Addressing document imaging security issues



Similar documents
Addressing Security Issues The ecopy solution for document imaging

ecopy ShareScan 4.5 Installation and Setup Guide for Canon ScanFront devices Part Number: (01/2009)

ecopy Connector for Interwoven WorkSite

ecopy Connector for EMC Documentum

ecopy ShareScan v4.3 Pre-Installation Checklist

The following items are trademarks or registered trademarks of Kaba Mas in the United States and/or other countries. GITCON

Nuance ecopy ShareScan 5 and ecopy PDF Pro Office 5 Reviewers' Guide

ecopy ShareScan v4.35 for ScanStation Product Overview

Getting Started Guide

ecopy ShareScan 4.2 Installation and Setup Guide for ALL Part Number: 73-ALL (10/2007)

BackupAssist v6 quickstart guide

ATX Document Manager. User Guide

User Guide. DocAve Lotus Notes Migrator for Microsoft Exchange 1.1. Using the DocAve Notes Migrator for Exchange to Perform a Basic Migration

HP ProtectTools Embedded Security Guide

Quick Scan Features Setup Guide. Scan to Setup. See also: System Administration Guide: Contains details about setup.

Novell ZENworks Asset Management 7.5

InstaFile. Complete Document management System

GFI White Paper: GFI FaxMaker and HIPAA compliance

Secure for MFPConnect. Manual Version Edition 1

The United States Office Of Personnel Management eopf Human Resources Specialist Training Manual for eopf Version 4.0.

BackupAssist v6 quickstart guide

Administrator Operations Guide

Network Scanner Tool R3.1. User s Guide Version

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection

Quick Scan Features Setup Guide

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection Data

Securing MFPs in a CAC Environment: Today and Tomorrow Critical Considerations

MULTIFUNCTIONAL DIGITAL SYSTEMS. Operator s Manual for AddressBook Viewer

PageScope Router. Version 1.5. Configuration Guide

User Guide. Version 3.0 April 2006

Nuance ecopy ShareScan. Brings paper documents into the digital world. Document capture & distribution Nuance ecopy

Pearl Echo Installation Checklist

MULTIFUNCTIONAL DIGITAL SYSTEMS. Network Fax Guide

Quick Reference Guide

SeCUritY. Safeguarding information Within Documents and Devices. imagerunner ADVANCE Solutions. ADVANCE to Canon MFP security solutions.

Cleo Streem Fax Users Guide. Version 7.1

StarWind iscsi SAN Software: Tape Drives Using StarWind and Symantec Backup Exec

Zmanda Cloud Backup Frequently Asked Questions

How to Secure a Groove Manager Web Site

GlobalScan NX. Server 32/Server 750. Intelligent scanning for smarter workflow

Simplify essential workflows with dynamic scanning capabilities. GlobalScan NX Server 32/Server 750 Capture & Distribution Solution

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report

Customer Tips. Xerox Network Scanning TWAIN Configuration for the WorkCentre 7328/7335/7345. for the user. Purpose. Background

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

Background Information

Administration Guide Novell Filr May 2014

HYBRID PLATFORM FOR ADVANCED SOLUTIONS (HyPAS ) Technology Brief

WatchDox for Windows User Guide. Version 3.9.0

Installing CaseMap Server User Guide

How To Install Caarcserve Backup Patch Manager (Carcserver) On A Pc Or Mac Or Mac (Or Mac)

WatchDox Administrator's Guide. Application Version 3.7.5

Install and Configure RelayFax

Accessing the Media General SSL VPN

Equitrac Print & Copy Control. Setup Guide Equitrac Corporation

Sophos for Microsoft SharePoint startup guide

DocuPrint C3290 FS Features Setup Guide

for Fast, Easy Document Sharing

efficient workflow security capability streamlined productivity SOFTWARE SOLUTIONS

Sage 200 Web Time & Expenses Guide

U.S. Army best practices for secure network printing, scanning, and faxing.

DriveLock and Windows 7

HDDtoGO. User Guide. User Manual Version CoSoSys SRL 2010 A-DATA Technology Co., Ltd. HDDtoGO User Manual

Remark FTP Utility. For Remark Office OMR. User s Guide

NTI Backup Now EZ v2 User s Guide

Pennsylvania Department of Public Welfare. Bureau of Information Systems OBSOLETE. Secure User Guide. Version 1.0.

Codici errore Universal Send Kit

ONE Mail Direct for Desktop Software

FileCloud Security FAQ

Copyright 2012 Trend Micro Incorporated. All rights reserved.

redcoal SMS for MS Outlook and Lotus Notes

Benefit. Allows you to integrate RES PowerFuse with application virtualization technologies other than SoftGrid (e.g. Citrix XenApp, VMWare Thinapp).

DocuShare User Guide

Secure Installation and Operation of Your Xerox Multi-Function Device. Version 1.0 August 6, 2012

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Cloud Portal for imagerunner ADVANCE

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities

Interact for Microsoft Office

Configuring, Customizing, and Troubleshooting Outlook Express

MICROSOFT OFFICE 365 MIGRATION 2013/05/13

Receiving Secure from Citi For External Customers and Business Partners

RES PowerFuse Version Comparison Chart (1/9)

Host Access Management and Security Server

HIPAA Security Compliance for Konica Minolta bizhub MFPs

Implementing Transparent Security for Desktop Encryption Users

WatchDox for Windows. User Guide. Version 3.9.5

efficient workflow security capability streamlined productivity SOFTWARE SOLUTIONS

White Paper. Software version: 5.0

KM-1820 FS-1118MFP. Network Scanner Setup Guide

Equitrac Office. Administration Guide Equitrac Corporation

Document Archiving White Paper. Secure. Accessible. Reliable

Transcription:

Addressing document imaging security issues

Document imaging makes it possible to integrate paper documents with existing workflow processes and business applications, e.g., e-mail, fax, and electronic document management systems. But before introducing paper into electronic-based processes, you want to be sure that document imaging is safe and document integration secure. Whenever shared office scanners and multifunction devices connect to a computer network, security is a primary concern. And, since paper documents frequently contain information that is confidential or sensitive in nature, their security must be assured, perhaps even more so than their paper originals, since their ability to reproduce and travel electronically is considerably freer than their paper-bound genesis. But if organizations are to realize the gains in efficiency, productivity, and service that document imaging makes possible, technology-based processes must be adopted, albeit with a commitment to maintaining information security. To that end, security is paramount in three key areas: users, documents, and devices. By controlling access, protecting files, and securing devices, the information in paper documents can be protected by familiar electronic security procedures that also support disaster recovery and business continuity. Getting from paper to e-file Workgroup or work function scanning usually takes place at a networked multifunction device, e.g., a printer/copier/ scanner, whereas a centralized resource might support high-volume, repetitive scanning or handle oversized documents like blueprints or schematic drawings. The threat of compromised security is considerably greater in an open office environment, so the focus should be on that scenario. On the surface, using existing office devices to convert paper documents into digital files is not much different than the photocopying or scanning that office workers have engaged in for years. It is the added functionality of today s scanning devices and the sophistication of the document imaging software that make the difference. For example, the multifunction device that scans the paper documents should have destination options in the form of easy-to-read icons. These might include: Scan and Mail: gives users access to existing server-based address lists and the ability to send scanned documents directly from the scanning device using their personal e-mail accounts Scan and Fax: delivers scanned documents by fax using an existing network fax application or print driver. Internet fax services also are supported, so you can send and receive faxes by e-mail without requiring any fax hardware Scan to File: delivers scanned documents to a user s personal scan inbox, where they can be retrieved, managed, modified, and shared as Adobe Portable Document Format (PDF) documents Scan to Printer: sends scanned documents to a remote printer anywhere on a local or wide area network Using versatile file naming, indexing, and custom scan-to buttons, it is possible to integrate scanned documents into existing business processes and easily automate a single workflow, with no programming required. Additional integration capabilities enable paper documents to be scanned and distributed to leading document management systems, including Microsoft SharePoint, and to e-mail, fax, cost recovery, and other business applications directly from the copier or scanner. User authentication As a shared device in a public area, authentication is essential to ensure that only authorized users have access to the network. In addition to verifying the identity of the people who send documents, authentication can provide an audit trail of what was sent and by whom. Your network security infrastructure (e.g., Windows Active Directory, Novell NDS, Lotus Notes, etc.), combined with password-based authentication, also provides a range of user authentication options. Session logon A single sign-on interface enables users to log on to the network from the scanning device with their Windows or Novell passwords and use any application without having to log on again during that session. A timeout period ensures that a user who fails to log off does not remain connected. Security can be implemented selectively at each application level. For example, authentication could be required for scan and mail but not for scan to file. In this case, the logon screen is presented after selecting scan and mail, and the logon remains in effect only while using that application. 1

Authentication for Scan and Mail When documents are e-mailed directly from the scanning device, users should have the same safeguards and audit trails as when documents are sent from an individual s desktop. For example, when users of Microsoft Exchange, Outlook, or Lotus Notes select their name from the global address list and enter their password, the document imaging software embeds the sender s name and e-mail address in the e-mail s From field, and a copy of the message is stored in the user s Sent Items folder (Exchange) or delivered to the user s Inbox (Notes). If the user s login name and e-mail name don t match, the user s name is embedded in the message body, ensuring that all mail can be traced back to the sender, and that no anonymous or untraceable e-mail can be sent from the copier or scanner. Authentication for Scan and Fax Basic scan and fax implementations provide functionality similar to that of a standalone fax machine (i.e., local address book support, but no sender authentication). More advanced implementations using Microsoft Exchange, Lotus Notes, or Captaris RightFax offer sender authentication and a copy to sender option for audit trails. Authentication for Scan to File Scan to File enables quick and easy delivery of scanned documents to the user s personal scan inbox. Authentication using existing network passwords can prevent sending scanned documents to another user s inbox. Activity logging With activity logging, use of the scanning device can be monitored and each scanned document can be tracked. When tracking is enabled, the user can enter identifying information, such as account number, department, or patient ID, before the file is sent. With tracking fields included in the activity log file, users can enter specific information each time they select a scanning function. Fields can be defined as required or optional, and the system administrator has the flexibility to make previously-keyed values available for selection from a dropdown list, standardizing comments and speeding data entry. If the activity log is in a standard comma-delimited format, the file can be imported into a spreadsheet or report generator for billing or security tracking purposes. Additionally, client billing can be enabled if the document imaging solution supports integration with cost recovery systems, such as those from industry leaders Billback Systems, Copitrak, Equitrac, nqueue, and Sepialine. Tracking of this kind, when used in conjunction with the appropriate administrative procedures, is important in any environment where sensitive information is stored and its distribution must be monitored. While password protection typically is not used for fast, one-touch scanning, access to certain destinations can be restricted and individual folders can be secured by enabling selective authentication. Password authentication security summary Security feature Major benefit End-user impact Single session logon Ability to send e-mail from personal Exchange or Outlook mail account Ability to send e-mail from personal Notes mail account Mail via SMTP Scan to File authentication User authentication Eliminates the need to log on multiple times when sending documents using various connections. All e-mail can be traced back to an individual. Users receive a copy in Sent Items folder. Non-delivery receipt is sent to the user if an e-mail address cannot be found. All e-mail can be traced back to an individual. User receives a copy in Notes inbox. All e-mail can be traced back to an individual. Sender receives a copy. Prevents saving to a disk that cannot be traced back to an individual. Prevents unauthorized users from scanning and e-mailing documents User logs on once and has access to all connections that support Session Logon. User selects name from Exchange global address list and enters network password. User selects name from Notes global address list and enters Notes password. User selects name from LDAP address list and enters network password. User must enter network password. When enabled, user must enter password. 2

Document security Document imaging solutions are in use at government agencies, banks, hospitals, military sites, and other locations where information security is an everyday requirement. Encryption, deletion of temporary files, and scan inbox security keep scanned documents visible only to those with proper authorization. Encryption To ensure the confidentiality of scanned pages, 128-bit encryption can secure documents that are sent over a public network or uploaded to a shared repository. With encryption enabled, users simply enter a password to create an encryption key. The sender then communicates the password to the recipient over a secure channel, and the recipient enters the password to open the file. Secure deletion of temporary files The ability to remove temporary files at the end of each scanning operation is an important security feature. When enabled, temporary files can be purged by automatically overwriting the disk locations multiple times with random characters. Inbox security Inboxes are created through a sign-up process that each user completes at the scanning device. The inboxes can be folders created specifically for temporary storage of scanned documents, or subdirectories of existing Windows or Novell home directories. Scanned documents that are delivered to a user s personal scan inbox can be retrieved using any application that can read files of the selected storage type. NTFS or Novell permissions are applied automatically to prevent users from accessing documents other than their own. Device security When scanning from a public device, it is important to have security in place that limits the activities that can be performed at the copier or scanner. At a minimum, the document imaging system should provide the same level of network security as any desktop system on your network: Password authentication for access to any network resources Password encryption when stored or transmitted over the network Restricted network access A dedicated login account for document imaging requires only limited access to the network. It should restrict anyone from browsing network resources or performing activities that cannot be traced back to an individual user. Access rights will depend on the scanning functions available, with the administrator empowered to selectively disable individual scanning functions. Scanning function Scan and Mail Scan to File Scan and Fax Scan to Printer Scan to SharePoint Network access requirements An account on the mail server (used to access the global address list) None An account on the network fax server or mail server (for Fax via Mail ) Access to the designated printer None Automatic logon and application startup System administrators should place account restrictions on network PCs that are dedicated to document imaging. Configuring these PCs to launch the document imaging software automatically at startup limits the possibility of someone gaining unauthorized access to the network following a reboot. Application lockdown Document imaging software should always run full-screen, blocking access to the taskbar, start menu, and desktop icons. As a further safeguard, a password lock should be available to prevent the unauthorized use of other applications. Physical security Lockable covers for PCs that are dedicated to document imaging can prevent anyone from physically accessing these devices. No removable drives Eliminating floppy disk drives and disabling USB ports will prevent the introduction of unauthorized software or viruses via these devices. The implementation of a document imaging solution requires operating system software, application software, device drivers, and administrative tools. Administration and software updates can be performed remotely over the network. 3

Device security summary Security feature Major benefit IT impact Restricted network access Prevents anonymous access to network Requires a dedicated login account per site. resources. Auto-logon and application startup Application lockdown Prevents unauthorized use of the device for other purposes. Prevents use of the device for purposes other than document imaging. Requires installation and configuration of an auto-login utility (e.g., Microsoft Tweak UI). Password required Physical security Prevents tampering with the device. Physical lock required No removable drives Prevents introduction of unauthorized Additional software must be installed over the software or viruses. network. Secure deletion of temporary files Securely purges all temporary files created during the scanning process. Administrative configuration Stringent document and device security standards enable companies to extend their electronic security protection to paper documents. A comprehensive range of security features provides the flexibility that companies need to prevent unauthorized document access, restrict or limit access to certain functions, and track activity by user and document. For more information on document imaging security, please contact sales@ecopy.com or visit the ecopy Web site at www.ecopy.com 2008 ecopy, Inc. The ecopy logo, ecopyfax, the Simplify logo, the MailRoom logo, ecopy ShareScan, ecopy ShareScan OP, ecopy ScanStation, ecopy ScanStation OP, ecopy Desktop, ecopy Quick Connect, ecopy Xpert Compression, UniDoc, SpeedFax, and SpeedPrint are trademarks of ecopy, Inc. ShareScan, Simplify, and MailRoom are registered trademarks of ecopy, Inc. All other terms and products are trademarks or registered trademarks of their respective owners and are hereby acknowledged. P/N: ECOM-0295 01/08

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information