Security Vulnerabilities Involving Cloud-Based e-Signatures
While cloud-based e-Signature solutions address issues such as geography, storage and efficient workflow, they also present new IT security vulnerabilities that need to be addressed.
By Evelyn Kotler | 24.03.2014
According to Gartner “Evolving e-Signature products can change regional buying but raise data residency risks in the cloud.” “New cloud e-signature products that can be deployed across regions will force CISOs and compliance decision makers to assess and prioritize the risk introduced in the residency of sensitive data.”
One of the hottest trends in today’s market is getting the business up “in the cloud”. Cloud-based solutions make old cumbersome paper- involved work processes seam illogic and inefficient. Such work processes involve the need to print, physically handle, mail, store, archive and at times dispose documents. It is therefore quite comprehendible why businesses turn to the Cloud. Cloud-based solutions equal green, paperless ecologic cost-reducing work processes which ultimately lead to savings in valuable time and human resources. By running a digital business, managers get to free up their personnel to more important tasks and improve the efficiency and service of their business.
During the last decade, a significant acceleration in the e-Signatures demand has been observed globally among businesses and organizations of all sizes and sectors associated. For terminology’s sake, an e-Signature is the most basic kind of digitized signature, and is considered to be an insecure way of signing documentation since there is nothing preventing one person from typing or signing another person’s name. As opposed to the e-Signature, a digital signature is a secure, coded way of signing, ensuring the authenticity of the signer and addressing issues related to data integrity and protection. The signer is identified by a Certificate Authority (CA), which then issues a coded digital certificate to be used by the signer together with a digital signature software.
“The e-Signature cannot blossom in an untrustworthy ground” says Mr. Zeev Shetach, CEO of ComSignTrust, “The trust is like the oxygen for the e-Signature to be a common way of doing business. Trusted international CA’s such as ComSign, are the organizations that can build this trust for e-Prescriptions, e-Tax, e-Business and other electronic applications”.
The main players in the e-Signature market are often niche-oriented and provide different varieties of solutions. However most vendors do not relate to security related issues. And those who do, often lack in the security aspect related to their cloud-based products. “Vendors are adapting e-Signature products to offer different country-based and industry-specific signature methods. Security decision makers will need to perform due diligence on the data residency of sensitive corporate information.” says Gartner.
To summarize, the evaluation process of an e-Signature solution, even more so when it is cloud-based, should include the following:
- High-level IT Security oriented solution provider – to ensure private and public data protection and to comply with country and sector based security and privacy regulations.
- Product should support Certificate Authority (CA) issued digital certificates –for proper identification of signers, preventing fraud and forgery and is legally binding.
- Integration capabilities with applications such as SharePoint, salesforce.com, CRM, ERP, accounting software and BPM solutions.
- Simple user friendly UI with multiple signature types embedded in the product – to ensure flexibility supporting internationally diverse businesses and meeting use-case requirements.
- Compliant with international e-Trade e-signature requirements -electronic signature as enabler of e-Trade and e-Business.
ComSignTrust is a pioneer and a world leader in developing secure, qualified, PKI-based digital signature solutions. With a simple click-to-sign interface, users can easily sign and lock any type of file anywhere, anytime, using any device. ComSignTrust offers desktop, portable, cloud, web, and mobile solutions, with capabilities such as Multi-Signer and powerful API, and integrates easily with applications such as SharePoint, salesforce.com, ERP,CRM and BPM solutions. The Company’s products are easy to deploy and provide secure, cost effective, quick and efficient work flow signature processes while protecting against business disruption from internal and external threats. Tailored to serve the needs of medium to enterprise-sized businesses in all sectors, the Company offers fast ROI solutions that comply with country and industry specific laws, regulations and standards. With ComSignTrust, organizations are able to rapidly implement a comprehensive solution for digital signature and security in just minutes and experience an unbeatable performance – unlimited volume of documents may be signed in a very short time, specific documents’ digital signing requirements can be met easily, such as: e-Signature, e-Invoicing, e-Policies, e-Trade, registered mail, secure electronic archiving and more. Privately held and founded in 2009, ComSignTrust’s main headquarters are located in Israel. ComSignTrust is part of Comda Group, founded in 1985, with companies in the IT Security software development and integration areas, as well as a Certificate Authority (CA). Visit the ComSignTrust web site at www.comsigntrust.com .
Evelyn Kotler is Marketing Manager at Comda Group and ComSignTrust and can be reached at firstname.lastname@example.org