Certainly a good decision

IT-HAUS GmbH is one of Germany's top IT systems and trading companies. As a provider of national and international IT solutions and services, customers receive comprehensive full-service concepts from a single source. IT specialists with the highest levels of certification from leading manufacturer partners advise and support customers from the B2B environment. For public sector clients, a dedicated team of experts with many years of industry expertise is on hand to provide long-term strategic and reliable support to local authorities and institutions in the administrative and banking sectors. www.it-haus.com

Added value for the customer

Management Summary

To prevent dangerous data breaches, companies in the public sector in particular need to control the physical and electronic access points to their MFPs (multifunction printers). As an expert in reliable authentication and secure print solutions, IT-HAUS knows what is important here and accompanies its customers from consulting to the implementation of a tailor-made solution through to support.

Starting position

More and more companies are using networked multifunctional devices (MFPs) for copying, printing, scanning, faxing and sending emails. These modern all-rounders have hard disks, embedded firmware and functions for communicating with other systems in the network. However, where encryption, user authentication, document usage tracking or other security controls are missing, there is a risk that data protection could be breached, confidential files could accidentally end up with the wrong recipient or even be stolen. It is also almost impossible to determine the cause of the data breach or data loss. This poses a major challenge for corporate IT, which a public institution from the banking and finance sector also faced. This institution has 35 locations across Germany and employs almost 10,000 people who handle sensitive data on a daily basis. In addition to conventional printers, the customer mainly uses multifunctional devices, which are used as central workgroup or departmental devices by several employees. In order to meet the company's high data protection and compliance requirements, those responsible invited tenders in 2016 for the delivery and installation of a cross-location software solution for Follow-Me and Secure Print, including the necessary card readers.

Requirements

An authentication solution was needed to prevent documents with protected data from being left unattended in the output tray after printing and possibly falling into the wrong hands. Authentication enables the verification, reporting and tracking of all user actions as well as the use of various other security functions. For example, all multifunction devices should only be able to print documents that are assigned to the authenticated user. This not only increases security, but also reduces the number of uncollected, mixed-up or lost print jobs and therefore material consumption and printing costs. Documents to be printed should also be stored in a queue on the print server instead of on the device itself. Those responsible attached particular importance to the encrypted transmission of print jobs from the workstation to the output device so that documents and data cannot be intercepted via the network during transmission.

Goals

In terms of both hardware and software, IT-HAUS was able to convince those responsible with a manufacturer-independent and therefore sustainable solution that is also easy to implement: SafeCom from Nuance is software for secure printing that enables controlled access to multi-function and single-function printers. Its key features include secure pull printing, encryption and document security as well as tracking and reporting functions. In addition, the software is licensed per end device, i.e. regardless of the number of users or servers, and with an unlimited term. The customer only pays a comparatively low maintenance fee, which guarantees first and second level support from IT-HAUS as well as support and regular updates from the manufacturer.
The aim was to equip a total of 1,200 multifunctional devices with the software. After the concept was successfully tested at three locations with around 200 multifunctional devices, the customer placed a follow-up order for 1,000 additional device licenses.

Solution

With SafeCom Pull Print ("Follow-Me-Printing"), every printer or MFP works like a personal printer. Users send their print jobs and authenticate themselves at any device in the network to collect their printouts. However, these are not sent directly to the printer as with conventional push printing, but remain on the user's computer for the time being, where a so-called print client is installed for print processing, storage and encryption. This means that each print job initially ends up in a virtual print queue and remains encrypted until the user authenticates themselves at the device using a chip card. All they have to do is hold their badge up to the card reader installed on the MFP and their personal print jobs are displayed. By installing SafeCom Print Client on user computers, customers also minimize their network capacity requirements, as only control data is transmitted via the company network. Waiting documents remain stored locally until the user authenticates and retrieves the print job (end-to-end encryption). This noticeably reduces the load on the company network. Only login and tracking information is sent to the SafeCom server installed in each of the customer's branches. Authentication on the device also makes it possible to restrict security-relevant functions. This ensures that users can only access the resources assigned to them in the network. A popular workaround, for example, is to scan a document and send it to the user's own e-mail address so that it can then be edited electronically. Once the employee has logged on to the device, they can select scanning to their own e-mail address (scan-to-me) from a list of predefined and approved workflows. The solution is set up so that emails can only be sent to addresses in the Active Directory or the global address list (GAL) - i.e. within the company or network - using a personal company address rather than a general one. In this way, users cannot send anonymous emails, let alone externally. The process is also fast and error-free and can be recorded in the test log together with the user, device, process, email address, date, time and certain metadata. The SafeCom Tracking function provides reports and a comprehensive overview of all print, copy, scan, fax and e-mail activities in the company as well as usage behavior and costs. The tracking data recorded in the audit log can be forwarded from the MFP to a database so that in the event of a data breach, it is easy to trace which device the error occurred on, which user was authenticated and to which destination the data was sent. However, as a compromise between consumption control and employee protection, this data is recorded anonymously at the customer's premises.

Our experts will be happy to advise you on the individual options.

Fill out our contact form or call us directly. We look forward to talking to you.