Multifunction products (MFPs) in today’s offices can print, copy, scan to network destinations, e-mail attachments and handle incoming and outgoing faxes. If everyone has access to the machine, just about anyone can launch attacks against the network.
Innovative devices are not immune to security threats. If not properly protected, they can provide an entry point for unauthorised access to the network or allow employees to print and remove classified data without anyone’s knowledge.
Without the proper protection, hackers, disgruntled employees, or even spies can gain access to sensitive customer business information and make it public record with the click of a mouse. Many industries must now also comply with government regulations and satisfy a customer base with deep privacy concerns.
Documents provide the basis of business communication. They are used to share ideas and thoughts or to provide a written account of ownership or obligation and as the use of computers continues to increase, so does the number of documents created daily. Due to the fact that documents often contain valuable information such as trade secrets, document management and protection has become vital to every organisation.
It is not just the big corporations that are subject to these issues. Even small or medium-sized businesses without permanent IT staff need security without major IT investment.
MFP vulnerabilities range from the phone line connected to them, printer viruses disguised as print files, Web servers used to manage the MFPs and printers and e-mails sent from MFPs that need to be traced back to the originator.
What businesses of all sizes need is a straightforward method to secure their documents from beginning to end, locking down mission-critical information to ensure it does not fall into the wrong hands. They need to be able to restrict access, track usage and protect the confidential data that flows through the system to protect data by user, apply industry and government mandated standards and regulations and integrate into other security products.
One example of how to apply document security is in the financial services industry where users can add special text to documents, printed or electronic, to ensure that they have not been tampered with. Fonts and graphics can also be used to authenticate cheques, corporate letterheads, customer statements and other important documents.
Government departments can also use that technology to increase security and develop fraud-resistant identification badges, letterheads and certificates, to name a few.
Healthcare organisations too can benefit by adding this technology to identification cards, bracelets, parking passes and prescription pads.
These organisations and others like them need to ensure that they meet five key security goals:
* Confidentiality – no unauthorised disclosure of data during processing, transmission, or storage.
* Integrity – no unauthorised alteration of data; system performs as intended, free from unauthorised manipulation.
* Availability – systems work properly; no denial of service for authorised users; protection against unauthorised use of the system.
* Accountability – actions of an entity can be traced directly to that entity.
* Assurance – confidence that integrity, confidentiality, availability, and accountability goals are being met
Good security systems that meet the five goals will be based on one of the foremost set of security standards, the ISO/IEC 15408, called Common Criteria, that define security requirements and establish procedures for evaluating IT system and software security.
Common Criteria sets specific information assurance goals that include integrity, confidentiality and availability for systems and data, user level accountability and non-repudiation.
IT networks have had an undeniably positive impact on business to enable e-mail, the Internet, remote printer access and file sharing to boost productivity.
But networks must be secured to ensure that information, one of an organisation’s most valuable assets, remains safe and available to those who need it and not those who do not.
Warren Lock, product manager Office Systems Group at Bytes Document Solutions