Information security and data protection are ever-present challenges that affect every business and are woven into every process that makes them run. When organizations make the decision to automate those processes, security should be a foundational consideration—though sometimes it’s an afterthought. While businesses seek more efficiency, productivity gains and cost savings that automation can provide, they should also understand the security benefits of partnering with the right provider.
According to Tina Kakaria, global leader of Xerox business process automation service offering for clients, security must be integrated into everything technology and service providers offer. Kakaria, a 30-year veteran at Xerox, says data is growing exponentially, but it is not in a format that is usable by computers. So most companies still rely on people to work this data manually, which is slow, costly, and risky. Automating your business processes and securing that data as it is ingested and used is of critical importance.
“We ensure full chain of custody from the very start when a paper or digital document comes in right through to when we send that data to the client system,” she says. “Through it all, we prioritize security, protecting our clients’ data at every step. We ensure a seamless, secure path from document capture to intelligent processing to automation, delivering the right data to the right place to serve at the right moment for our clients to be successful.”
Paper documents are inherently vulnerable, while digital formats offer stronger security controls. Digitizing and automating processes minimize manual handling and enhances overall information security, Kakaria explains. While many organizations have digitized the paper documents used in business processes, others have not yet done so. For those that wish to hang on to physical documents rather than digitize, loss, damage or theft are major security concerns, along with the inability to audit and encrypt them. Physical storage and security risks represent the most significant cost drivers.
“Ultimately, digitizing documents and automating a business process enhances security by reducing the reliance on the vulnerable manual handling of paper,” she notes. “So that, in itself, is a better state for our client.”
And Xerox, she says, which digitizes more than a billion pages per year globally, is perfectly positioned to deliver successful results for clients while improving their data security.
Once documents are digitized, security concerns shift from physical to cyber. Xerox’s clients entrust the firm with mountains of data, some of it containing sensitive data such as personally identifiable information (PII) and protected health information (PHI), which it uses to automate business processes. That data, depending on where it comes from, is subject to stringent regulations of one kind or another.
“So, we start by understanding each client’s specific security and compliance needs” she notes. “As a global provider, we align with local regulations and support multilingual regions specific requirements. Client data is stored and secured in regionally located data centers.”
Whether the standard or regulation is GDPR in Europe; PIPEDA in Canada; HIPAA, PCI, CCPA or FedRAMP in the U.S., Kakaria says Xerox stringently follows the privacy and data protection laws that apply to each particular client, but the company’s commitment goes beyond regulatory compliance. The organization adheres to a four-prong security framework that informs and optimizes data security in all areas: people, processes, facilities and technology.
- People – Because three quarters of all data breaches involve humans, Xerox has defined hiring protocols and background checks, mandatory ongoing staff training, and accountability for all staff and partners.
- Processes – This is where ensuring policies and procedures are in compliance with key regulations, ISO controls, and clients’ requirements, comes into play, along with audits, vulnerability scans and disciplined data management.
- Facilities – At locations where digitizing takes place, controlled access, 24/7 security monitoring, restricted use of personal devices in secured areas and a host of physical security measures are used to prevent fire, theft, environmental damage, etc.
- Technology – Devices and applications—whether Xerox’s or a third party’s—are continuously monitored for vulnerabilities which are identified, addressed and remediated via a patch management process. Xerox developed software uses a secure development lifecycle process to ensure vulnerabilities are identified early and treated accordingly to mitigate risk. Xerox hosting environments follow industry-leading CIS standards, and enforce strict user access controls, encryption, and network protections to ensure end-to-end security. Layered security measures are applied across hardware, software, and infrastructure to safeguard data throughout the digitalization process.
As Xerox serves its clients with process automation technology, another factor that concerns clients is Artificial Intelligence (AI) AI. Kakaria acknowledges how powerful AI is in the realm of automation, enabling users to accelerate and optimize the processes that make businesses run. But, since the technology is relatively nascent, regulation around the technology is quickly evolving and security concerns can emerge unexpectedly.
Like just about every large organization, Xerox will continue to leverage AI to improve its process automation offering. And Kakaria says the company understands how vigilant it must be.
“We have an AI Council that takes a collaborative and cross-functional approach to governing AI and ensuring we operate in an ethical and disciplined way,” she says. “The Council has representation from our IT, privacy, information security and legal departments. We vet all our AI technology use in our internal and external solutions through this group. The governance provided by the AI Council validates that data remains secure and is only leveraged for the specific client’s process.”
She says the company also understands that some clients are not as comfortable with AI as others may be. “So we have many different strategies to deploy, and we can support our clients on premises, in a hybrid model or in the cloud,” she says. “We meet clients at their point of need, ensuring they feel secure and confident about the processing of their data. We’re very, very cognizant of this.”
