Cloud Sprawl in Financial Institutions

Leaking Data to the Cloud

Bob Lund, chairman and CEO

According to Computer Business Review, Cloud Sprawl is defined as the uncontrolled use of public cloud services in an organization with little or no input from management or IT.  It is especially problematic in the financial industry where rapidly growing amounts and variety of data have surpassed the IT department’s ability to provide adequate data management solutions.

Here’s a common scenario: one bank department uses Amazon Cloud Drive while another uses SkyDrive, and other employees use Apple iCloud or DropBox for collaboration.  None of the solutions are compliant with banking regulation, nor under the supervision of the IT group.

The growth of Cloud Sprawl is being driven by complex and lengthy IT provisioning processes, an unmet need for flexible, available document management solutions, the low price point of public cloud services and applications (easy to charge to a p-card), and the familiarity of employees with public cloud services.

The key concern for financial institutions is that uncontrolled public cloud deployment models are leading to security and compliance risks.

Some of the specific problems that Cloud Sprawl poses for financial institutions include:

• Data resident in accounts that don’t meet the bank’s security or compliance standards
• Unauthorized access to regulated data, including customer data
• Employees forgetting to delete data in cloud accounts that they set up
• Potential of data loss if the owner of a cloud account leaves the bank
• No corporate ability to audit usage and content of disparate cloud accounts and resulting inability to identify data risk and compliance problems

Not surprisingly, 67 percent of IT executives at companies with over 1,000 employees are worried about Cloud Sprawl, according to a 2012 study by Vanson Bourne.  Fifty-four percent of these IT executives admit they are unsure how many cloud services their employees use.  Worse, 20 percent of IT executives say it is “impossible” to manage disparate cloud services, finds Kelton Research.

eGistics provides applications for financial services that help control Cloud Sprawl, and delivers them on a highly secure, highly scalable cloud platform that offers:

• Tight user security 
• Activity audit reporting
• Data management procedures focused on banking compliance
• Centralized administrative control over secured data and its access
• Standardized workflows and processes 

The eGistics Cloud Sprawl solution builds on our:

• Fourteen-year track record in delivering cloud solutions
• Footprint in the largest financial institutions
• World-class infrastructure designed for data security and 7/24/365 access
• PCI certification and compliance with HIPAA, SSAE 16, SOC 1 & 2, and FFIEC

Feedback
If you are in a financial institution, and are seeing the effects of cloud sprawl, share your ideas and experiences!

Cloud Security Concerns Are Dead...

Charles VI the Mad

Cloud Security Concerns Are Dead! Long Live Cloud Security Concerns!

By Randy Davis, VP Sales & Marketing Operations

Way back in 1422, seventy years before the discovery of America by Columbus, the French king, Charles VI, died. Upon his passing, the phrase Le Roi est mort, vive le Roi! was pronounced to indicate the immediate and unbroken transition of sovereignty from the dead king to the new king, Charles VII. The saying, "The King is dead, long live the king," was so powerful that it has been borrowed by other royalist nations to note the transfer of rule from a newly deceased monarch to the living one.

However, the saying did not assume that the manners, customs, priorities, principles or laws of rule would remain the same. The new monarch had, let us say, flexibility. Even so, the past is not easily resisted.

It's the idea of continuity that interests me as we transition from the perception that (at least for many IT practitioners) concerns over cloud security still reign supreme, to the idea that (for others) those concerns belong to the previous regime, and it's time to move on to less resolved matters such as how to make sense out of big data. The questions before us are these: are security concerns about cloud-based storage and computing providers alive and well, or should such concerns be relegated to the past so that we can devote our resources to truly unresolved problems?

I think the answer is Yes... and Yes.

Perception Vs. Reality

The fact is security is still the top concern preventing the adoption of public clouds. Of the 27% of respondents to the InformationWeek 2012 Cloud Security and Risk Survey that have no plans to use public cloud services, almost half (48%) cite security concerns.

In a recent Federal Computer Week cloud computing report sponsored by Brocade, the resistance to cloud computing was compared to that of opening a bank in the Wild West during the 1800's. In a time when people kept, protected and controlled their own money in their own "mattress safe," the idea of some newfangled bank providing those services seemed highly risky. Can the bank be trusted? How can I get to my money? What keeps someone from walking in and pretending he is me? What if the bank is robbed or fails? Over time, however, as people began to use banks to protect their money, banks proved trustworthy, and their use became ubiquitous.

Although the period of westward expansion in American history was a time of tension and uncertainty for frontier banks, most banks were more than capable of providing vaulted, secure financial services.

Still, many people were reluctant to give them their money, preferring to keep it under the mattress, and under their own control. The mattress model, however, proved to have the highest risk of all because of fire, flood, storm, accident, loss or theft.

For many IT managers and executives I think this illustrates where we are today as we transition from the on-premise, institutional, ad hoc "mattress" model of protecting information to the specialized cloud-based "bank" model. It is my conviction that, just as people have come to trust banks with their most valuable financial assets, they will inevitably come to trust specialized cloud-based providers with their most valuable information assets.

Actual Risk Vs. Perceived Risk

The dichotomy in opinion about security between those who use cloud storage and those who do not could not be better illustrated than by the following: when asked* if cloud storage improves data protection for disaster recovery, two-thirds of actual cloud storage users responded yes, while only one-quarter of those who do not use cloud storage responded the same way. Clearly the experience of actually using cloud storage services informs a different opinion of their efficacy.

For me, concerns about cloud security fall into two camps:

1. Concerns that are legitimate and necessary and belong to any data protection scheme 
2. Concerns that are dated, irrational or fail to recognize genuine progress or proven solutions 

That's not to say that all cloud providers are alike in scale and quality of service. Nor do they need to be. There is specialization in cloud storage services depending on need, use, and levels of security (within security I include transport, authentication, redundancy, ratings, facilities, segregation, certification, compliance, etc.).

I understand the "better safe than sorry" mentality that accompanies a move from a long-standing, well-proven solution to a solution that is being proven, and that mitigation of risk is a job-saving responsibility of IT practitioners. I also understand that, at some point, the risk is inverted. Holding on too long to technology or practices that have been superseded, irreversibly begins increasing the risk on the other side of the question. Who would now argue that a mattress is safer than a bank, or a filing cabinet is safer than an encrypted, replicated disk drive?

Warehouse Vs. Bank

Some cloud providers offer warehouse services that effectively provide a sheltered, even guarded, place to store things -- anything -- pictures, videos, music, documents and so on. A warehouse may have plenty of locked doors, a safe, a guard or two, and an alarm system, so to speak, but it's still a warehouse, and they'll let anyone store stuff there. You wouldn't want to store highly valuable or highly private information there, especially if you were legally liable for its security and privacy protection.

Other cloud providers offer an altogether different category of secure storage and management, more like a bank that provides reinforced steel doors, vaults, safety deposit boxes, government regulation and compliance procedures and facilities, certifications, financial services best practices, and so on, all specifically designed to provide the highest degree of protection of highly valuable assets.

There are some very good cloud "warehouse" providers (Dropbox, Box, Google Drive, SkyDrive, etc.), who provide an excellent, if limited, service.

There are other cloud "bank-vault" providers (such as eGistics) who have built their entire service model around securing, protecting, and replicating highly valuable, highly sensitive data.

Using eGistics as an example, because we provide cloud-based services for financial institutions and health care organizations, we are more akin to a vault within a bank rather than a safe within a warehouse. As a result, our concerns, responsibilities and capabilities are different and significantly more stringent, and our infrastructure more secure. Whereas a warehouse safe can provide a degree of safety and protection, it is still a safe within a warehouse, and not a vault within a bank. A safe within a warehouse does not come with the same protections, barriers, restrictions, alarms, monitors, authentications and governing agencies that a vault within a bank does.

My point in this article is that arguments suggesting that cloud technology and security are sub-par compared to on-premise solutions are getting a bit long in the tooth, and too often use the failures of warehouse-type cloud storage providers to argue against any cloud storage as a viable solution for financial, governmental, or health care information.

So, now I'm back to my point that the continuity of ideas and practices from one regime to another can be debilitating -- especially within the dynamic and evolving arena of technology and technological leadership.

I suggest that we are in a period of tension between the time that IT practitioners are unsure that cloud security has been sufficiently addressed, and the time they recognize that it has been. When cloud security is fully embraced, however, IT managers still need to appreciate the difference between a warehouse and a bank.

Let me know what you think about cloud security.



* "A Snapshot into Cloud Storage Adoption," TwinStrata white paper, updated January 2013

A Decision in 1949 Could Have Destroyed Electronic Document Management

1949 was an eventful year. The Soviets exploded their first atomic bomb, and the cold war was on in earnest.

And a group of men met in St. Louis, Missouri.

Both events changed the world.

During the week of Monday, August 29, 1949 a group of twelve men gathered for six days during the fifty-eighth annual meeting of the National Conference of Commissioners on Uniform State Laws. On the table were the federal case of United States v. Manton and the Illinois case of People v. Wells. Each case dealt with whether facsimiles of checks could be used as primary evidence in a court of law. Whereas the federal court was happy to consider a facsimile check produced from microfilm the legal equivalent of the original paper check, the court in the Great State of Illinois was reticent.

The federal court argued thusly:

Their accuracy is not questioned. They represent in the course of a year, perhaps a million transactions. No one at all familiar with bank routine would hesitate to accept them as practically conclusive evidence. As proof of payment they constitute not secondary but primary evidence.

The point of the federal court was that as long as an imaged (photographic) reproduction of a check exists, there is no requirement to produce the original – even if it still exists. The photographic reproduction is, in fact, legally equal to the original paper.

On the other hand, Illinois was not convinced. The Illinois court argued the other side:

We have no such legislative authority in this state which would support holding facsimiles of checks as being the best evidence or primary proof.

The question then presents itself as to the rules of evidence in this state as to the admissibility of photographic representation of writings … and we find such photographic representation should be excluded if the original document is produced, or is obtainable, on the ground that it is secondary evidence.

So. There you have it. The court in Illinois considered photographic reproductions legally inferior (secondary) to the original. The implication was that businesses would be wise to always preserve the original document because it, and only it, could serve as primary evidence in a legal dispute. Reproductions just wouldn’t do. In fact, in some states, the intentional destruction of an original document actually prevented the use of any reproduction as secondary evidence!

The federal and state courts were at loggerheads on this issue. Worse, none of the 48 states (at the time) were in agreement as to how to treat photographic reproductions, and several states had actually withheld legislation as they waited for a uniform code.

A legal mess of national (and global) proportions was in the works. Evidence in one state might not serve in another (affecting interstate transactions), or may be in direct conflict with federal law.

Recognizing the importance of the issue, and the legal need to bring national uniformity to the treatment of photographic reproductions of documents, the commissioners met during a warm summer in St. Louis.

Six days later they had changed the world, and paved the way for electronic document management.

Be it enacted!

Here’s what the conference recommended to be enacted by each state. It’s called the “Uniform Photographic Copies of Business and Public Records as Evidence Act” (UPA):

If any business, institution, member of a profession or calling, or any department or agency of government, in the regular course of business or activity has kept or recorded any memorandum, writing, entry, print, representation or combination thereof, of any act, transaction, occurrence or event, and in the regular course of business has caused any or all of the same to be recorded, copied or reproduced by any photographic, photostatic, microfilm, micro-card, miniature photographic, or other process which accurately reproduces or forms a durable medium for so reproducing the original, the original may be destroyed in the regular course of business unless held in a custodial or fiduciary capacity or unless its preservation is required by law. Such reproduction, when satisfactorily identified, is as admissible in evidence as the original itself in any judicial or administrative proceeding whether the original is in existence or not….

That recommendation eventually became a legal imperative and helped lay the foundation for today’s use of electronic documents without fear of violating the law or destroying legal evidence.

It actually took a while for the federal government to formally adopt essentially identical rules, but they finally did so in 1974 with the Federal Rules of Evidence (FRE) and in 1975 with the state-level Uniform Rules of Evidence (URE). By 1995 46 states had adopted either the URE or the UPA: only Illinois (unsurprisingly), Mississippi, Missouri (ironically) and Louisiana had not.

The federal government has taken further steps to validate the use of document images in place of document paper. The “Government Paperwork Elimination Act” goes a long way in attempting to eliminate the dominance of paper forms and documents. In fact it goes further. It also eliminates the need of a physical signature by allowing for legally recognized electronic signatures.

Here’s where the rubber meets the road:

Electronic records submitted or maintained in accordance with procedures developed under this title, or electronic signatures or other forms of electronic authentication used in accordance with such procedures, shall not be denied legal effect, validity, or enforceability because such records are in electronic form.

Caveat

Current laws regarding the use of electronic documents do not mean that all original documents can be immediately destroyed once they are imaged. Some original paper documents (like car titles for some states) must be preserved for some term. It is up to you to know federal and state laws and which paper documents are affected.

Conclusion

A lot has changed since 1949. The Soviet Union is “in the dust bin of history” and the nuclear arms race has slowed to a comparative crawl. Also, a large portion of commerce and transactions worldwide are now done electronically, without a permanent dependence on paper.

Sixty-three years ago twelve people, meeting together over a thorny and difficult problem, acting as a sort of jury deliberating on our behalf, weighed the evidence and decided that paper was not supreme. Today you and I reap the benefits of electronic document storage and management because of their efforts.

Revolution in Online Document Management Spells Failure

Randy Davis, Vice President Sales and Marketing Operations

Poorly executed requirements gathering leads to outright rebellion in corporate online document management initiatives.

The requirements gathering phase of a project to implement corporate online document management can make or break the initiative’s chance of success. Poorly executed, it can lead to outright rebellion on the part of those expected to use it.  A new white paper – and history lesson – provides fresh insight into how to conduct a successful requirements gathering project for document management.

"Document Management and Mad King George: A Cautionary Tale about Requirements Gathering,” puts the importance of understanding the needs and concerns of those who will actually use an online document management system – and thus are key to its eventual success – into historical perspective.

We have many fascinating lessons from history that serve as cautionary tales for our own leadership challenges. The same bad leadership principles that have historically resulted in botching a job still apply. Sometimes we just need to be reminded of what they are and how they apply to our particular situation. None of us have time to repeat old failures.

The white paper briefly illustrates how failure to understand the needs, concerns, experiences and challenges of those who will be most affected by a new online document management system inevitably leads to revolution in the form of rebellion. Then the paper goes on to outline very practical actions to take that help assure acceptance and success.

For a free copy of the report, visit http://www.egisticsinc.com and select Media>Brochures from the Main Menu.

If you have your own insights and opinions as to what leads to success or failure in the initial phases of a document management project, leave your comments below.

Barcodes: A Primer for Document Management

*CLOUDDOCS*

Randy Davis, Vice President Sales and Marketing Operations

Although they are not a solve-all, barcodes can add efficiency and accuracy to your document management efforts, and should be given serious consideration as part of your best practices. From effectively and automatically passing information for indexing, to triggering a query into an external database, barcodes can help make your document management efforts easier.

Barcodes are simple, universal and inexpensive. They utilize a proven, not experimental, technology. In fact barcodes date back to 1948. The technology has been refined and perfected over the years, and it shows no signs of going away. If you are not using barcodes in your document management practice, perhaps it's time to start.

Years and Years Ago...
A little history. In 1961 barcodes saw their first commercial use by automatically identifying train cars using blue and yellow reflective stripes that represented a six-digit company ID and a four-digit car number. By 1973, the IBM UPC barcode was selected by the National Association of Food Chains as their standard, and the first check-out line scan was made on a pack of Juicy Fruit gum on June 26, 1974.

Now barcodes are ubiquitous, and smart companies continue to make good use of this simple, effective and inexpensive technology.

Wide Application
Barcodes have been developed for many specific applications, such as retail product identification, parts inventory, book publishing, coupons, mail, healthcare, document identification, etc. You need to make sure that you carefully choose the right barcode for your application.

Here are some common barcodes often used with paper products:

• Bar Code 25 (aka Interleaved 2 of 5): digits only; used in libraries.
• Bar Code 39 (aka 3 of 9): digits, letters and a sub-set of other characters. This was the first alpha-numeric barcode developed, and the most widely used. It includes A-Z, 0-9, space, and -.$/+%. Code 39 is the standard for the U.S. government and material handling industry.
• Bar Code 39x: This is an extended version of Code 39, and includes the entire ASCII character set (including lowercase letters and symbols commonly found on a computer keyboard).
• Bar Code 93: full ASCII character set; various uses.
• Bar Code 128: full ASCII character set (uses "continuous" symbology; mainly used for human identification on things like driver's licenses)
• Telepen: full ASCII character set; used in libraries.

CLOUDDOCS 2D Matrix

Linear barcodes (characterized by a series of lines of varying widths, such as the ones listed above) are optimized for laser scanners, and are optimal for document management applications.

2-D matrix codes, on the other hand (which feature squares or dots arranged in a grid pattern as illustrated on the right), cannot be read by a laser scanner, and instead must be read by scanners utilizing digital camera sensor technology.

Barcode scanners are relatively inexpensive and extremely accurate compared to key-entry. It is not uncommon for key entry operators to make 1 error per 300 characters entered. On the other hand, barcode scanners can achieve an error rate as miniscule as 1 error in 2 million characters!

My point is this: good document management practices may mean incorporating barcodes in order to facilitate document identification, separation, indexing and integration with other database systems. Documents can easily be pre-printed with one or more barcode identifiers that contain information such as document type and account number.

In fact, a number of free barcode fonts are available for download, and can be inserted directly into Word documents, or used to print sheets of barcode labels on Avery sheets such as Product Number 6504.

Which One Is For Me?
The two most commonly used barcodes for document management are Code 128 and Code 39 because they are very accurate, and there are plenty of font generators and software applications that use them. For most document management applications, Code 39 (or 39x) may be your best choice because of its wide use.

The Top Five Uses of Barcodes for Document Management

1. Document identifiers can be used to automatically separate one document from another and indexed appropriately. A bar code on the first page of a multi-page document within a batch of documents can tell a document management system something along the lines of "This marks the first page of this document. It is of document type 'X.' The following pages all belong to this document. Treat these pages as part of this document until you see another barcode for another document."
2. Key information (such as account number) can be used to interact with another system's database in order to extract information that can be used to automatically index documents. If, for example, a document needs to associated with account information that already exists in another database (name, address, status, phone, fax, email, department, etc.), the account number barcode can automatically trigger the document management system to request all pertinent information from the account information system database and then use that information to meaningfully and predictably index the document.
3. By using intelligent capture technology bar codes can be used to accurately collect information, and reduce or eliminate manual key entry and the errors that such a process introduces. Errors in data entry may prevent documents from being retrieved and used for reporting, audit compliance, customer service, etc.
4. Bar codes can reduce or eliminate the manual cost of separating and indexing electronic documents. If you are capturing documents in batch, and do not have a way to automatically separate one document from another, you will need to sparate them manually or be stuck with individual pages for each document, and perhaps, with no way to easily stitch them together.
5. Bar codes can also be used to aid a document audit function. For example, if a loan packet is only considered complete when it contains 10 specific documents, a barcode on each document can be used by the document management system to audit the packet, and identify packets that are "complete" or "incomplete."

Resources
Here are a couple of resources you may find helpful in using barcodes. These are suggested resources only. I make no endorsements here.

Free Barcode Font

http://www.barcodesinc.com/free-barcode-font/

Avery Wizard

http://www.avery.com/avery/en_us/Templates-%26-Software/Software/Avery-Wizard-for-Microsoft-Office.htm?int_id=banner-searchtop-wizardholiday

Tips and Techniques
To Load a Barcode Font in Word

1. Download the new barcode font from your preferred source. Assuming it's in a .zip file, unzip it, and go to the folder containing the new fonts.
2. Start Windows Control Panel
3. Look for the Fonts icon and click on it to open the fonts folder.
4. Copy the new barcode font from the folder it's in and paste it into the Windows fonts folder.

How to Add a Barcode to a Document / Form in Word

1. A good way to use the new barcode font in Word is to create a barcode within a text box that you can position anywhere you want within the document or form.
2. Use the Insert function in Word to select "Text Box." You'll want to insert a "Simple Text Box."
3. Once the box is inserted, type in the text you want barcoded, highlight the text, and then choose the barcode font. Make sure that you start and end each entry of the barcode text with an asterisk (*) The asterisk tells the scanning software where the barcode begins and ends.
4. For example, to create a barcode for "application," you would type it as: *APPLICATION* and it would end up looking like this in barcode form:



*APPLICATION*

5. Right Click on the text box, choose Format Shape, and remove the lines around the box by choosing No line.
6. Finally, test the bar code to make sure that it can be read before standardizing it in your documents.

How to Create a Full Barcode Sheet

1. You can also use Avery Wizard (which installs a new Avery tab in Word). Avery Wizard, when launched from Word, helps you select the label sheet on which you want to print several copies of the same barcode.
2. Click on the Avery tab, then click on Avery Wizard. Once the wizard launches, click on Next.
3. Then choose the label sheet product number (you may want to try 6504). Click Next.
4. Choose the blank design. Click Next.
5. Choose "Create a sheet of identical layouts." Click Next.
6. Type in your text. Don't forget the asterisks. Example: *EMPLOYEEAPP*
7. Highlight the text and change the font to whatever barcode font you loaded into Word. Change the font size to fill up as much of the label as possible. Click Next.
8. Click Finish. Presto! You have an entire sheet of barcode labels!
9. Before committing one or more label sheets to the new bar code, test the bar code image to make sure that it can be read properly.

If you found this blog post helpful, please send it along to one of your colleagues via Twitter, Facebook, LinkedIn or Email. Don't forget to follow us @egistics

P.S. We are saddened to learn of the passing of Mr. Alan Haberman, known as "The man who ushered in the bar code." He was a man who helped improve the world.

Some Think Cloud Security Superior to In-house Data Centers



For some in-house data centers,
the data horse has already left the barn!

Randy Davis, VP eGistics

I just attended a panel discussion Webinar titled, "Ready for Cloud Storage? Key Considerations and Lessons Learned,"  hosted by SNIA, Cloud Storage Initiative.

The panel included Kipp Bertke, Manager of Infrastructure & Operations at Ohio Department of Developmental Disabilities; Ajay Chandramouly, Cloud & Data Center Industry Engagement Manager at Intel; and Nathan McBride, Executive Director of IT at AMAG Pharmaceuticals.

The discussion was meaty and substantial (you can find it here: http://www.brighttalk.com/webcast/679/27865), but the comments by McBride were downright breathtaking. I would say that he and I had been reading the same articles, but his comments were based on hard-earned experience rather than ivory-tower theorizing.

I was so impressed with his views that I am going to quote him as best I can, and quite extensively, in this blog entry.

The following comments from McBride are in response to my question, "Are cloud security concerns qualitatively different than those for on-premise solutions?" Although the question was misinterpreted to mean security differences between public and private clouds, rather than between cloud solutions and in-house (non-cloud) solutions, McBride's answer was spot on.

“Security is always a concern of mine. It brings me to questions I have to ask myself, and they are 'What is the best possible data center I could build? What’s the most amount of security I could put into it, and how much would that cost me?' I realized that the cloud storage vendors I selected had spent five times that much, or a hundred times that much, to build their data center. So there’s nothing I can do that would even come close to the security offered by my vendor for a low service cost.”

Then he addresses the trust issue head on. Can you trust cloud storage service providers?

"People say, 'Well, what about the people at the data center that is hosting your data? Do you trust them?' Well, I trust them just as much as I trust my own IT employees. The only way you can ever be secure is to remove people. Since I can’t remove people from the equation, I have to trust that at a certain level the companies I want to do business with want to keep doing business with their customers, so they’re going to employ best methods, best practices, and the best people to manage my data. And I don’t just trust that. I also verify through SAS70 certifications, on site audits, things like that. But I do feel comfortable and secure knowing that the companies we are doing business with have employed security practices that far exceed anything I could manage to put together."

McBride went on to discuss some of the data leaks common to in-house data centers, things like non-secured flash drives, data that is copied to dozens or hundreds of PC hard drives, data sent to casual, personally controlled file storage services such as Sky Drive and Google Docs, and so on. His point is that you have to consider the real risks, costs and vulnerabilities of in-house data center management, and realize that, for most companies, it's no Fort Knox for data. On the other hand some cloud storage service providers have gotten real close to Fort Knox-like security.

This Webinar is worth your listen.

90% of Businesses Think They Are Inefficient. So What?

Randy Davis, Vice President Sales and Marketing Operations

A competitor recently came out with a "press release" based on a survey of 5,500 company records managers that claimed "Ninety Percent of Businesses Believe They Are Inefficient."

I'd like to know who the 10% of businesses that believe they are efficient are.

This is a bit like saying, "90% of all people think they don't exercise enough." OK, now what? According to the survey results, most of the companies already have in place "formal programs for how their companies should manage information," which, I suppose, includes eliminating obstacles, removing paper, idling back the copier, etc.

This news release seems a bit like motherhood and apple pie.

I would imagine that most people would settle for bringing more efficiency to a single, departmental process rather than to an entire company.

How about this for capturing and eliminating paper, automatically organizing it, and then quickly finding it:

• Use bar codes to identify form document types and identify account holders. You can inexpensively create label sheets of bar codes, or forms that automatically print with bar codes, that contain simple information such as:
  
  
• Account ID
• Document Type

One of our customers uses this simple technique to seamlessly and automatically process documents during the scanning process. 

• Scan documents using a system that can automatically ID the documents, separate them, index and organize them, route them to the required work queue, and securely store them.
  
  
• Shred any documents that do not need to be physically stored by law, regulation, or company policy
  
  
• Use a cloud service provider to eliminate capital and reduce the need for IT maintenance.

If you have any other practical advice on how to bring efficiency to a business process burdened with paper, let us hear from you.