Xerox’s well known Affiliated Computer Services (ACS) division provides IT and data services in nearly 100 countries, and has taken a new approach to improve the security of their business-critical application that transforms government documents into digital records.

1. IMPROVING
DATA & APP
SECURITY
Presented by Arvo Bowen,
Security Admin, Xerox

2. AGENDA
 About Xerox
 Full Service Indexing for
Georgia Counties
 App & Challenge with
Employee Logging
 Use cases for user
activity monitoring @
Xerox Arvo Bowen
Atlanta, Georgia
Xerox ACS
CUSTOMERSPEAKER

3. ABOUT XEROX
 Acquired Digital Information Systems
Co. (DISC) in 2002.
 Acquired Affiliated Computer Services
(ACS) in 2010.
 Provides business process and
document management services and
IT outsourcing
 By 2017, business services and IT
outsourcing that stem from ACS are
expected to account for two of every
three dollars Xerox brings in.
 Xerox services can be found all over
the world; if you’ve booked airline
ticket, paid parking ticket, filed a
health insurance claim, applied for a
car loan or even in the local Atlanta
airport.

4. FULL SERVICE INDEXING
FOR GEORGIA COUNTIES
 We transformed the time-
consuming paper process of
recording land records into a
secure, efficient service.
 All vital records are scanned
and converted, and are now
available on the State’s
website.
 This allows over 159 Counties
to digitize land records and
record real property documents
– as well as vital statistics
records, including birth
certificates, death certificates,
marriage licenses and more.

5. APP & CHALLENGE WITH
EMPLOYEE PRODUCTION
 Our application allows
employees to abstract and
key sensitive information
 Rolling out work-at-home
model to boost
productivity
 Several started reporting
system issues, providing
generic error information,
and saying they were
unable to work

6. USER ACTIVITY LOGS &
MONITORING
 User Activity Logs ensure that
you know exactly who is doing
what with your sensitive data,
systems and applications
 Needed to see employees 24/7
without watching them over
their shoulders all day long to
view all transaction processing
 Recordings of user actions
provide faster IT
troubleshooting and incident
response with bullet-proof
visual forensics

7. USE CASES FOR USER
ACTIVITY MONITORING
 Gain Visibility; Into
Application Usage
 Improve
Productivity;
Reports & Usage
 Data Audit; Alerting
& Investigating

8. GAIN VISIBILITY; INTO
APPLICATION USAGE
1. Start with a handful of
Users – High-Risk
Employees or Contractors
 Poor performing
 Two weeks’ notice
 Pending layoffs
 New hire(s)
2. Start with monitoring a
population of users for a
specific application

9. IMPROVE PRODUCTIVITY;
REPORTS & USAGE
 Improved documentation
and reporting of
application usage during
data entry
 Visual forensics eliminate
the need to invest the
extensive labor required
on cases
 Case creation process
from the research
department

10. DATA AUDIT; ALERTING &
INVESTIGATING
 Management wanted to know
when users are logging on
from home
 Management gets an email
notification every time
someone logs on or starts
performing activity that is
after hours and weekends
 Management keeps all alerts
in a outlook folder to log
activity
 Know who’s touching what
data and what they are doing
with it, deleting a file

11. LESSONS LEARNED
 Auditing what users do within
sensitive business
applications is critical for
security and troubleshooting
 You will be surprised how
users actually interact with
your app and the type of
risky activity that exists
 If you don’t have visual
evidence & User Activity Logs,
it’s hard to prove things

12. Arvo Bowen
Atlanta, Georgia
Xerox ACS
THANK YOU!
TRYIT YOURSELF:
observeit.com/tryitnow
Q&A