, the bad news. There is no way to prevent someone with the determination and skills to access your streaming video from doing so. If videos can be accessed and viewed online, they can be stolen. The best you can do is add protective technology to make your streaming videos more difficult to steal. It’s basically the rationale that law enforcement agencies use when telling people to secure the doors to their home with more than the just the handle lock. Additional measures such as deadbolts and a security system will act as sufficient deterrents for most burglars, who’ll tend to pass up more secure homes for one that’s easier to enter.

What is video encryption?

Anthony Romero described it best for IBM Watson Media, so here it is in its entirety:

“At its essence, video encryption is the process of hiding video from unintended audiences. When working appropriately, it protects data so that it’s watched and accessed just by intended parties. Usually this goes hand-in-hand with other methods to restrict access to content, be it password protection to just placing an embed restricted version of the asset to your site. This is done through encrypting the asset in some manner in order to prevent snooping attacks where access to video could be compromised through a network tap and sniffer technologies.

“It can also include encrypting stored content, going as far as to protect assets in the event of a physical hard drive or database being compromised on location.

“There are a couple of different ways to encrypt content, and several different states that data can be in as well. For the topic of video storage, the common state for these assets is data at rest and also data in transit during delivery to an end viewer.”

What is data at rest?

Very briefly, data at rest is essentially information or assets that aren’t moving through a network. This includes content stored locally, like a video saved on a laptop, and assets that might be saved on databases.

What is data in transit?

Data in transit is information flowing over a network. In the context of video, it’s the delivery of video to an endpoint for playback. It is different from data in use, which is data that might be in the process of being generated, updated or removed.

So, how can you best protect streaming video from being stolen?

When it comes to encrypting video data at rest or in transit, one solution is by using the Advanced Encryption Standard (AES) – a symmetric block cipher that can be implemented in software, hardware and other processes to encrypt sensitive data. It’s the successor to DES (Data Encryption Standard), developed by researchers at IBM in the early 1970s.

How does AES work?

To safeguard assets, AES takes a key and some data (plaintext) as an input and then transforms that into something random, known as ciphertext. This can be anything from part of a document to part of a video asset. Now to get something meaningful out of that ciphertext, AES and the same key used to transform it are required to turn it back into plaintext.

In relation to video in transit specifically, the content is encrypted in a way so that access requires being decoded by authorized players in browsers where the stream is delivered using HTTPS (HTTP over SSL/TLS). This is done through symmetric-key algorithm, which again requires the same key to be used for both encrypting and decrypting the data to get something meaningful from it.

The key is actually a number, and functions as a security method because of the huge amount of different combinations that it could be. The number of combinations depends on what key length or size is used: 128, 192 or 256 bits. The naming conventions relate to each key’s potential number of combinations.

Using a true streaming server provides even greater protection. The big advantage here is that the file is not actually downloaded to the user’s computer – it is seen only as a real-time stream and there is no file left on the user’s hard drive.

A streaming media or streaming video server is a specialized application which runs on an internet server. This is often referred to as “true streaming”, since other methods only simulate streaming.

True streaming has advantages such as:

• Handling much larger traffic loads.

• Detecting users’ connection speeds and supply appropriate files automatically.

• Broadcasting live events.

There are two ways to have access to a streaming server:

• Operate you own server (by purchasing or leasing)

• Sign up for a hosted streaming plan with an ISP (Internet Service Provider)

However, Media College warns that true video streaming in any form can be an expensive business. Unless you really have a need for it, you are probably better off starting with basic HTTP streaming.
Obviously, regardless of the solution you consider, streaming video encryption is not a DIY project. DocuServe provides robust data encryption solutions for a wide variety of industries. Learn about all we offer, then contact us to keep your intellectual property secure.


Digital Documents, Secure Document Management, Cybersecurity Company

Electronic Signatures in Document Management

 

As the majority of organizations now conduct business electronically, securing digital content is essential – as discussed in our blog post, “Secure Digital Content: How it’s Done.” And with the start of the European Union’s (EU) General Data Protection Regulation (GDPR) on May 25, 2018, data privacy has taken on even greater importance – the implications of which were covered in our blog post, “Document Management with GDPR.” The pivotal role of electronic signatures in secure document management for companies that “go paperless” deserves recognition.

So, what is an electronic signature in data management, how does it work, why should you adopt it, and what is the legal standing of electronic signatures?

What is an electronic signature, and how does it work?

Also called a digital signature, an electronic signature is any way of signing a non-printed document. It can be done with your finger, mouse or stylus. It also can be done by typing your name, accompanied by some proof of identification, such as the last four digits of your Social Security number.

Digital Documents, Digital Signatures, Cybersecurity Writing for PandaDoc, SEO specialist Eugene Zaremba makes the distinction between an electronic signature (also known as an eSignature) and a digital signature. The former “… doesn’t necessarily mean legally binding because it refers to any online signature, which can include a copy-paste of your own signature.”

However, Zaremba notes, “The somewhat less commonly used term digital signature is actually more of a correct term. Digital signature or standard electronic signature is actually a coded, encrypted, legally binding digital footprint. The digital signature is made of unique encoded messages — one for each signee — that join together to make a complete, legally binding, standard electronically signed document.”

Just like handwritten signatures, digital signatures are unique to each signer. An algorithm is used to generate two long numbers, which are known as keys. Of the two keys, one is public and the other is private.  

With the signer’s private key – which is always kept securely by the signer – the signature is created when a signer electronically signs a document. Acting like code, the mathematical algorithm creates data that matches the signed document (called a hash) and encrypts it. The encrypted data that results from this process is the digital signature. The electronic sign also bears the time when the document is signed. The digital signature becomes invalid if any change in the document is made after it is signed.

Why your company should be using electronic signatures

Digital Content Security, Cybersecurity Blog, Secure Digital Documents In his article for Inc., tech writer Larry Alton covers the advantages of electronic signatures. Benefits include:

Ease of use – One solution provider Alton references allows the user to upload a document, declare signers and recipients, and deliver a secure link to the recipient. The recipient signs the document to complete the process.

High level of security – Even more secure than traditional paper documents, electronic signatures not only contain a signature, but also traceable information on who signed the document, where the document was signed and when it was signed.

Convenience – In our geographically dispersed world, your business probably deals with clients and vendors in in various cities, states, and countries. Electronic signatures allow remote authentication, making it a convenient option.

Faster turnaround time Businesses that don’t use electronic signatures have to scan, print, sign and send documents to one party, then repeat the process for each of the other parties in the transaction or agreement. With electronic signatures, all parties can sign within seconds.

Lower cost – The amount of money saved in paper, postage, mailing supplies and time make electronic signatures more cost-effective in the long run.

 

The legal standing of electronic signatures

In 1999, the Uniform Law Commission drafted the Uniform Electronic Transactions Act (UETA), which provides a legal framework for the use of electronic signatures. It has been adopted in 47 states, the District of Columbia, Puerto Rico and the U.S. Virgin Islands. Exceptions are Illinois, New York and Washington. In 2000, the United States passed the Electronic Signatures in Global and National Commerce Act (ESIGN Act) to facilitate the adoption of electronic signatures.

However, questions regarding the legal standing of electronic signatures remain among many business people – who are justifiably warry of an unscrupulous client trying to get out of a contract by claiming it isn’t legally binding. Both of these acts confer the same legal status upon electronic signatures as given to those signed by hand on paper documents.

As outlined by SignEasy, an electronic signature must meet the following requirements per the two acts to make it legally binding:

Electronic Signatures, Digital Document Management, Secure Digital Media, Cybrsecurity A clear intent to sign – Just as with a hand-signed signature, electronic signatures are valid only if a user demonstrates a clear intent to sign. It means that you should also have the option of declining the electronic signature request.

Prior consent – The concerned parties must express or imply their consent of doing business electronically.

Clear attribution of signature – This can be determined based on the context and circumstances under which the document was signed.

Association of signature with the record – An electronic signature should be connected to the document that is to be signed.

Record retention – According to the ESIGN Act, the validity of the electronic signature is legitimate as long as the records accurately reflect the agreement and can be reproduced in a court of law as and when required. Leading electronic signature platforms provide users with a fully-executed signed copy, or allow you to download a copy of the signed document.

Making digital management safe and secure, DocuServe offers industry-leading cloud-based solutions for every aspect of your organization. With DocuServe, you get complete control over your content, right down to the document level. Contact us to learn more.


laaS Infrastructure with DocuServe

What is IAAS – Infrastructure as a Service?

Whether your company is a conglomerate or start-up, chances are you are using cloud computing services in one form or another. From sending emails, editing documents, playing games online to watching TV and banking transactions, you are already using the cloud all the time. Cloud computing can take care of all your IT needs – such as servers, software, storage, databases, networking and analytics.

There are three main types of cloud services: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).

Here is what each type does.

SAAS – A distribution model where a cloud service provider hosts all your applications and makes it available to you over the internet.

PAAS – The cloud service provider delivers the operating systems as well as other related services through the web, and you don’t have to bother about installation and downloads – or invest in IT infrastructure.

IAAS – The cloud service provider offers everything that you need for your IT infrastructure. From virtual machines, operating system, and networks to storage, support, and hardware, the provider will offer you everything, which can fulfil all your IT infrastructure needs –without investing money in buying hardware of your own.

All about IAAS

IaaS allows customers to use the IT infrastructure of the cloud service provider on a subscription basis. This model outsources all IT infrastructure needs to the provider, which typically has an on-premise data center that includes servers, networking hardware, virtual machines, operating systems and storage.  The service provider also offers a host of other services that include monitoring, security, billing, load balancing, log access and clustering, as well as storage facilities – such as backup, data recovery and replication.

IaaS users can access these services and resources via a wide area network (WAN) like the internet, and then use the IaaS provider’s services to install the rest of the applications. For example: as a customer, you need to log in to the IaaS platform and create virtual machines, install an operating system (OS), make storage buckets and backups. You can then use the cloud provider’s services to perform many functions, such as cost tracking, network traffic balancing, performance monitoring, disaster recovery management – and even solve application issues.

All cloud computing models work on the participation of the provider, and in most cases act as a third-party organization that sells IaaS. Two of the better-known independent IaaS providers are Amazon Web Services (AWS) and Google Cloud Platform (GCP). As a customer, you can also opt for a private cloud, where you provide your infrastructure services.

Advantages of IAAS

Businesses opt for IaaS because it is an easy, fast and cost-effective option for which they don’t have to invest, support, or manage the infrastructure. In this model, a business subscribes its IT infrastructure needs from a cloud service provider. IaaS is best suited for businesses/ assignments that are new, short-term, or that entail unexpected changes.

IaaS subscribers typically pay only on a per-user basis. At times, IaaS providers bill based on the amount of virtual machine space you use. This convenient payment method turns out to be a better option for businesses that don’t want to invest big money in setting up their own IT infrastructure.

Also, cloud computing works well for several other reasons. It is reliable because it keeps your data safe, offers uninterrupted service and high speed, which increases overall productivity.

 

However, says Ian McClarty, CEO and President of PhoenixNAP Global IT Services,

PhoenixNAP Global IT Services“Infrastructure requires careful planning as well. Determine if a prebuilt  IaaS Solution is a good fit. This can save money and add expertise to your deployment without having to hire on your own.” 

 

Prominent IAAS Venors & Providers

There are several IaaS providers in the market, but selecting one that best serves your needs is a crucial question. Though most of the IaaS providers offer its clients virtual machines, it all comes down to the kind of management and specialized services they are ready to deliver.

For this reason, it is important to evaluate service providers on not just the basis of cloud services they offer, but also on the following factors: management functions, identity management, service level agreements (SLAs), customer support and monitoring tools.

Amazon AWS offers a range of compute and storage services, such as Elastic Compute Cloud (EC2), Glacier, and Simple Storage Services (S3). AWS offers a full range of services and integrated monitoring tools with a competitive pricing structure.

Since Google Compute Engine (GCE) is integrated with other Google services, it is best suited for high-performance computing, data warehousing, big data and analytics applications. GCE also offers a range of compute and storage services.

Windows Azure also offers a range of compute and storage services. It is an easy-to-use administration tool, more so if you are used to working on Microsoft platforms. It is not a Windows-only IaaS.

Rackspace Open Cloud also has an easy-to-use control panel and offers strong customer service apart from offering core cloud compute services.

HP Enterprise Converged Infrastructure is a viable solution for businesses that want to integrate their current IT infrastructure with a public, hybrid or private cloud.

IBM SmartCloud Enterprise offers a range of compute and storage services with a combination of software, management and security features for enterprise cloud administrators.

Tom’s IT Pro offers an informative in-depth look at the above IaaS providers. Of course, this is not a comprehensive list. There are many vendors in the market, some small and others offering niche services.

Again, carefully analyze your needs before selecting a cloud service provider. McClarty advises the following: “If a customized product is a better fit, start by testing some solutions with a smaller deployment before jumping in. By testing a proof of concept, you can get a direct feel for what cloud adoption for your entire

organization may be like. Working with engineers to review detailed architecture ahead of time can reduce costly mistakes and make sure your move goes smoothly. Additionally, if there are compliance requirements, these will need to be identified and considered.”

No matter which IaaS provider you choose, keeping your company’s data secure is always the first priority. DocuServe is a cloud-based digital data protection company providing services that include cloud-based document management, content encryption and distribution, and digital media replication and encryption. Contact us today to learn about our full range of solutions.


Secure your Digital Content from Hackers

Video Encryption – How to Secure Your Digital Content

If you are uploading your music video on the internet, you want others to view it. But if your video pertains to corporate training, you don’t want unauthorized people to access your confidential company information. Video encryption can protect your content from unauthorized viewing.

Data breaches, unauthorized sharing and data theft are risks for everyone doing business these days. To survive in this fiercely competitive world, you need to rely on content security to keep your company information safe and secure.

Encrypting your videos is one way of protecting your corporate information. Once your video content is encrypted, you can safely share the information with your staff, customers, partners and prospects.

There are three options for securing your videos from prying eyes: encrypting the video, protecting the video or doing both of them together.

What is encryption?

While encryption pertains to masking or manipulating the data, protection means securing the file through codecs, passwords, container formats, etc., so that others cannot access the data inside.

But, to get heightened security, you can apply both encryption and protection, which is the best option to protect your content. When you use the word encryption in casual conversation, it might mean encryption, protection, encoding, or all of them in different proportions. Therefore, encryption in this context means protecting your data in every way possible – which, of course, includes both encryption and protection.

What is video encryption?

Video encryption is the process of keeping your video secure from prying eyes. Why do you need to encrypt your videos? There could be two reasons. The first is personal and the second is Digital Rights Management (DRM).

Personal encryption, as the name suggests, is used for personal privacy. For example, when you make a video and want to share it with your family, friends, customers, etc., but at the same time, you don’t want the content to be viewed by unauthorized people.

Digital Rights Management is along the same lines, but involves more complexities. The different levels of DRM are:

  • Qualitative and quantitative video streams for various price points
  • Region-centric video
  • Device or media-centric video
  • Software-centric video
  • Adaptive streaming

So, what is the main difference between personal encryption and Digital Rights Management? In case of personal encryption, except for the intended recipient, everyone else is blocked out. But, in case of DRM, it blocks people out either temporarily or permanently, without human help and on a given set of conditions.

Qualitative and quantitative video streams for different price points – If you are ready to spend more money, you can get 4K, but if you want to pay the lowest price, you will have to settle for SD. Since it directly impacts the resolution (physical data of the video stream), it affects the quality. The more you pay, the higher quality you get.

Region-centric video – Do you want to cater to a particular region? You don’t want other regions/ countries to see the video. The reasons for this form of DRM could be either you are barred by law to cater to other regions, or you want to control the market dynamics. In such scenarios, you need region-specific management.

Device or media-centric – This is done to restrict your media from playing on devices that don’t support it. You create a media that is exclusive to a particular device like iTunes, Kindle, Apple TV, etc., and those that don’t conform to the device are unable to play it.

Software-centric video – You need adequate software support and/or also pay a license fee to play some videos. When the operating system doesn’t support the codecs or if the license is not paid for, then certain NLEs don’t play some codecs. Hence, codec licensing is another way you can control the viewing of your video.
Adaptive streaming – During adaptive streaming, the video dynamically adapts to the resolution, bit rate, etc. of the internet speed and/or some other factors.

What you need to keep in mind before switching to a video encryption standard

Because people have different devices, you need to use multiple encryption methods to protect your video.

What has been encrypted by you today will be decrypted by someone else sooner rather than later. Hence, to get over the problem, you should use larger bit depths to encrypt your content. But this increases your overall costs and is also inconvenient to the end-users.
Technology keeps changing. What you encrypt today might get obsolete three years down the line. For this reason, you may need to eventually re-encode your content, or else it will become unreadable. It means that you need to keep one unencrypted copy of your video in a safe place.
You are bound by the licensing you buy. If someone hacks your encryption service, or if a better option comes up in the market, you will have to start the encryption process from scratch.

How online videos are protected

First, the video is encoded into standard encryption, which is stored in a secure server. Not everyone is allowed access to the video. You need to login to the server with a verified email account and password to view/access the video.
Safe Video EncryptionThe video is transmitted through a secure pathway to the viewer’s computer, and can be viewed on a browser, which decrypts the video. The browser does not allow unauthorized access to other software to either view it or record it. The browser also does not allow the OS to store the content in the viewer’s computer. The secure connection is terminated soon after viewing is complete. For targeted marketing and statistical research, the data from the viewer is passed on to the content provider. With this data, you can also track down pilferages and leakages. And, if by chance the video is downloaded, then the encryption makes sure that it does not play on the available media player.

So, how does video encryption stop piracy?

The “pirate” needs to have adequate knowledge to decrypt the encryption. The pirates have to pay upfront to get a high-quality stream. And, when you pay, it is obvious that the server would have the necessary information on you.

The pirate has to encode the encrypted stream with the help of a software to get an accessible format. The process will either increase the size of the file or reduce the quality of the source. As the size of the file increases, the pirate needs to spend more to upload the data again. Cloud algorithms can use the uploaded source and match it up to the original stream to find out the correlations.

Video encryption options

There are two scenarios when it comes to video encryption: video at rest and video in motion (streaming).
Video at rest – Some options for videos that remain on hard drives or those that are downloaded to play at a later stage are:

  • Advanced Encryption Standard (AES) – 128, 192 or 256 bits
  • Google Widevine
  • Apple Fair Play for videos from iTunes
  • Marlin
  • Windows Protected Media Path or PMP

Video in motion or streaming video – Some option for video in motion or streaming video are:

  • RTMFP and RTMP(E)
  • Soon-to-arrive HTML5 DRM standard

The most secure of the encrypting systems is AES, which has been adopted by the United States government and is now used worldwide.

Obviously, video encryption is not a DIY project. DocuServe provides robust data encryption solutions for a wide variety of industries. Learn about all we offer, then contact us to keep your intellectual property secure.


Digital Content Security, Mobile Security, Encryption Algorithms, Encryption Apps, Secure Mobile Applications

Security Applications & Tips to Keep Your Mobile Device Secure

Mobile security threats are on the rise, and criminals are using top level domains (TLDs) for phishing sites. It started with a trend towards the generic use of (i.e., non-geographic) TLDs such as .support and .cloud to create URLs that appear to be authentic. For example: review-helpteam.support, contact-us.site, summary-account.review

Now, instead of using these gTLDs so simulate authenticity, threat actors have identified a new way to create believable URLs, and it’s focused exclusively on the mobile market. Instead of trying to create legitimate looking URLs, threat actors have started including real, legitimate domains within a larger URL, and padding it with hyphens to obscure the real destination.

While the best defense is to become familiar with these threats and the cyber criminals tactics, there are a few apps such as Mobile Security & Antivirus, Avast Mobile Security, and Trend Micro that help detect malware for mobile users.
-Intro by Lindsey Havens, Senior Marketing Manager at PhishLabs

Digital Content Security Apps

We spoke with Tonia Baldwin of A1 Connect and got two of her favorite apps for online security. The first is Dashlane, a secure password keeper, followed by Folder Lock, an app that locks specific folders and files.

Password Manager App: Dashlane

Dashlane Logo_Mobile Device Security

A strong password is often the difference between your documents staying safe and a catastrophic data breach. Password vault apps like Dashlane are essential if you have lots of accounts on various sites and apps and want to use a different strong password for each one. It also calculates your overall security score and gives you suggestions on how to improve it. Dashlane even generates unique strong passwords for you, so you don’t even need to think of them yourself. 

Using the same password for every site is a way to beckon disaster should one account be hacked into. With password managers, the only password you need to remember is the one to get into the app, so make sure it’s a strong one.

Password Manager App: Folder Lock

Folder Lock Logo_Mobile Device Security

If someone manages to steal your mobile, then there’s not much stopping them from hooking the phone up to their laptop and accessing all of the files they want to. Folder Lock is basically an encryption app that will let you password protect specific folders and files. It’s the melding of physical and virtual security that makes this app a winner.

It also offers other features like cloud-based backup storage and the ability to lock down your apps to keep any personal information in them secure.

7 Tips To Stay Secure on Mobile Devices

Now that you have mobile apps for logging in and keeping your files secure, we wanted to provide tips on how to keep your business and personal networks secure. For that we got in touch with Robert Siciliano, Cyber Security expert with Hotspot Shield, and came up with 7 tips that will keep you and your boss happy!

1- Don’t Buy Apps from Third-Party Sources

Apps are quite popular, and there are many that can help to boost productivity in a business setting. However, Apple devices that are “jailbroken” or Android devices that are “rooted” are outside of the walled garden of their respective stores and susceptible to malicious viruses. Make sure your employees know that they should never buy an app from a third-party source. Only use the official Apple App Store or the Google Play Store.

2- Always Protect Devices

It’s also important that you advise your employees to keep their devices protected with a password. These devices are easy to steal since they are so small. If there is no password, there is nothing stopping a bad guy from getting into them and accessing all of the accounts that are currently logged into the device.

3- Install a Wipe Function on Company Mobile Devices

You should also require all employees to have a “wipe” function on their phones. Even if they are only doing something simple, like checking their work email on their personal mobile device, it could get into the wrong hands. With the “wipe” function, the entire phone can be cleared remotely. You should also require employees to use the setting that erases the phone after a set number of password attempts.

4- Require Company Mobile Devices to Use Anti-Virus Software

It’s also important, especially in the case of Android devices, that all mobile devices on the network have some type of anti-virus software.

5- Do No Jailbroken Devices on Your Company Network

Jailbroken devices are much more vulnerable to viruses and other malware.  So, never allow an employee with a jailbroken phone to connect to your network.

6- All Employees Should Activate Update Alerts

One of the easiest ways to keep mobile devices safe is to keep them updated. So, make sure that all employees have update alerts enabled, and make sure that they are updating their devices when prompted or automatically.

7- Teach Employees About the Dangers of Public Wi-Fi

Finally, make sure your staff knows the dangers of using public Wi-Fi. Public Wi-Fi connections are not secure, so when connected, your devices are pretty open. That means, if you are doing things that are sensitive, such as logging into a company website or accessing franchise accounting records, a hacker can easily follow. Instead, urge employees to use a VPN


What is SAAS

What is SAAS? How Can SAAS Improve Your Business? Is SAAS Safe?

What is SAAS?

SASS stands for Software as a Service. It is a category of cloud computing. Like all cloud computing categories, with SAAS your information is not stored on a traditional digital hard drive, but digitally over offsite servers. SAAS is unique from other forms of cloud computing because it is a system where you are essentially renting software monthly.

Instead of buying a license for the software and spending the money lump sum you pay on an ongoing basis and the software is updated for you automagically and in most cases support for software is included as well,” said Nadeem Azhar, the owner of PC.Solutions.Net.

How does SAAS benefit businesses?

For some companies the initial cost of software is a barrier to entry. As are the demands of additional staff and infrastructure needed to run a traditional server. SAAS allows such companies to obtain software easily, without costly onsite infrastructure, and with a time saving easy install.

SaaS benefits companies in several ways, said Steven Benson, the founder of Badger Maps. “First, SaaS software tends to be a lot cheaper than it was in the past. You’re usually paying for it on a monthly basis, so you pay exactly for what you need. It also tends to be very easy to deploy compared to old-school software because you don’t need to spin up servers. When I worked at IBM, the customer would need to run servers and integrate the software with a bunch of other devices just to use it. This was a far more complicated process. But with SaaS, the service 
is delivered through the browser and is much easier to try out for the 
customer to see if it’s a good fit. Free trials were very complicated to do 
in the past, but now you can just set up someone’s account in a few 
minutes, and help them make a better buying decision.”

Is SAAS Secure?

Yes, SAAS is considered by technology experts to be more secure than traditional data methods.

Many of today’s SAAS companies run on the most trusted and secured
infrastructure in the world. There are procedures in place to make sure SAAS systems remain secure and safe.

“Standard practices need to be followed when designing a SAAS infrastructure,” said Azhar. “Any and every connection should be encrypted, information while at rest should be encrypted and of course the platform should be hosted at a data center that already has security certifications specific to the industry the software serves.”

What are the SAAS trends for the future?

SAAS continues to be a growing field. As people use more and devices, the need for cloud based systems has grown. So has the interest SAAS systems from investors.

“…Private equity money has become more and more interested in the SaaS space and that is a trend I believe will continue,” said Benson.  “I think over the next 5 to 10 years more private equity will flow into the space to helpcapitalize it better, and provide cash resources for growth.”

Learn more about SAAS and other secure cloud services with DocoServe

DocuServe is a cloud based digital protection service that can keep your business’s documents safe and secure. We also offer training for corporations through our service EServe, so your corporation can be update in the latest cooperate technology trends and services.


BYOD

BYOD – Do you know where your content is?

blog images byod

When employees improperly use mobile devices, they put their companies at risk for data breaches. This includes leaving lots of sensitive data on the devices—which can pave the way to leakage of data, plus other issues.

Mobile device use in workplaces is increasing—and so are the associated security risks. Current security measures are lagging behind the increased rate of mobile device use in the corporate realm.

One study not only showed that a lot of company information was left on handsets, but personal information as well was left on, putting employees at risk for personal compromises.

This small study demonstrates a clear need for improved guidelines and policies governing smartphone use and security of the devices. This becomes even more relevant as businesses turn more to cloud storage for data.

Non-approved software-as-a-service (SaaS) apps, used by employees, is widespread, according to a McAfee study. These apps are not approved by the company’s IT department. Employees can easily bypass the IT department by using the cloud. The study showed:

  • Over 80 percent of survey participants reported using unauthorized SaaS apps.
  • About 35 percent of SaaS apps used on the job are not approved.
  • About 15 percent of users have had a security problem using SaaS.

Employees may not realize that their chosen SaaS apps are poorly safeguarded. Such employees aren’t malicious; they’re just trying to be more efficient. Businesses need to find the right balance of protecting themselves yet allowing employees to use apps for increased productivity.

An ideal situation would be to monitor SaaS apps and apply policies that do not inhibit employees’ ability to be productive.  The content itself could have been wrapped in a security blanket.

This would have offered the ability to:

  • Digitally stamp the script with dynamic watermarking identifying the viewer by name and email address (to prevent workarounds such as screenshot-taking);
  • Restrict viewing access based on receiver’s email address, geographical location, or device used (laptop, mobile phone, tablet, etc.);
  • Control sharing, saving, printing capabilities via custom settings for each intended receiver; and
  • See exactly who viewed the script, when (and for how long) they accessed the material, what device they used to look at it, whether or not they forwarded or printed the material (if that permission was granted to them by the sender.)

The Bring Your Own Device movement is no longer a small consideration – it’s something
your business needs to address. Fortunately, there is a lot of expertise being generated about the best way to deploy and manage BYOD in enterprises. From data ownership considerations to online industry survey, here are a few key item to keep in mind on BYOD.

BYOD Devices are Expected to Double by the end of 2014

According to Computer Weekly, device usage is going to double in the next year. However, they also; point out that only 5% of the smartphones and devices have the necessary security software installed, underscoring the need for a content security solution before you implement BYOD.

Are you Considering or Implementing BYOD? Then ask you self these questions.

Is your organization prepared to address?

Support cost – Even your tech savvy employees may not know exactly how to make business applications work properly, or how to utilize maintenance techniques. Thus causing big problems for you and your IT team.

Hardware Compatibility – Is the device capable of handling the task required of the job.  Along with ensuring the hardware is capable of holding tough, make sure you handle which device you will even allow used.  Managing different smartphones can be tricky.

Legal Risk – When your employees bring personal devices into work, what happens if the device gets lost, with your customers critical data on the device?   What if the device brings virus into the company’s network? Or worst your clients’ network.

BYOD Solutions Require Mobile Data Management 

Adopting a mobile device management solution as a stop gap – instead of a strategic move – is a bad idea for CIOs. Research the mistakes IT Department that embrace BYOD early on made and what worked when shifting from one location management to multiple mobile devices offsite. 

When BYOD is Used Who Owns the Data?

When personal devices are used for business purposes, there’s a blending of personal data and business data – so who owns that content?  You have blended data on the device, are there ways that enterprises can protect their data without infringing on personal property.

Make Sure Your BYOD Policy is Complete

BYOD policies help keep your organization and your employees safe. But navigating the ins and outs of policies can be difficult, particularly if your organization is new to allowing personal devices for corporate use. There are many essential elements that go into a successful BYOD policy, do your research!

 


Security

Secure Digital Content: How It’s Done

A few weeks ago, I surveyed a technical writing group on LinkedIn about the importance of security for technical publications and received feedback from more than a dozen industry professionals on this issue. Unilaterally, the responses were in the affirmative.

Document security is a requirement for doing business in government and healthcare, along with many others. The range of answers was broad, and by several accounts, inconsistent. Some companies broadly distribute their user documentation on corporate websites and deem it another form of marketing material.

Joe Hauglie, a Human Performance Consultant for a large equipment manufacturer, said  “There are all types of security, from password-protected PDFs and documents are stored on a secure server, behind a firewall. Companies should have guidelines in place that indicate what should be private or otherwise. I think that all content should be evaluated before it is categorically released. “

While our survey shows that many larger companies have internal processes in place, small and mid-sized businesses are a bit behind in identifying what should be secure and how to secure it. In our experience, this is a bigger issue than protecting pdfs with a simple password, as the passwords can be shared along with the document to anyone without detection.

Some of our clients have asked us for parameters involving security by IP address, controlled web portal, timed access, and view only access. Requirements come in all shapes and sizes with secure digital content. We’d love to hear more stories about how your company solved the document security challenge including the costs in dollars and internal resources.  What’s your experience with digital delivery of secure content?

 


Spies, UNsecured

The Pitfalls of Unsecured Digital Documents

Over the last few years, I have seen dozens of conversations in professional training forums about digital content delivery strategies, including what formats are most effective, what is required to deliver them, and how these digital formats can be securely encrypted.

Questions like:

Is there any value in a do-it-yourself solution to remix existing third-party material and custom content for delivery to any tablet or mobile device?

What are the benefits of timed content delivery?

I’m researching delivery options for a new learning curriculum. Can anyone share any lessons learned on different delivery models?

Is there content that can be taught most effectively only through a certain medium, such as elearning using mixed digital content vs. traditional classroom training, for instance?

While training professionals should understand these issues and create learning experiences in appropriate mediums, delivery considerations often distract them from what they most need to focus on: creating the content. While many enterprise companies have brought this function in house, small and mid-sized businesses are often without a reliable solution and are winging it. These companies often create simple, easily broken password-protected PDFs and call it a day, leaving their intellectual property up for grabs by their competitors.

When asked about these practices, my colleagues share stories that would give the company legal department pause. If your company’s content and people are what gives you the market edge, why would you leave your playbook in the other team’s locker room? The main response is about time and money. When there are so many options to consider- from ebooks formats and timed- access, to print and sharing considerations, many training professionals don’t have time to wade through the options and develop an organizational strategy.

If the resource isn’t in house, and your company values content security, it makes sense to find a partner who can help you develop an approach to content delivery and security, doesn’t it?  What’s your strategy?

Topics: Secure Content


Twitter: @Docuserve

Facebook: @Docuserve