Taking the Steps to Develop a Document Data Security Practice Ok, in the last several articles I have outlined the significant uptick in data security breaches as well as customer and government awareness and actions. I also have outlined the current size of the data security market and the future growth potential. The reality is, this is one of those rare opportunities that comes along once in a business lifetime. A market that is on the leading edge (not the bleeding edge), is currently substantial, growing at a rapid pace, will never go away and only get more important and larger. If you don't believe me, just go online and start browsing information regarding data security, or attend industry conferences like RSA and others and you will find that the number of people, subjects, challenges and opportunities already existing today are both mind-boggling and exciting. For that matter, look within your own space-all of the major manufacturers of printers, copiers, scanners etc. (Ricoh, Toshiba, Canon, Xerox, HP, Fujitsu and all the rest) are well into the data/document/print security world. Each with ever evolving strategies and offerings in services, solutions and technologies (both hardware and software) either developed on their own or working with partners to offer expanded support for the market. The good news is they are validating the market and there is room for all types of players that can develop the domain expertise and provide services, solutions and products to assist your current and future customers, that means you too (or if not, your competitors). Today the rapid development of applications, devices, storage environments and sources of data combined with the convergence of traditional, more mature document markets with evolving electronic content markets is growing at light speed. This lends itself to substantial business opportunities for those willing to commit to opening up their thinking to take their current core competencies and extend them by adding a document/data security practice to their offerings. So what is the best approach to looking at where to begin? Follow last month's article by asking the fundamental questions about how your customers are currently addressing document and data security. Begin with the services approach by developing a good set of questions around the areas you are currently addressing for them, whether it is hardware and supplies, Managed Print Services or additional services and solutions that involve software applications. So as you evaluate the path to take, start with the information gathering. It is a critical area and one that if not done correctly can lead down the wrong path. This is also where you have the opportunity through educating your own organization to become document/data security domain experts and extend your organization's value to your customers. When it comes to data security there are many areas that come into play. For the sake of focus we are not going to spend much time on network, malware and virus protection; although these are essential areas they are generally not the areas where this audience would extend its reach. Also, there are many players already in those areas so it doesn't make sense when there are many more natural extensions of your business that are not being as broadly served to participate in. I want to take a moment to remind you here to not forget the critical points I made in previous articles: l Creating a Control Conscience Corporate Culture (4C's)™ of Data Security is the ultimate objective and that begins with the tone at the top of both your organization and your customer's organization. l It is essential to focus on the three important prongs of creating a sustainable and effective environment: People, Process & Technology. l All of the organizations you are dealing with have most likely already recognized this as an important area and made some level of investment at least in network security, malware and virus protection. So leverage that in your conversations with them. l The legal and compliance requirements and risks are expanding rapidly and no matter what size or type of organization, if they aren't beginning to develop a strategic approach to this important area they are clearly heading for a potential catastrophic event. l Finally, although compliance is an issue, it is really about quality internal controls and ultimately focusing on this as a risk to the financial value of the organization and its brand, or an opportunity to increase their financial and brand value. So now the approach both for you and your customers should be to walk before you run. There certainly should be a sense of urgency to begin. However take a strategic approach that turns into operational objectives and goals with time specific and measurable results. Also, it is important to focus on the highest areas of risk involving the most valuable and sensitive data or documents first. The old adage "How do you eat an elephant? One bite at a time!" really does apply here both to be effective and to provide a comfort level that does not overwhelm your organization or customer. Next, I have found it is important to initially take a more simplified approach to thinking about the potential areas of data breaches. This includes both physical and electronic. Here are the areas to look most closely at when you are evaluating an environment: 1. Where and when the document or data file (including meta-data) is created 2. Where is that information stored, if physical (filing cabinets, desks, disks, offsite storage facilities etc.) if electronic (servers, desktops, laptops, phones, pda's, printers, copiers, scanners, in the cloud etc.)? 3. Transportation or exchange, when the information is physically or electronically moved 4. Alteration, when a document or file is altered in any way you need to go back and start at step one again to assure the proper people, process and technology are accessing it or impacting it In my years of selling and managing technology companies I have developed a philosophy that has served me well. Focus on five areas or, as I like to call them, abilities and really drill down on them and your odds of success will increase dramatically. l Interoperability - the more that your services and solutions can integrate with an organization's current and planned technologies and environments, the more likely they are to buy. The less consumer behavior change you create while adding value the better. l Deployability - the simpler and more effective the deployment for you as a partner and ultimately what the customer sees and experiences, the more likely they are to adopt your current and future offerings. l Usability - the product or service has to be user friendly. That is defined not by you but by the individuals within the organizations that have to use it. It is important to consider that there are all different levels of competencies within an organization and the more simple you make it for the lowest common denominator to use, the better chance you have for customer satisfaction and reaching the ROI's that were expected. Also, from a stickiness standpoint when people find something easy to use and beneficial they are less likely to change. l Extendibility - during the development of your data/document security strategy look at solutions, services and offerings that allow you to go back to the customers to extend your value. Put you and your customer in a position to be able to add to the offerings you are providing today with complimentary or future upgrades that continue to improve their productivity and the security of their mission critical data. l Profitability - if your culture, strategy, assessments and execution around the first four bullets are strong, then the odds are high that you are going to provide your customers with very positive ROI's. You are also very likely to have a profitable, sustainable and growable data security practice. So to start, look at the data security features and offerings being promoted and provided by your current suppliers. Are you and your organization talking with your current customer base and future prospects about them every chance that you have? If not, it is a good reason to circle back to them and ask them what is their current position and approach to data/ document security. Start with the basics. Are hard drives and storage environments being wiped clean when and where appropriate? Are the areas where the data is critical hard drives removable? What happens to the hard drives when a piece of equipment is disposed of? Does the current piece of equipment have an erasable memory when shutdown? Can data be overwritten when appropriate? Are critical documents/files encrypted upon creation, in transport, in storage or when altered? Are proper process and authorizations given and signed off on before data is accessed? These are all fundamental offerings today that you can start to consider as the early stage of building a document/data security practice. Just like you have grown your business today, you started with a fundamental offering and then transitioned as needs and opportunities arose. In closing, my favorite quote is "Truly powerful people commit to the future, and use that to impact the circumstances." Whether you like it or not your customer's futures will rely more and more on organizations that can assist them in protecting their most valuable asset, their information. My question to you is, with that being the case what does the future of your business look like and what circumstances do you need to start impacting to lead you there? David Anastasi, CEO, eDocument Sciences LLC, Prior to eDocument Sciences served as President & CEO Captaris, Inc. acquired by OpenText in October 2008, also currently Board Member of Onehub, Inc. eDocument Sciences partners with public, private, educational and government organizations securing their most important asset, mission-critical data. We assist in the development and management of Data Governance programs that focus on People, Processes, and Technology. We deliver results by matching technology, distribution and services companies focused on data security with each other, distribution partners and customers. Our focus is on delivering highly secure environments increasing productivity, scalability, and ultimately higher value. Contact information: E-mail: danastasi@edocumentsciences.com, Cell: 425-246-2424 or Website: www.edocumentsciences.com.