IT Security: What an In-Plant Print Center Needs to Know

IT Security: What an In-Plant Needs to KnowPresented by

Rita PuljerIn-Plant Manager, MTD Products

Trends How software is deployed is changing rapidly

o Physical virtual

o On site Hosted

Data Breaches:Increasing in frequency, publicity, liability, and severity

How do you navigate all the choices and IT issues?

Today you’ll learn:o Questions to ask yourself, your IT department, and your vendors

o How to choose the best solution with lowest risk and ensure smooth implementations

04/12/2023 www.rocsoft.com 2

Agenda

Introduction

Trends impacting IT Security

Partnering with IT

Questions to ask yourself about your organization

Based on your answers:

What to look for in a Software vendor

Who can help?

Questions and wrap up


Who Is MTD?


MTD is a worldwide leader in outdoor power equipmento Headquartered near Cleveland, OH; privately held

o Reputation and focus on excellence in quality and service

Print shop/mailroomo Four employees

o Produce product manuals, manufacturing forms, consumer VDP postcards and signage.

It’s a Rapidly Evolving World


Software deployment changing rapidly;you don’t just put a server in a closet or your shop.

Move from single applications on dedicated onsite servers to virtual servers hosting many applications sometimes in the cloud

Partnering with IT

For application owners it is IT’s job to:

o Provide infrastructure and open doors to the end-users

o Make sure company assets are safe and secure

o Provide best practices consulting

IT has many other priorities

o Support for internal systems, securing the company network, managing the corporate desktop and mobile environments, data warehousing, disaster recovery, backup and storage of data… to name a few

o Your implementation is probably not the highest thing on their priority list

o How do you work with IT so the implementation process goes quickly?


Strategies to StreamlineIT Interaction

Plan ahead

Engage early

Considering a hosted/cloud system?o IT is still needed.

IT Can:

Help answer and ask critical questions

Propose possible solutions

IT is your asset, not your enemy.


Questions to Ask Yourself What are your corporate requirements?

Does your data need to be secure (private)?o Healthcare, Financial, Government…

Records retention policies?

Who are your end users?o Internal vs. External

o How will they authenticate? (i.e., LDAP)

How will customers pay?

o Credit card?

o Internal charge back?

What systems does the software need to share information with?


Planning Ahead

Having answers to some key questions beforehand saves time and jumpstarts the IT process.

Will my (W2P) software be hosted internally or externally?

How will my users log in, and will their data be pre-populated?o Self register

o Use their network login (i.e., LDAP/ Active Directory)

Where will my users use the system?o Only internal users on the internal network?

o From home or outside of corporate network? On the Internet?

What will I call the application?o Decide on a name and a URL that is easy to remember and use

o SSL encryption for the URL (i.e., https)? ***ALWAYS recommended!


Planning Ahead (cont’d) Are there corporate requirements, i.e. computer usage policies?

How often do I need backups?

o For an on-site system, who is responsible for making and storing backups?

• How much data can I afford to do without if something major happens (flood, fire, etc.)

• Backup and disaster recovery always carries a price tag• Is my need critical enough to have a failover environment?

o For a hosted/cloud system, ask your vendor• How are they backing up and how often?• What is the Service Level Agreement (SLA)?

How is vendor support, maintenance, and monitoring done?o For on site installations, IT will need to supply the needed access.

What are the vendor support access requirements?


On Site vs Off Site hosting On Site (at Your Company)

o Server or Virtual server• Virtual Server are the preferred

platform and provide more flexibility for expansion, backups, and failover

o Backup, recovery and DR are handled by your IT

o Vendor access may be required for support and updates

o Little or no internal bandwidth costs and faster network speeds

o Your IT data center

Hosted/cloudo Most are shared SaaS

environmentso Can I move my installation

on site in the future if needed?

o Backups done automatically (typically)- still need to ask

o Easier for a vendor to support and monitor

o Some additional corporate costs for bandwidth over the Internet

o Hosted data center • Specs and uptime

guarantees?


Security

IT Can Helpo Minimize risk

o Firewalls and networks• Protect the network • Keep the internal network

separate from the Internet

o Balance ease of use for customers with security

o Match level of security with the sensitivity of the data


What to Look for In a Software Vendor

What questions do you ask?o Does the vendor meet your corporate requirements?

o Does the vendor have experience in your industry?

o Do you have direct access to the software vendor?

How do you know they are knowledgeable?o Does the vendor have a resource that can talk at the same

level as your IT team?

o Do they understand your needs and how to meet them?


Vendor Experience

Mitigating security requirements within your industry

Able to successfully handle security scans

Use best practices when building the following:o Software application

o Operating system

o Network infrastructure

o Authentication and encryption

What do their other customers say about their experience?


Application/Vendor Best Practices Always use SSL if exposed to the Internet

Use secure authentication (SLDAP, SSO)

Disclaimers – Copyright, HIPAA

Forms managemento Audit trail, time sensitivity

Are unsecure services not enabled by default? (I.E. FTP)

Business Continuity and Disaster Recovery options


Questions & Contact Info

Thank you! Thanks to RSA for their help Contact info:

• Rita Puljer [email protected]


IT Security: What an In-Plant Print Center Needs to Know

Software

Transcript of IT Security: What an In-Plant Print Center Needs to Know