|By Mary Ellen Power||
|February 20, 2013 10:00 PM EST||
Nathan Eddy wrote an interesting post for eWeek about CDW’s 2013 State of the Cloud Report. According to a survey of 1,242 IT professionals, cloud computing within organizations continues to rise as do the savings from the adoption these applications.
Respondents continue to cite security as a factor that needs to be addressed in cloud adoption. Security is always top of mind when moving signing processes online, particularly the security of the signature and the authentication of its user. While these are essential – and likely the first thing that comes to mind when contemplating electronic signature security – they only touch the surface of a successful, e-signing security strategy.
Our recommendations for implementing a secure and usable electronic signing solution fall into four categories, with the first two being:
DOCUMENT AND SIGNATURE SECURITY
Document and signature security are at the heart of any electronically signed business transaction. To be certain of this, all audit trail information must be securely embedded in the document; the document and signature must be tamper-evident; and the document must be accessible to all parties.
Keeping signatures and audit trails together in a single document is more secure, easier to manage and more portable. Electronic signatures should travel seamlessly with documents at all times through email, storage and archival systems.
The document and electronic signatures should be protected using digital signature technology. This securely ties together signing intent with user authentication and document information. The digital signature creates a digital fingerprint of the document (called a hash) that can be used at a later point to verify the integrity of the electronic record. If the document is tampered with in the slightest the digital signature, and hence the electronic signature, will be visibly invalidated. This is a unique and significant advantage over the paper world, where it is not always possible to detect whether changes have been made to a document.
Finally, the electronic document and associated signatures, audit trails and evidence must be accessible for the lifetime of the record (50+ years in some cases). This requires a document format that is e-signature friendly. Adobe PDF, an ISO standard, is a reliable choice for the long term.
Convincing legal evidence requires demonstrating that the process used to capture signatures complied with all applicable laws and regulations, and helped build the signer’s understanding of what they were agreeing to and signing. This is called process evidence and is accomplished by recording all the web pages, documents, legal disclosures and actions taken by users, and linking it to the final e-signed documents in a manner that enables the process to be accurately reproduced from start to finish.
A trail of electronic evidence is the key to ensuring this. Secure audit trails must be permanently bound to the electronic record via a cryptographic link. This includes having a log of system accesses and all actions that are happening during the actual transaction.
For more information about security when adopting an electronic signature solution for your business, download a white paper on electronic signature security.
Stay tuned for next week’s post covering Part 2 of our recommendations on how to implement a secure and usable electronic signing solution.