MFP Security Issues: Is Scan to Email up to date?29 Mar, 2007 By: Editorial Staff imageSource
MFP Security Issues: Is Scan to Email up to date?
Your customers may have smart card access securing the entrance to their
building, encrypted network login, and an IP filter protecting access to the
network, but do they have adequate safeguards when it comes to managing
information flowing into, and out of, their company via your scanners and MFPs?
With PDF as the delivery format of choice in scan to e-mail functions,
security may be as simple as adding encryption and a PIN to the file using
standard Adobe security features. To add further control and to be able to
utilize monitoring/auditing capabilities, Adobe offers a life cycle suite of
solutions that add more extensive control over access to documents. Despite
these PDF security options, the ability to simply add a PIN within PDF creation has not caught up with some MFP manufacturers who
are behind when it comes to security in their own scan to e-mail solutions.
To make matters worse for your customers, ignorance is not bliss in the world
of data security and privacy. While data security lapses are usually the result
of actions by junior members of staff, the head that often gets placed on the
chopping block (especially in large organizations that fail to maintain adequate
data security) is the C- class decision maker. It could be the CIO CTO, CFO,
COO, or even the CEO who takes the ultimate responsibility for company actions
and who is responsible for putting best practice procedures in place. Where just
a few years ago, an office procurement manager would have been the final sign
off authority, the C-class decision maker is now playing a major role and your
ability to explain, advise and demonstrating security options will put you on
top with the company and the customers.
There is Help at Hand
As security concerns are on the rise, it would be prudent to make sure you
are fully conversant in third-party security solutions made available through
your manufacturer or third party partners. Companies such as eCopy, NSI (AutoStore), Omtool
AccuRoute and others, which both directly (and indirectly through additional
integration factors) provide a myriad of advanced security measures for the scan
to email process that can more than satisfy even the most security-conscious
C-class decision maker.
One of the issues surrounding MFP scan to e-mail systems is the
disassociation of e-mail communication from the core user’s e-mail log. By
integrating directly via Exchange or Notes a company will route e-mails through
the MFP, but the log is recorded against the user’s e-mail account as if they
had sent the email from their desktop. Even more important is the fact that
attachments recorded with the email log do not always come into play with MFP
scan to e-mail routed directly through the SMTP mail server. Thus, without
integrating through Exchange or Notes, even if the Chief Security Office (CSO)
knew that confidential information had been leaked via a scan to e-mail route,
he or she would have no means of identifying who was the culprit. Look for
software that integrates with e-mail systems. This is important for companies
looking to keep a centralized, easily maintained log of every type of
communication going out of the company.
Prevention is Better Than A Cure
With high speed Internet connectivity, Gigabits of storage space now fit on
USB flash drives that are carried on keychains, and digital cameras built into
cell phones. These portable storage devices are causing headaches associated
with having to maintain company secrets. Maintaining security over electronic
data can be, in many ways, actually easier than controlling hard copy, as
security measures can be built into file properties.
Hard copies, however, are harder to trace when they have left the safe domain
of a locked cabinet or office. Security guards can search staff leaving a
building in hopes of finding documents that should not be leaving the building
with them. But, with high speed communications available everywhere, why would
they take the risk of being caught?
The first step to limiting opportunity is to force authentication on all
communication and scanning devices, thus creating an audit trail of activity.
However, as we mentioned above, scan to e-mail from most MFPs does not leave the
details of the actual information sent out as an attachment within the log, thus
making it a relatively safe route.
While integrating with Exchange and Notes secures the integrity of the entire
email message, including attachment details, it is still a case of shutting the
door after the horse has bolted. To many companies, knowing that information
thieves can be caught comes as little compensation when years of R&D, or the
biggest deal of the year, falls to pieces in front of their eyes.
Big Brother is Closer Than You Think
Products that allow administrators to build up entire workflow processes that
require the least amount of steps, include NSi’s suite of products,
specifically AutoStore and Referro2. The process is simple in essence,
requiring the administrator to set up a capture phase, a processing phase, and a
route. The capture phase is the MFP or scanner. The destination route can be
the e-mail delivery system, FTP folder, desktop location, etc. For the purpose
of this discussion the focus is on the most interesting phase of the workflow,
the process stage. AutoStore includes a wide range of processing options,
involving everything from OCR to bar code reading, and from archiving into ECM
to adding watermarks. There is also a Visual Basic scripting feature that can be
incorporated into the workflow. Administrators can set up all scanning workflows
to follow a set procedure, such as:
- User authenticates at the device, instantly starting the audit
- Scanning is carried out.
- Image is fed into an OCR application for conversion into a
searchable text format. The searchable text file is now passed through to a
custom programmed Visual Basic program, which carries out a security
filter/sweep on the content looking for any ‘hot’ words, codes, names, etc.
- If no “hot” words are detected, the data continues on its way to
the final destination / email address / ftp location, etc.
- If a “hot” word is detected, the process is stopped, an email or
other notification is instantly delivered to security, and the CSO and
the culprit is apprehended.
OCR and security filter steps may add a slight delay to the communication
process. But, with most users not bothering to wait for the final confirmation
that the email has gone through anyway, this is unlikely to cause problems in
Imagine dealers or vendors being able to tell their customers that their top
secret engineering or solutions project, new synthesis schematics, the next big
buy-out deal proposal (or Hollywood starlet plastic surgery bill) could be
safeguarded better than ever before! You will surely capture their attention.
While technology continues to get smarter, so do the would-be “digital
hi-tech criminals.” One of the big battles for R&D developers will be to
continue keeping our information safe. BERTL, a prominant industry leader in
research and analysis, will be keeping a very close eye on who is staying ahead
of the curve and who is left vulnerable to the modern day business of