Document imaging makes it possible to integrate paper documents with existing workflow processes and business applications, e.g., e-mail, fax, and electronic document management systems. But before introducing paper into electronic-based processes, you want to be sure that document imaging is safe and document integration secure. Whenever shared office scanners and multifunction devices connect to a computer network, security is a primary concern. And, since paper documents frequently contain information that is confidential or sensitive in nature, their security must be assured, perhaps even more so than their paper originals, since their ability to reproduce and travel electronically is considerably freer than their paper-bound genesis.
But if organizations are to realize the gains in efficiency, productivity, and service that document imaging makes possible, technology-based processes must be adopted, albeit with a commitment to maintaining information security. To that end, security is paramount in three key areas: users, documents, and devices.
By controlling access, protecting files, and securing devices, the information in paper documents can be protected by familiar electronic security procedures that also support disaster recovery and business continuity.
Getting from paper to e-file
Workgroup or work function scanning usually takes place at a networked multifunction device, e.g., a printer/copier/ scanner, whereas a centralized resource might support high-volume, repetitive scanning or handle oversized documents like blueprints or schematic drawings. The threat of compromised security is considerably greater in an open office environment, so the focus should be on that scenario. On the surface, using existing office devices to convert paper documents into digital files is not much different than the photocopying or scanning that office workers have engaged in for years. It is the added functionality of today’s scanning devices and the sophistication of the document imaging software that make the difference.
For example, the multifunction device that scans the paper documents should have destination options in the form of easy-to-read icons. These might include:
Scan and Mail:
• gives users access to existing server-based address lists and the ability to send scanned documents directly from the scanning device using their personal e-mail accounts
Scan and Fax:
• delivers scanned documents by fax using an existing network fax application or print driver. Internet fax services also are supported, so you can send and receive faxes by e-mail without requiring any fax hardware Scan to File:
• delivers scanned documents to a user’s personal scan inbox, where they can be retrieved, managed, modified, and shared as Adobe Portable Document Format (PDF) documents
Scan to Printer:
• sends scanned documents to a remote
printer anywhere on a local or wide area network Using versatile file naming, indexing, and custom scan-to buttons, it is possible to integrate scanned documents into existing business processes and easily automate a single workflow, with no programming required. Additional integration capabilities enable paper documents to be scanned and distributed to leading document management systems, including Microsoft SharePoint, and to e-mail, fax, cost recovery, and other business applications directly from the copier or scanner.
User authentication
As a shared device in a public area, authentication is essential to ensure that only authorized users have access to the network. In addition to verifying the identity of the people who send documents, authentication can provide an audit trail of what was sent and by whom.
Your network security infrastructure (e.g., Windows Active Directory, Novell NDS, Lotus Notes, etc.), combined with password-based authentication, also provides a range of user authentication options.
Session logon
A single sign-on interface enables users to log on to the network from the scanning device with their Windows or Novell passwords and use any application without having to log on again during that session. A timeout period ensures that a user who fails to log off does not remain connected. Security can be implemented selectively at each application level. For example, authentication could be required for “scan and mail” but not for “scan to file.” In this case, the logon screen is presented after selecting “scan and mail,” and the logon remains in effect only while using that application.
Authentication for Scan and Mail
When documents are e-mailed directly from the scanning device, users should have the same safeguards and audit trails as when documents are sent from an individual’s desktop.
For example, when users of Microsoft Exchange, Outlook, or Lotus Notes select their name from the global address list and enter their password, the document imaging software embeds the sender’s name and e-mail address in the e-mail’s “From” field, and a copy of the message is stored in the user’s Sent Items folder (Exchange) or delivered to the user’s Inbox (Notes).
If the user’s login name and e-mail name don’t match, the user’s name is embedded in the message body, ensuring that all mail can be traced back to the sender, and that no anonymous or untraceable e-mail can be sent from the copier or scanner.
Authentication for Scan and Fax
Basic “scan and fax” implementations provide functionality similar to that of a standalone fax machine (i.e., local address book support, but no sender authentication). More advanced implementations using Microsoft Exchange, Lotus Notes, or Captaris RightFax offer sender authentication and a “copy to sender” option for audit trails.
Authentication for Scan to File
Scan to File enables quick and easy delivery of scanned documents to the user’s personal scan inbox. Authentication using existing network passwords can prevent sending scanned documents to another user’s inbox.
While password protection typically is not used for fast, one-touch scanning, access to certain destinations can be restricted and individual folders can be secured by enabling selective authentication.
Activity logging
With activity logging, use of the scanning device can be monitored and each scanned document can be tracked. When tracking is enabled, the user can enter identifying information, such as account number, department, or patient ID, before the file is sent.
With tracking fields included in the activity log file, users can enter specific information each time they select a scanning function. Fields can be defined as required or optional, and the system administrator has the flexibility to make previously-keyed values available for selection from a dropdown list, standardizing comments and speeding data entry.
If the activity log is in a standard comma-delimited format, the file can be imported into a spreadsheet or report generator for billing or security tracking purposes. Additionally, client billing can be enabled if the document imaging solution supports integration with cost recovery systems, such as those from industry leaders Billback Systems, Copitrak, Equitrac, nQueue, and Sepialine. Tracking of this kind, when used in conjunction with the appropriate administrative procedures, is important in any environment where sensitive information is stored and its distribution must be monitored.
Password authentication security summary
Security feature Major benefit End-user impact
Single session logon Eliminates the need to log on multiple times when sending documents using various connections.
User logs on once and has access to all connections that support Session Logon. Ability to send e-mail from
personal Exchange or Outlook mail account
All e-mail can be traced back to an individual. Users receive a copy in Sent Items folder. Non-delivery receipt is sent to the user if an e-mail address cannot be found.
User selects name from Exchange global address list and enters network password. Ability to send e-mail from
personal Notes mail account All e-mail can be traced back to an individual. User receives a copy in Notes inbox. User selects name from Notes global address list and enters Notes password. Mail via SMTP All e-mail can be traced back to an individual. Sender
receives a copy.
User selects name from LDAP address list and enters network password.
Scan to File authentication Prevents saving to a disk that cannot be traced back to an individual.
User must enter network password. User authentication Prevents unauthorized users from scanning and
3
Document security
Document imaging solutions are in use at government agencies, banks, hospitals, military sites, and other locations where information security is an everyday requirement. Encryption, deletion of temporary files, and scan inbox security keep scanned documents visible only to those with proper authorization.
Encryption
To ensure the confidentiality of scanned pages, 128-bit encryption can secure documents that are sent over a public network or uploaded to a shared repository. With encryption enabled, users simply enter a password to create an
encryption key. The sender then communicates the password to the recipient over a secure channel, and the recipient enters the password to open the file.
Secure deletion of temporary files
The ability to remove temporary files at the end of each scanning operation is an important security feature. When enabled, temporary files can be purged by automatically overwriting the disk locations multiple times with random characters.
Inbox security
Inboxes are created through a sign-up process that each user completes at the scanning device. The inboxes can be folders created specifically for temporary storage of scanned documents, or subdirectories of existing Windows or Novell home directories.
Scanned documents that are delivered to a user’s personal scan inbox can be retrieved using any application that can read files of the selected storage type. NTFS or Novell permissions are applied automatically to prevent users from accessing documents other than their own.
Device security
When scanning from a public device, it is important to have security in place that limits the activities that can be performed at the copier or scanner. At a minimum, the document imaging system should provide the same level of network security as any desktop system on your network:
Password authentication for access to any network •
resources
Password encryption when stored or transmitted over •
the network
Restricted network access
A dedicated login account for document imaging requires only limited access to the network. It should restrict anyone from browsing network resources or performing activities that cannot be traced back to an individual user. Access rights will depend on the scanning functions available, with the administrator empowered to selectively disable individual scanning functions.
Scanning function Network access requirements Scan and Mail An account on the mail server (used to
access the global address list) Scan to File None
Scan and Fax An account on the network fax server or mail server (for “Fax via Mail”)
Scan to Printer Access to the designated printer Scan to SharePoint None
Automatic logon and application startup
System administrators should place account restrictions on network PCs that are dedicated to document imaging. Configuring these PCs to launch the document imaging software automatically at startup limits the possibility of someone gaining unauthorized access to the network following a reboot.
Application lockdown
Document imaging software should always run full-screen, blocking access to the taskbar, start menu, and desktop icons. As a further safeguard, a password lock should be available to prevent the unauthorized use of other applications.
Physical security
Lockable covers for PCs that are dedicated to document imaging can prevent anyone from physically accessing these devices.
No removable drives
© 2008 eCopy, Inc.
The eCopy logo, eCopyFax, the Simplify logo, the MailRoom logo, eCopy ShareScan, eCopy ShareScan OP, eCopy ScanStation, eCopy ScanStation OP, eCopy Desktop, eCopy Quick Connect, eCopy Xpert Compression, UniDoc, SpeedFax, and SpeedPrint are trademarks of eCopy, Inc. ShareScan, Simplify, and MailRoom are registered trademarks of eCopy, Inc. All other terms and products are trademarks or registered trademarks of their respective owners and are hereby acknowledged.
P/N: ECOM-0295
For more information on document imaging security, please contact [email protected] or visit the eCopy Web site at www.ecopy.com Device security summary
Security feature Major benefit IT impact
Restricted network access Prevents anonymous access to network
resources. Requires a dedicated login account per site. Auto-logon and
application startup
Prevents unauthorized use of the device for other purposes.
Requires installation and configuration of an auto-login utility (e.g., Microsoft Tweak UI). Application lockdown Prevents use of the device for purposes
other than document imaging. Password required Physical security Prevents tampering with the device. Physical lock required No removable drives Prevents introduction of unauthorized
software or viruses. Additional software must be installed over the network. Secure deletion of
temporary files
Securely purges all temporary files created during the scanning process.
Administrative configuration
