Reference

Certainly a good decision

Authorized printing ensures cost efficiency and maximum security protection for 10,000 employees of a public institution

IT-HAUS GmbH is one of Germany's top IT systems and trading companies. As a provider of national and international IT solutions and services, customers receive comprehensive full-service concepts from a single source. IT specialists with the highest levels of certification from leading manufacturer partners advise and support customers from the B2B environment. For public sector clients, a dedicated team of experts with many years of industry expertise is on hand to provide long-term strategic and reliable support to local authorities and institutions in the administrative and banking sectors. www.it-haus.com

Added value for the customer

Secure printing through: Pull Print with authentication ensures that printed documents do not fall into the wrong hands. Authentication at the MFP prevents unauthorized access to the device. Hiding the document name in the print queue and end-to-end encryption ensures maximum data protection.
Reduced material consumption (Green IT): With Pull Print, the many piles of forgotten or unneeded printouts are a thing of the past. The bottom line here is that paper and toner savings of up to 15 percent are possible.
Flexible, scalable and easy implementation: SafeCom offers flexible configuration options that enabled IT-HAUS to implement the solution easily and cost-effectively across the organization, even though the customer was using MFPs from different manufacturers.
Cost transparency through consumption control
Personal and customized support from IT-HAUS and Nuance Professional Services

Management Summary

To prevent dangerous data breaches, companies in the public sector in particular need to control the physical and electronic access points to their MFPs (multifunction printers). As an expert in reliable authentication and secure print solutions, IT-HAUS knows what is important here and accompanies its customers from consulting to the implementation of a tailor-made solution through to support.

"By opting for IT-HAUS , the customer has not only received one of the best products on the market, but also maximum investment protection and the greatest possible flexibility: this means that they can also be sure in future tenders that they will not have to rely on a specific manufacturer's own software or be tied to a specific manufacturer on the hardware side, let alone have to start from scratch again."

Florian Sinn

Team Coordinator Technical Consultants, IT-HAUS GmbH

Starting position

More and more companies are using networked multifunctional devices (MFPs) for copying, printing, scanning, faxing and sending emails. These modern all-rounders have hard disks, embedded firmware and functions for communicating with other systems in the network. However, where encryption, user authentication, document usage tracking or other security controls are missing, there is a risk that data protection could be breached, confidential files could accidentally end up with the wrong recipient or even be stolen. It is also almost impossible to determine the cause of the data breach or data loss. This poses a major challenge for corporate IT, which a public institution from the banking and finance sector also faced. This institution has 35 locations across Germany and employs almost 10,000 people who handle sensitive data on a daily basis. In addition to conventional printers, the customer mainly uses multifunctional devices, which are used as central workgroup or departmental devices by several employees. In order to meet the company's high data protection and compliance requirements, those responsible invited tenders in 2016 for the delivery and installation of a cross-location software solution for Follow-Me and Secure Print, including the necessary card readers.

Requirements

An authentication solution was needed to prevent documents with protected data from being left unattended in the output tray after printing and possibly falling into the wrong hands. Authentication enables the verification, reporting and tracking of all user actions as well as the use of various other security functions. For example, all multifunction devices should only be able to print documents that are assigned to the authenticated user. This not only increases security, but also reduces the number of uncollected, mixed-up or lost print jobs and therefore material consumption and printing costs. Documents to be printed should also be stored in a queue on the print server instead of on the device itself. Those responsible attached particular importance to the encrypted transmission of print jobs from the workstation to the output device so that documents and data cannot be intercepted via the network during transmission.

Goals

In terms of both hardware and software, IT-HAUS was able to convince those responsible with a manufacturer-independent and therefore sustainable solution that is also easy to implement: SafeCom from Nuance is software for secure printing that enables controlled access to multi-function and single-function printers. Its key features include secure pull printing, encryption and document security as well as tracking and reporting functions. In addition, the software is licensed per end device, i.e. regardless of the number of users or servers, and with an unlimited term. The customer only pays a comparatively low maintenance fee, which guarantees first and second level support from IT-HAUS as well as support and regular updates from the manufacturer.
The aim was to equip a total of 1,200 multifunctional devices with the software. After the concept was successfully tested at three locations with around 200 multifunctional devices, the customer placed a follow-up order for 1,000 additional device licenses.

Solution

With SafeCom Pull Print ("Follow-Me-Printing"), every printer or MFP works like a personal printer. Users send their print jobs and authenticate themselves at any device in the network to collect their printouts. However, these are not sent directly to the printer as with conventional push printing, but remain on the user's computer for the time being, where a so-called print client is installed for print processing, storage and encryption. This means that each print job initially ends up in a virtual print queue and remains encrypted until the user authenticates themselves at the device using a chip card. All they have to do is hold their badge up to the card reader installed on the MFP and their personal print jobs are displayed. By installing SafeCom Print Client on user computers, customers also minimize their network capacity requirements, as only control data is transmitted via the company network. Waiting documents remain stored locally until the user authenticates and retrieves the print job (end-to-end encryption). This noticeably reduces the load on the company network. Only login and tracking information is sent to the SafeCom server installed in each of the customer's branches. Authentication on the device also makes it possible to restrict security-relevant functions. This ensures that users can only access the resources assigned to them in the network. A popular workaround, for example, is to scan a document and send it to the user's own e-mail address so that it can then be edited electronically. Once the employee has logged on to the device, they can select scanning to their own e-mail address (scan-to-me) from a list of predefined and approved workflows. The solution is set up so that emails can only be sent to addresses in the Active Directory or the global address list (GAL) - i.e. within the company or network - using a personal company address rather than a general one. In this way, users cannot send anonymous emails, let alone externally. The process is also fast and error-free and can be recorded in the test log together with the user, device, process, email address, date, time and certain metadata. The SafeCom Tracking function provides reports and a comprehensive overview of all print, copy, scan, fax and e-mail activities in the company as well as usage behavior and costs. The tracking data recorded in the audit log can be forwarded from the MFP to a database so that in the event of a data breach, it is easy to trace which device the error occurred on, which user was authenticated and to which destination the data was sent. However, as a compromise between consumption control and employee protection, this data is recorded anonymously at the customer's premises.

Hardware

27x Kyocera TASKalfa 4054ci laser multifunction printer
165x Kyocera ECOSYS M3655idn laser multifunction printer
11x Kyocera ECOSYS M6635cidn color laser multifunction printer
399x Kyocera ECOSYS P3145dn mono laser printer
59x Kyocera ECOSYS P6230cdn color laser printer
5x Kyocera TASKalfa 3554ci color laser multifunction printer
16x Kyocera TASKalfa 4012i laser multifunction printer
3x Kyocera TASKalfa MZ4000i laser multifunction printer

Our experts will be happy to advise you on the individual options.

Fill out our contact form or call us directly. We look forward to talking to you.