How Secure Is Your Digital Content?

A robber holding a computer

How Secure Is Your Digital Content?

Data security is – or should be – a top priority for businesses both big and small. With data breaches increasing, it is imperative to implement security measures at every level. So, what should organizations do to streamline and secure their digital workplace and content? Our DocuServe team offers information about essential tools, trends and advice – especially for web developers who use WordPress.

Collaboration in the cloud – the advent of the CCP

Every business knows that a migration to the cloud is necessary. The productivity gains of going paperless and the sheer speed of a digitally-integrated workflow are only possible with a well-implemented content collaboration platform (CCP) solution.

As defined by Gartner, the CCP market covers a range of products and services that enable content productivity and collaboration. CCPs are aimed at individuals and teams, inside or outside an organization. Additionally, CCPs increasingly support lightweight content management and workflow use cases.

Why does your digital workplace need a CCP?

If you want to improve productivity and teamwork, you need to devise secure ways for content sharing and collaboration with your employees and colleagues both inside and outside your organization. According to Gartner’s content collaboration magic quadrant, 50 percent of midsize and large organizations in mature regional markets are expected to use a CCP by 2022 to improve productivity and collaboration and implement document workflows.

CCPs not only empower and connect people, but also enable a new level of productivity, collaboration and efficiency. Just as importantly, it covers security and compliance issues, in addition to helping meet business goals. As outlined by Gartner, the core functionalities of CCPs include:

  • Mobile access to content repositories.
  • File synchronization across devices and cloud repositories.
  • File sharing with people and applications, inside or outside an organization.
  • Team collaboration with dedicated folders.
  • A content repository, which can be cloud-based or on-premises, native to the CCP platform or based on other file servers or repositories.

Using these workplace apps separately and out of context of a CCP platform is difficult and trying for employees to use to perform specific tasks. Also, managers and employees perceive these workplace apps in a different light. When you opt for a CCP, you can eliminate most of these problems because they offer different levels of support for the following:

  • Data protection and security
  • Usability
  • Mobility
  • Simplicity
  • User productivity
  • File manipulation
  • Content management
  • Collaboration
  • Analytics
  • Workflow
  • Data governance
  • Integration
  • Management
  • Administration
  • Storage

What to avoid

KIssflow’s Employee Experience Survey was conducted to assess the day-to-day interactions of the employees and leaders of various industries with workplace software – and the extent to which the workplace software affects the overall employee experience. Findings revealed the following:

  • The opinion is different among employees and leaders on how much workplace software they use.
  • Employees are less satisfied with the software they use than the leaders.
  • Employees are less likely to believe than their leaders that workplace technology empowers them to do their jobs in a better way.
  • When it comes to using workplace technology to their advantage, employees face several obstacles. Some of these obstacles are inadequate training, confusing and complex interface, and lack of guided learning tools.

According to Kissflow CEO Suresh Sambandam, “We can’t build enterprises as we did a decade or so ago, but the problem is, we’ve started working for the tools we’ve implemented, instead of the tools working for us. Each time a tab is switched, productivity goes down and some momentum is tossed away.

“With a digital workplace, enterprises are providing a radically new experience so that working is easy and fun, and not a burden to fathom all the things that are going on in 6-7 different applications running as siloed tabs on people’s browsers.”

CCPs offer complete data protection and uninterrupted service, and can be extremely useful for start-ups that have small teams and need to work closely with external teams on different projects. With a CCP in place, you can communicate efficiently to complete projects which need collaboration. It keeps your business organized and help you avoid workplace silos.

Keeping your digital content secure

As previously mentioned, information security is a serious threat to organizations worldwide. Your data is a major investment – as is your website. Because 25 percent of websites are powered by WordPress, it should not be surprising that hackers frequently target WordPress sites.

Fly Plugins offers crucial tips for keeping your digital assets safe and secure.

Make sure your foundation is strong – When you talk of security, you need to ensure that your foundation is secure. And, a secure foundation starts with your laptop or desktop computer. Should the hackers compromise your device, you can’t do much by securing WordPress.

Use a strong password – Not to be rude, but you’re probably not as clever as you think you are. Don’t use a password that has a personal meaning you believe no one will ever guess, or assume that no hacker would try anything as obvious as “password 123” or “password.” Don’t keep a text file or spreadsheet of your password. Never use a sticky note on your laptop that has all of your passwords.

In addition:

  • The physical security of your laptop is of utmost importance. Make sure that you keep it in a safe place to prevent theft.
  • Always use an antivirus program – add a firewall for additional security.
  • Always use a secure Wi-Fi connection.
  • If your organization has a bring-your-own-device (BYOD) policy, take the appropriate security measures. Our blog post on the topic covers what you need to know.  

Select a secure web hosting service – Server-level security is also of utmost importance. When you select a web hosting service provider, perform your due diligence so that you know in detail the level of security it provides.

Set up WordPress correctly from the start – Do not use ‘admin’ as the primary administrator account. Ensure that you do not begin your database table names with ‘wp.’ Again, use strong passwords for the admin account, and use multilevel authentication.

Keep yourself updated –Keep current on all security updates, as well as WordPress, themes, and plugins. Have a staging site so you can test the updates before using them on your live site.

Also, ensure that you only install plugins you trust. In most cases, the plugins available on the WordPress site are safe. You need to be careful with free plugins. It is important to go through the reviews before installing them. Never download a free premium plugin.

Secure the goods – You can install the free Sucuri plugin, which performs all the necessary security monitoring and malware detection, and has tools that harden your WordPress site. The Sucuri scan feature can clean your site, and its primary features include security activity auditing, file integrity monitoring, remote malware scanning, blacklist monitoring, effective security hardening, post-hack security actions, security notifications and website firewalls.

No matter what platform your company uses to meet its unique needs, DocuServe specializes in offering industry-leading solutions for keeping your digital content safe. Our secure document and rich media sharing app can reduce the risk of data exposure. With DocuServe, you can easily control content distributed to employees, vendors, and potential customers. Contact us to learn more.

 


Video Streaming Encryption

Can Streaming Video be Encrypted?

Our blog post – “Video Encryption – How to Secure Your Digital Content” – we covered the basics of the vulnerabilities video content is susceptible to, and available encryption techniques. With the increasing prevalence of streaming video content, a more in-depth look is now in order.

Streaming video is widely used in online education, from universities to specialty schools. Because such organizations charge tuition, videos that are used in the curriculum are school property – and as such, need to be kept out of the hands of non-students either looking for free instruction or to copy the streaming video and sell it for their own profit. The same applies to corporate training videos and webinars, which can give competitors an advantage if they gain access. And did we mention gaming?

But first, the bad news. There is no way to prevent someone with the determination and skills to access your streaming video from doing so. If videos can be accessed and viewed online, they can be stolen. The best you can do is add protective technology to make your streaming videos more difficult to steal. It’s basically the rationale that law enforcement agencies use when telling people to secure the doors to their home with more than the just the handle lock. Additional measures such as deadbolts and a security system will act as sufficient deterrents for most burglars, who’ll tend to pass up more secure homes for one that’s easier to enter.

What is video encryption?

Anthony Romero described it best for IBM Watson Media, so here it is in its entirety:

“At its essence, video encryption is the process of hiding video from unintended audiences. When working appropriately, it protects data so that it’s watched and accessed just by intended parties. Usually this goes hand-in-hand with other methods to restrict access to content, be it password protection to just placing an embed restricted version of the asset to your site. This is done through encrypting the asset in some manner in order to prevent snooping attacks where access to video could be compromised through a network tap and sniffer technologies.

“It can also include encrypting stored content, going as far as to protect assets in the event of a physical hard drive or database being compromised on location.

“There are a couple of different ways to encrypt content, and several different states that data can be in as well. For the topic of video storage, the common state for these assets is data at rest and also data in transit during delivery to an end viewer.”

What is data at rest?

Very briefly, data at rest is essentially information or assets that aren’t moving through a network. This includes content stored locally, like a video saved on a laptop, and assets that might be saved on databases.

What is data in transit?

Data in transit is information flowing over a network. In the context of video, it’s the delivery of video to an endpoint for playback. It is different from data in use, which is data that might be in the process of being generated, updated or removed.

So, how can you best protect streaming video from being stolen?

When it comes to encrypting video data at rest or in transit, one solution is by using the Advanced Encryption Standard (AES) – a symmetric block cipher that can be implemented in software, hardware and other processes to encrypt sensitive data. It’s the successor to DES (Data Encryption Standard), developed by researchers at IBM in the early 1970s.

How does AES work?

To safeguard assets, AES takes a key and some data (plaintext) as an input and then transforms that into something random, known as ciphertext. This can be anything from part of a document to part of a video asset. Now to get something meaningful out of that ciphertext, AES and the same key used to transform it are required to turn it back into plaintext.

In relation to video in transit specifically, the content is encrypted in a way so that access requires being decoded by authorized players in browsers where the stream is delivered using HTTPS (HTTP over SSL/TLS). This is done through symmetric-key algorithm, which again requires the same key to be used for both encrypting and decrypting the data to get something meaningful from it.

The key is actually a number, and functions as a security method because of the huge amount of different combinations that it could be. The number of combinations depends on what key length or size is used: 128, 192 or 256 bits. The naming conventions relate to each key’s potential number of combinations.

Using a true streaming server provides even greater protection. The big advantage here is that the file is not actually downloaded to the user’s computer – it is seen only as a real-time stream and there is no file left on the user’s hard drive.

A streaming media or streaming video server is a specialized application which runs on an internet server. This is often referred to as “true streaming”, since other methods only simulate streaming.

True streaming has advantages such as:

• Handling much larger traffic loads.

• Detecting users’ connection speeds and supply appropriate files automatically.

• Broadcasting live events.

There are two ways to have access to a streaming server:

• Operate you own server (by purchasing or leasing)

• Sign up for a hosted streaming plan with an ISP (Internet Service Provider)

However, Media College warns that true video streaming in any form can be an expensive business. Unless you really have a need for it, you are probably better off starting with basic HTTP streaming.
Obviously, regardless of the solution you consider, streaming video encryption is not a DIY project. DocuServe provides robust data encryption solutions for a wide variety of industries. Learn about all we offer, then contact us to keep your intellectual property secure.


What is SAAS

What is SAAS? How Can SAAS Improve Your Business? Is SAAS Safe?

What is SAAS?

SASS stands for Software as a Service. It is a category of cloud computing. Like all cloud computing categories, with SAAS your information is not stored on a traditional digital hard drive, but digitally over offsite servers. SAAS is unique from other forms of cloud computing because it is a system where you are essentially renting software monthly.

Instead of buying a license for the software and spending the money lump sum you pay on an ongoing basis and the software is updated for you automagically and in most cases support for software is included as well,” said Nadeem Azhar, the owner of PC.Solutions.Net.

How does SAAS benefit businesses?

For some companies the initial cost of software is a barrier to entry. As are the demands of additional staff and infrastructure needed to run a traditional server. SAAS allows such companies to obtain software easily, without costly onsite infrastructure, and with a time saving easy install.

SaaS benefits companies in several ways, said Steven Benson, the founder of Badger Maps. “First, SaaS software tends to be a lot cheaper than it was in the past. You’re usually paying for it on a monthly basis, so you pay exactly for what you need. It also tends to be very easy to deploy compared to old-school software because you don’t need to spin up servers. When I worked at IBM, the customer would need to run servers and integrate the software with a bunch of other devices just to use it. This was a far more complicated process. But with SaaS, the service 
is delivered through the browser and is much easier to try out for the 
customer to see if it’s a good fit. Free trials were very complicated to do 
in the past, but now you can just set up someone’s account in a few 
minutes, and help them make a better buying decision.”

Is SAAS Secure?

Yes, SAAS is considered by technology experts to be more secure than traditional data methods.

Many of today’s SAAS companies run on the most trusted and secured
infrastructure in the world. There are procedures in place to make sure SAAS systems remain secure and safe.

“Standard practices need to be followed when designing a SAAS infrastructure,” said Azhar. “Any and every connection should be encrypted, information while at rest should be encrypted and of course the platform should be hosted at a data center that already has security certifications specific to the industry the software serves.”

What are the SAAS trends for the future?

SAAS continues to be a growing field. As people use more and devices, the need for cloud based systems has grown. So has the interest SAAS systems from investors.

“…Private equity money has become more and more interested in the SaaS space and that is a trend I believe will continue,” said Benson.  “I think over the next 5 to 10 years more private equity will flow into the space to helpcapitalize it better, and provide cash resources for growth.”

Learn more about SAAS and other secure cloud services with DocoServe

DocuServe is a cloud based digital protection service that can keep your business’s documents safe and secure. We also offer training for corporations through our service EServe, so your corporation can be update in the latest cooperate technology trends and services.


BYOD

BYOD – Do you know where your content is?

blog images byod

When employees improperly use mobile devices, they put their companies at risk for data breaches. This includes leaving lots of sensitive data on the devices—which can pave the way to leakage of data, plus other issues.

Mobile device use in workplaces is increasing—and so are the associated security risks. Current security measures are lagging behind the increased rate of mobile device use in the corporate realm.

One study not only showed that a lot of company information was left on handsets, but personal information as well was left on, putting employees at risk for personal compromises.

This small study demonstrates a clear need for improved guidelines and policies governing smartphone use and security of the devices. This becomes even more relevant as businesses turn more to cloud storage for data.

Non-approved software-as-a-service (SaaS) apps, used by employees, is widespread, according to a McAfee study. These apps are not approved by the company’s IT department. Employees can easily bypass the IT department by using the cloud. The study showed:

  • Over 80 percent of survey participants reported using unauthorized SaaS apps.
  • About 35 percent of SaaS apps used on the job are not approved.
  • About 15 percent of users have had a security problem using SaaS.

Employees may not realize that their chosen SaaS apps are poorly safeguarded. Such employees aren’t malicious; they’re just trying to be more efficient. Businesses need to find the right balance of protecting themselves yet allowing employees to use apps for increased productivity.

An ideal situation would be to monitor SaaS apps and apply policies that do not inhibit employees’ ability to be productive.  The content itself could have been wrapped in a security blanket.

This would have offered the ability to:

  • Digitally stamp the script with dynamic watermarking identifying the viewer by name and email address (to prevent workarounds such as screenshot-taking);
  • Restrict viewing access based on receiver’s email address, geographical location, or device used (laptop, mobile phone, tablet, etc.);
  • Control sharing, saving, printing capabilities via custom settings for each intended receiver; and
  • See exactly who viewed the script, when (and for how long) they accessed the material, what device they used to look at it, whether or not they forwarded or printed the material (if that permission was granted to them by the sender.)

The Bring Your Own Device movement is no longer a small consideration – it’s something
your business needs to address. Fortunately, there is a lot of expertise being generated about the best way to deploy and manage BYOD in enterprises. From data ownership considerations to online industry survey, here are a few key item to keep in mind on BYOD.

BYOD Devices are Expected to Double by the end of 2014

According to Computer Weekly, device usage is going to double in the next year. However, they also; point out that only 5% of the smartphones and devices have the necessary security software installed, underscoring the need for a content security solution before you implement BYOD.

Are you Considering or Implementing BYOD? Then ask you self these questions.

Is your organization prepared to address?

Support cost – Even your tech savvy employees may not know exactly how to make business applications work properly, or how to utilize maintenance techniques. Thus causing big problems for you and your IT team.

Hardware Compatibility – Is the device capable of handling the task required of the job.  Along with ensuring the hardware is capable of holding tough, make sure you handle which device you will even allow used.  Managing different smartphones can be tricky.

Legal Risk – When your employees bring personal devices into work, what happens if the device gets lost, with your customers critical data on the device?   What if the device brings virus into the company’s network? Or worst your clients’ network.

BYOD Solutions Require Mobile Data Management 

Adopting a mobile device management solution as a stop gap – instead of a strategic move – is a bad idea for CIOs. Research the mistakes IT Department that embrace BYOD early on made and what worked when shifting from one location management to multiple mobile devices offsite. 

When BYOD is Used Who Owns the Data?

When personal devices are used for business purposes, there’s a blending of personal data and business data – so who owns that content?  You have blended data on the device, are there ways that enterprises can protect their data without infringing on personal property.

Make Sure Your BYOD Policy is Complete

BYOD policies help keep your organization and your employees safe. But navigating the ins and outs of policies can be difficult, particularly if your organization is new to allowing personal devices for corporate use. There are many essential elements that go into a successful BYOD policy, do your research!

 


Security

Secure Digital Content: How It’s Done

A few weeks ago, I surveyed a technical writing group on LinkedIn about the importance of security for technical publications and received feedback from more than a dozen industry professionals on this issue. Unilaterally, the responses were in the affirmative.

Document security is a requirement for doing business in government and healthcare, along with many others. The range of answers was broad, and by several accounts, inconsistent. Some companies broadly distribute their user documentation on corporate websites and deem it another form of marketing material.

Joe Hauglie, a Human Performance Consultant for a large equipment manufacturer, said  “There are all types of security, from password-protected PDFs and documents are stored on a secure server, behind a firewall. Companies should have guidelines in place that indicate what should be private or otherwise. I think that all content should be evaluated before it is categorically released. “

While our survey shows that many larger companies have internal processes in place, small and mid-sized businesses are a bit behind in identifying what should be secure and how to secure it. In our experience, this is a bigger issue than protecting pdfs with a simple password, as the passwords can be shared along with the document to anyone without detection.

Some of our clients have asked us for parameters involving security by IP address, controlled web portal, timed access, and view only access. Requirements come in all shapes and sizes with secure digital content. We’d love to hear more stories about how your company solved the document security challenge including the costs in dollars and internal resources.  What’s your experience with digital delivery of secure content?

 


Spies, UNsecured

The Pitfalls of Unsecured Digital Documents

Over the last few years, I have seen dozens of conversations in professional training forums about digital content delivery strategies, including what formats are most effective, what is required to deliver them, and how these digital formats can be securely encrypted.

Questions like:

Is there any value in a do-it-yourself solution to remix existing third-party material and custom content for delivery to any tablet or mobile device?

What are the benefits of timed content delivery?

I’m researching delivery options for a new learning curriculum. Can anyone share any lessons learned on different delivery models?

Is there content that can be taught most effectively only through a certain medium, such as elearning using mixed digital content vs. traditional classroom training, for instance?

While training professionals should understand these issues and create learning experiences in appropriate mediums, delivery considerations often distract them from what they most need to focus on: creating the content. While many enterprise companies have brought this function in house, small and mid-sized businesses are often without a reliable solution and are winging it. These companies often create simple, easily broken password-protected PDFs and call it a day, leaving their intellectual property up for grabs by their competitors.

When asked about these practices, my colleagues share stories that would give the company legal department pause. If your company’s content and people are what gives you the market edge, why would you leave your playbook in the other team’s locker room? The main response is about time and money. When there are so many options to consider- from ebooks formats and timed- access, to print and sharing considerations, many training professionals don’t have time to wade through the options and develop an organizational strategy.

If the resource isn’t in house, and your company values content security, it makes sense to find a partner who can help you develop an approach to content delivery and security, doesn’t it?  What’s your strategy?

Topics: Secure Content


Twitter: @Docuserve

Facebook: @Docuserve