Tuesday, July 26, 2011

MFP Security Issues

MFP Security Issues


You may have smart-card access securing the entrance to your building, encrypted network login, and an IP filter protecting access to the network, but do you have adequate safeguards when it comes to managing information flowing in and out of your company via your scanners and MFPs?
One of the issues surrounding MFP scan-to-email systems is the disassociation of e-mail communication from the core user’s e-mail log. By integrating directly via Exchange or Notes, a company will route e-mails through the MFP, but the log is recorded against the user's e-mail account, as if they had sent the email from their desktop.
Even more important is the fact that attachments recorded with the email log do not always come into play with MFP scan-to-email routed directly through the SMTP mail server.

Thus, without integrating through Exchange or Notes, even if the Chief Security Office (CSO) knew that confidential information had been leaked via a scan-to-email route, he or she would have no means of identifying the culprit.


The first step to limiting this security risk is to force authentication on all communication and scanning devices, thus creating an audit trail. The process is simple, in essence, requiring the administrator to set up a capture phase, a processing phase, and a route. The capture phase is the MFP or scanner. The destination route can be the e-mail delivery system, FTP folder, desktop location, etc.
Administrators can set up all scanning workflows to follow a set procedure, such as:
User authenticates at the device, instantly starting the audit trail.
Scanning is carried out.
Image is fed into an OCR application for conversion into a searchable text format. The searchable file is passed to a customized program that performs a security content filter/sweep looking for “hot” words, codes, names, etc. If no “hot” words are detected, the data continues on its way to its final destination.