Product Security Guidance

Information and Content Security Services

Failure to secure knowledge capital and document management systems can prove costly.

Technology has transformed the way employees conduct business. Today, documents take shape in not only the traditional hard copy forms, including handwritten notes and draft versions of paper communications, but also in electronic forms on desktops and in email. Since employees create, store, share and distribute these electronic documents differently than traditional paper documents, this information is at high risk of theft or loss. To remain competitive, a company must address these threats by securing the documents and document management systems that contain a company's most valuable asset - knowledge.

Information and document management systems face a wide range of security threats. These threats include intentional espionage acts such as computer hacking, theft, fraud and sabotage, as well as unintentional acts like human error and natural disasters. Information security is more than protection. It is about ensuring timely access and availability of document content to improve business process and performance. It is also about managing original content and complying with federal regulations.

Global Document Outsourcing accomplishes this, in part, through the code of practice defined in the ISO 17799 Information Security Management Standard, and the establishment of an appropriate management system. The system manages risk across the enterprise creating balance between physical, technical, procedural, and personnel security.

In addition to implementation of a management system, Global Document Outsourcing develops unique solutions, such as a secure-document tracking system that helps reduce the unauthorized disclosure of sensitive documents to the public via the Internet. This customizable solution ensures security by identifying each document with a unique code that can be traced back to the original authorized employee, ultimately discouraging employees from using and sharing these documents improperly.

Global Document Outsourcing is also using DataGlyph technology to maintain the integrity of information and streamline the business process. By digitally capturing a company's customer information at the time of transaction, information is available in real-time, adding additional security to a new and improved business process.

Although companies cannot completely prevent security problems, when addressed head-on by utilizing smart documents and processes, economic espionage and information loss can be reduced.

Xerox-Hosted Repository Service
Xerox provides "Hosted Repository Services" within Global Document Outsourcing. This application requires a high level of security and Xerox produces the security.
  • Application Security: The software application itself imposes a very complex security program based on "access control lists" that control user rights and privileges to all objects in the hosted repository. The design and implementation of this application security is customized for each customer and is driven by business requirements. Each and every user has a unique user ID and a password compliant with Xerox security rules. Each user is authenticated against Xerox's authentication server to gain access to the individual application.

  • Network Security: Platform Services employs many different security tools and techniques to ensure that our network for the hosted repository is secure. First of all, each customer application has a unique URL and port, so there is no overlap on any customer interface. All traffic, whether over the Internet or through a private line, is 128 bit SSL encrypted with a certificate from a trusted third-party. For additional security for some clients, all traffic is routed through a 3DES encrypted VPN. Furthermore, some clients will have additional security through limiting the IPs to which our firewalls will respond.

    All internet-facing applications have a web server located in an isolated DMZ, with an actively monitored intrusion detection appliance on the internet connection. All application software is operated on separate servers in a secure zone on the network, which does not have any direct access to clients, the Internet, or any other private external connection. All customer data is stored on a storage area network, which is accessible only from the Secure Zone.

  • Physical Security: All production equipment for the hosted repository service is located in Class 9 data centers, with appropriate physical security features in place. This includes live security personnel, identify authentication, fire suppression, redundant power, and physical man-barriers. Platform services maintains a geographically disparate second site for disaster recovery.

  • Logical Security: Since Platform Services operates multiple clients on the same physical hardware and network, there is a need for proper local separation of customer data. This is achieved through running a separate instance of software [web server, application server, database] for each customer with a unique "owner account" for each instance, and storing data on a dedicated volume on the storage area network for each customer.

  • Policies and Procedures: Platform services follow all pertinent Xerox security policies in terms of personnel screening, confidentiality contracts, right down to the clean desk policy. In addition to this, Platform Services has policies specific to the Hosted Repository, for example, we have defined authorities from each customer to authorize user accounts and password resets and monthly reports of user activities for customer review to ensure normal activity.

  • Document Integrity: DigiFinish Book Integrity ensures that the proper book cover is applied to a book block. This validation process prevents both cover/book block mismatch and misorientation of covers due to improper loading by the operator.

  • Stock and Page Verification: Stock verification validates that each piece of paper on which an image is printed is the stock actually intended for that image, so a mismatch is recognized as soon as it occurs. Page verification ensures that the actual sequence of printed pages [impression sequence] corresponds with the intended page sequence for the job. This capability can be implemented with either of two symbologies [barcodes or dataglyphs] based on user needs.

  • Auditing Capabilities [XEAR]: Xerox Enhanced Accounting Reporter [XEAR] is a system for capturing user-selected data from accumulated printer accounting information in a single or multiple printer environment. The XEAR components assure the information's quality and merge it into a database for customer-controlled report generation.