CBIO Security White Paper

Transcription

1 One Canon Plaza Lake Success, NY CBIO Security White Paper Introduction to Canon Business Imaging Online Canon Business Imaging Online ( CBIO ) is a cloud platform for Canon s business applications. CBIO provides customers access to Canon s latest technology on the cloud including services that are integrated with MFDs (multi-function devices) and printers, including Canon imagerunner Advance devices. Canon considers the security and privacy of customers to be of the utmost importance; therefore, CBIO is hosted at a secure data center with the latest, industry standard security measures. CBIO provides many benefits to customers: Affordable: Without having large up-front costs, customers can use cloud based services with a subscription model. Stable: Applications are installed on a powerful, secure, and redundant hardware infrastructure. Quick Deployment: Since the applications are cloud based, customers can start using the services right away. Compatible: Since the applications are web based, services can be accessed from anywhere. In addition, upgrades are handled in the cloud, so customers don t have to worry about version control. Forms and Print Services for Salesforce is available in US market through Canon Information and Imaging Solutions, Inc. ( CIIS ). Canon anticipates adding more services to the CBIO platform in the near future. 1

2 Introduction to Forms and Print Services for Salesforce Forms and Print Services for Salesforce is used to create forms that include data from end user s salesforce.com, Inc. account and print them to MFDs and printers, including Canon imagerunner Advance devices. Basic functions include: Create highly visual and attention grabbing forms and reports (in PDF format) with salesforce.com data and preview them on any PC, laptop, or mobile device. Print created forms to Canon imagerunner Advance devices directly, without printer drivers.* Authenticate, retrieve** and print created forms from Canon imagerunner Advance devices. Attach PDF forms to the source/account page on salesforce.com Forms and Print Services for Salesforce may not be appropriate for the management, collection or storage of certain highly confidential or sensitive data. Use of the service for the management, collection or storage of protected information is solely at customer s determination. * If you are not printing to a Canon imagerunner ADVANCE device, you can download and print a PDF from another printer with the use of a print driver. ** The PDF forms are stored on the CBIO for a maximum of forty-eight (48) hours. 2

3 CBIO Infrastructure Architecture CBIO offers enterprise-class security and reliability by leveraging services from a recognized and dependable third-party cloud infrastructure service provider. The data centers that host CBIO are Tier III certified, and offer the highest levels of data protection, reliability of service, and security. Below are some of the key architectural design points for the CBIO Infrastructure. Shared Infrastructure Responsibility Model Infrastructure responsibilities are shared between Canon and the infrastructure service provider. The infrastructure service provider is responsible for all aspects of the physical security of the data centers that host CBIO, as well as the virtualization layers related to shared infrastructure components, such as physical storage for data. Encryption (AES128) is used by the infrastructure service provider to protect data partitions within physical storage areas. Canon is responsible for the virtual servers, operating systems (including security updates) and applications that provide CBIO services. CBIO applications, such as the Authentication Services and Print Services, further enhance data security by encrypting customer data utilizing AES256 using unique keys for each customer. 3

4 Physical and Environmental Security The facilities used to host CBIO are located in Japan, in cutting-edge earthquake resistant data centers. It is anticipated that in the future, data centers will also be located in the U.S. These facilities are protected by the following range of technologies: Strict access controls imposed on sections, server rooms, and other locations. Centralized ID management for employees and visitors, including whereabouts tracking via RFID. Palm and vein authentication is associated with employee and visitor IDs for further control access. Tailgate detection to ensure that access to a secured area is granted to a single person for each valid security card presented. Association of surveillance video with event logs, and long term storage of security video and event logs. Systems Security The following practices and technologies are utilized on CBIO related host systems: Patch management for security updates Use of antivirus software for malware and virus detection Use of host-based firewalls Log management Independent security assessments Business Continuity and Data Management CBIO employs numerous levels of redundancy for major components such as servers, storage, network devices and power supply equipment in order to eliminate single points of failure. Backups of infrastructure components are handled by the service provider. Further, Canon performs backups of CBIO systems, applications and customer data in order to achieve business continuity management. Monitoring and Log Management CBIO systems are configured to store event logs locally, as well as forward events to centralized log management servers. All systems synchronize time via NTP to ensure accurate time stamps of events, and enable event correlation between various security systems. For example, video surveillance logs can be matched with system access entries. Logs are saved for a period of 5 years. 4

5 Privacy CBIO customers own all rights to any content submitted through the CBIO. CIIS collects and processes information related to the customer s Salesforce account and any customer devices or computers strictly to provide Forms and Print Services for Salesforce. Additionally, CIIS collects technical or diagnostic information related to the customer s use of Forms and Print Services for Salesforce to support, improve and enhance Canon s products and services. Incident Management Policies, processes and procedures are established to rapidly and accurately manage information security incidents and escalation procedures to apprise end users of relevant incidents to meet regulatory and legal compliance. Further, Canon constantly monitors security related information for new developments and potential issues in order to maintain the high levels of security. Related Certifications The following certifications have been attained by Canon and/or its service provider for CBIO related infrastructure: ISO9001 ISO14001 ISO20000 ISO27001 Privacy mark (JIS Q15001) Independent Security Assessments Prior to launch, the CBIO Infrastructure and systems underwent extensive internal and external penetration testing by an independent security company. Independent security assessments are also performed on periodic basis to ensure the highest security standards are maintained. 5

6 CBIO Core Services Overview CBIO provides a set of core services which the Forms and Print Service for Salesforce is built upon. This set of services includes Authentication and Authorization Services, Management Services (such as User and Tenant), and Log Services. Users can log into CBIO via a Web browser and Canon imagerunner ADVANCE devices. Authentication and Authorization Services Authentication and Authorization Services are used to enable access to CBIO based on a User ID and strong password and managed user roles. The unified authentication process helps prevent malicious users from accessing CBIO services. Authentication and Authorization Services are used by all CBIO services. Authentication Service can provide SSO with other provider s cloud services to provide seamless connections. With Forms and Print Services for Salesforce, SAML2.0 protocol is used for SSO with salesforce.com. Management and Log Services Management and Log Services are used to manage CBIO ID information (subscriptions) as well as operation information. CBIO manages the following users and usage activities: Tenant information User ID/password information User roles All user activities (user operations) are tracked and managed by Log Services. 6

7 CBIO Security Overview A high-level summary of security features for CBIO is described in the chart below. Item Data center Certification Network protocol Authentication How Secured ISO9001/ISO14001/ISO20000/ISO27001 https(ssl3.0) ID, strong password required to log in Single sign on protocol SAML 2.0 Data center security Data Separation, Access Control, Encryption of print data (AES256). Print content data is deleted after 48 hours Data Center facility security Palm and vein authentication for entrance 24 hour monitoring Whereabouts tracking using RFID tags monitors all employees and visitors Locked racks Single Sign On In order to use the services of CBIO, users must be authenticated. CBIO supports SAML2.0 (Security Assertion Markup Language) and provides Single Sign-On function with salesforce.com via the web browser. There are various scenarios to log-in to CBIO. User connects to CBIO and enters their user ID and password for CBIO. User connects to CBIO and enters their user ID and password for salesforce.com. This user can access their salesforce.com account without entering their user ID and password. User connects to salesforce.com and enters their user ID and password for salesforce.com. This user can access CBIO without entering their user ID and password for CBIO. User logs-in to the Canon imagerunner ADVANCE device with a Smart Card or enters their user ID and password that is registered (by the device owner) in CBIO. By authenticating to this device, a user can connect to CBIO without separately entering their user ID and password for CBIO. 7

8 SAML SAML is an XML standard established by the information standards association OASIS, and is used for exchanging authentication information between different sites safely and in such a way that it enables single sign-on. To perform SAML 2.0-based Single Sign-On with CBIO, a metadata file issued by salesforce.com that contains information about the site and the customer that is needed to enable Single Sign-On with CBIO. Single Sign-On for the Direct Print Scenario The figure and table below depict the basic flow of Single Sign-On from salesforce.com to CBIO cloud services that leverage SAML. salesforce.com CBIO Identity Provider (IdP) Service Provider (SP) Authenticates user by receiving login credentials from the user and issues the SAML assertion. Relies on the assertion issued by the IdP and authenticates the request without requiring an additional sign-in to CBIO. IdP: The provider that authenticates user by receiving sign-on from the user and issues the SAML assertion. In this case, salesforce.com acts as the IdP. SP: The provider that relies on the assertion issued by IdP and authenticates the user trying to access the service. In this case CBIO and Forms and Print Services for Salesforce are the service provider. Single Sign-On for the Authenticated Print Scenario The following is the use case scenario for Authenticated Print using Single Sign-on: A user walks up to a Canon imagerunner Advance device, authenticates using a Smart Card or entering user ID and password, and selects a print job stored in CBIO to print. 8

9 SSO Configuration Some configuration must be done to accomplish single-sign on between salesforce.com and CBIO for the Direct Print use case and between a Canon imagerunner ADVANCE device and CBIO for the Authenticated Print use case. For the Direct Print use case, this is summarized as follows: In salesforce.com Setup a sub-domain of salesforce.com for your organization. Using salesforce.com configuration tools, enable your salesforce.com organization (based on the sub-domain entered in step 1) as an Identity Provider (i.e. IdP). Configure CBIO as a Service Provider within your salesforce.com organization. Download a metadata file and a digital certificate created via salesforce.com based upon input provided in steps 1-3 above. In CBIO Upload the metadata file and digital certificate obtained in step 4 above and wait for Canon to process the information accordingly within CBIO (takes 1-2 days). Setup authentication mapping of user accounts between CBIO and salesforce.com. See screenshot below. Register the printing devices to be used for this use case in CBIO. jdoe@ciis.canon.demo1 For the Authenticated Print Use Case, the Administrator has to perform the following operations within CBIO before users can log into a print device to release CBIO print jobs: Register the printing devices to be used for this use case with CBIO. Associate/map each CBIO user with their device user login ID together. 9

10 Data Transmission Security for CBIO Solutions The communication protocol between a Web browser and CBIO server is via HTTPS (HTTP over SSL/TLS) protocol. Additionally, communication between the Web browser and the print device that is done as part of the Direct Print case and can also be secured via SSL/TLS (optional). The CBIO Server Certificate is signed by VeriSign and installed in CBIO server enabling data encryption through SSL connection. The Canon imagerunner ADVANCE devices have the root VeriSign certificate pre-installed and any modern web browser used by the client PC should as well thus no additional configuration is needed for SSL communications to CBIO. To achieve SSL communication between the CBIO-registered imagerunner ADVANCE device and the client PC-device for the Direct Print case, the CA certificate that corresponds with device certificate is required to be trusted by the client PC. If the device certificate is selfsigned (by the device), the CA certificate is the device certificate. The figure below depicts this situation. 10

11 Customer Data Security Canon considers the security and privacy of customer data to be of utmost importance. In Forms and Print Services for Salesforce, the only customer data stored by CBIO is basic account information. The print data that is sent to a print device only resides within CBIO for a maximum of forty-eight (48) hours (this is relevant to the Authenticated Print case). Nevertheless, the security of that data is important and it is therefore stored within CBIO encrypted, using strong encryption via the AES256 algorithm. All communication with CBIO is done via the SSL/TLS protocol (including the client PC browser as well as CBIO-enabled printing devices). A CBIO customer or tenant is a corporation or group within corporations that use CBIO. Only users that belong to a contracted group and have created a CBIO account in that group can use CBIO. Canon Business Imaging Online implements an intermediary virtual partition layer between a tenant and user data that makes it appear to the tenant as though its data is the only data in the user data storage. Tenant settings use access control lists to determine who can access data and what they can do with it. User print data is encrypted with a unique encryption key for each tenant/customer and utilizes the AES256 encryption algorithm. 11

12 Summary Canon s cloud platform for its business applications, Canon Business Imaging Online (CBIO), provides its customers access to Canon s latest technologies and services on the cloud. Canon is committed to the security and privacy of its customers and therefore, CBIO is hosted at a secure data center with the latest, industry standard security measures and precautions in place. At the platform level, key architectural design points are built-in to the CBIO infrastructure. At the service level, CBIO provides a set of core services including Authentication and Authorization Services, Management Services, and Log Services. All of which help prevent unauthorized users from accessing CBIO services. As cloud computing continues to grow and Canon s cloud offerings increase, customers should feel confident that their information will remain secure and private. Canon will ensure that the flexibility, speed, and reliability they are used to, remains intact while the services offered through CBIO continue to expand. 12

13 About Canon / CIIS Canon U.S.A., Inc. launched Canon Information and Imaging Solutions, Inc. as a wholly owned subsidiary to harness the power of two of Canon s greatest intangible assets: in depth knowledge of information flow and the best in imaging technology. As a market leader in integrating office equipment and software into organizations network environments, Canon U.S.A., Inc., has gained tremendous insight into the way companies handle information - - whether it is on paper or in back-end systems. Ever since Canon U.S.A. introduced its award winning line of multifunction devices and began connecting them into company networks, Canon Solution Consultants have been optimizing vital business processes, enabling companies to save money in the process. Canon U.S.A., Inc. has a history of introducing market leading products and new technologies that foster new industries. Throughout this experience, Canon U.S.A., Inc. has developed an expertise in understanding how information flows within an organization. Canon Information and Imaging Solutions, Inc. is initially comprised of Canon USA s Professional Services personnel who were transferred to the new company. The team includes solution consultants, process analysts and project management experts with experience across many industries. These individuals possess multiple certifications including Project Management Professional (PMP) and Microsoft Windows Administrator as well as a variety of industry specific certifications. The in house engineering talent is top notch, with development experience in a variety of imaging and enterprise technologies. Salesforce is a trademark of salesforce.com, inc. CANON and imagerunner are registered trademarks of Canon Inc. in the United States and may also be a registered trademark or trademark in other countries. //LOOKFORWARD and the LOOKFORWARD design marks are trademarks of Canon Information and Imaging Solutions, Inc. All other referenced product names and marks are trademarks of their respective owners and are hereby acknowledged. Specifications are subject to change without notice Canon Information and Imaging Solutions, Inc. All rights reserved. 13