Security Whitepaper: Google Apps Messaging and Collaboration Products

Security Whitepaper

Google Apps Messaging and Collaboration Products Introduction The security of online services is a topic of increasing interest to enterprises as the number of third party hosted service o!erings has expanded in recent years. The emergence of various “cloud computing” concepts and definitions has highlighted not only questions about data ownership and protection, but also how various vendors of cloud computing technologies build and implement their services. Security experts, end-users and enterprises alike are all considering the security implications of the cloud computing model.

Google Apps (comprising Gmail, Google Calendar, Google Docs, and other web applications) provide familiar, easy to use products and services for business settings. These services, characterized by redundant computing environments and dynamic resource allocation, enable customers to access their data virtually anytime and anywhere from Internet-capable devices. This computing environment — often called the “cloud” — allows CPU, memory and storage resources to be shared and utilized by many customers while also offering security benefits.

Google provides cloud services reliably due to its experience with operating its own business, as well as its core services like Google Search, in a similar manner. The security controls that isolate data during processing in the cloud were developed alongside the core technology from the beginning. Security is thus a key component of each of our cloud computing elements, such as compartmentalization, server assignment, data storage, and processing.

This paper will explain the ways Google creates a security-based platform for o!ering its Google Apps products, covering topics like information security, physical security and operational security. This exploration will demonstrate how security is an integral component of Google’s cloud computing system, as well as a core element of Google’s design and development processes. The policies described in this paper are detailed as of the time of authorship. Some of the specifics may change over time as we regularly innovate with new features and products within Google Apps.

DocuWare Security Whitepaper

1 Objectives of This White Paper

The purpose of this white paper is to present the security measures within the DocuWare software. The paper includes a discussion of the measures undertaken to achieve access security and to prevent downtimes – or at least to minimize their adverse effects on users. It includes all preventive measures against accidental or deliberate manipulation of managed content and against data loss caused by system failure. Security features also include measures to ensure data protection and the traceability of events within the system. 

It mentions the underlying technologies and describes how they are used by the DocuWare system. This should provide readers with a technically sound understanding of the DocuWare system and the security it offers. 

This document is intended for clients (users), consultancy companies, IT magazines and distribution partners. It assumes a certain level of technical knowledge about the structure of modern software applications, ideally of document management systems. Detailed knowledge of current or previous DocuWare systems is not required.

Effective Records Management in Today’s Business Environment


Successful enterprises have come to rely on information as a major internal asset to leverage or as a lucrative product to sell. There is increasing public scrutiny regarding the need for corporate leaders to assure that business information in the form of records can be trusted, protected and produced when required. The importance of properly managing business records is covered in news sources almost daily, including the failure of some organizations to retain records for mandated time periods (Arthur Andersen) and the discovery in some cases of reputationdamaging emails (Microsoft and many others). Regrettably, litigation frequently is a tactic used to resolve disputes between persons and organizations. Governmental investigations routinely are initiated when audits yield findings of non-compliance with expected business practices or activities. In both of these scenarios, there is an immediate focus on how well management supported the proper retention and timely production of records, in either paper or electronic format. 

The default assumption is that employees perform job functions as delineated by policy, procedure and management directives.

Executive level attention to records management strategies, policies, procedures, and technology systems now is the expected practice in well-run organizations. Executive signatures required on financial statements by the Sarbanes-Oxley Act (SOX) make it critical to manage enterprise information and evidentiary records in a well-documented and consistent manner. Each organization’s value chain and information workflow must have supporting records management activities and auditable business processes that clearly document the status of activities; i.e., what is known, and when everyone knew it. A carefully developed records management strategy and rigorously enforced company information management policies are the key to achieving excellence in management that promotes customer, investor, regulator, employee and public confidence in an organization’s activities, products, and services.

Business Drivers for Records Management

Today’s complex business environments generate numerous challenges for both management and employees. Fast-paced changes in office technologies, changing governmental mandates and global competition create both obstacles and opportunities. However, a common aspect of all business environments is the constant demand for ontime access to data, information and documentation. Informational business records are needed for operational guidance, reporting to auditors, documentation of intellectual capital, evidence in litigation and a variety of other tactical and strategic drivers. Business records with critical informational content must be locatable and retrievable quickly and accurately. Otherwise lost productivity, public embarrassment and damaged financial status may result. Of equal importance is the transition of most enterprises today from sifting through piles of paper to managing gigabytes of data. This shift creates a mandate for an enterprise to control and manage its office.  

Canon ImageWare Remote Technology/Security Whitepaper

About This Whitepaper

This document is intended for IT administrators who would like to study the security features, system architecture and network impact of Canon U.S.A.’s imageWARE Remote service.

This document is NOT confidential.

About imageWARE Remote

imageWARE Remote is a service developed by Canon Inc. that is being made available to Canon U.S.A.’s dealers and service providers, enabling them to provide better service to their customers.

imageWARE Remote consists of two components: imageWARE Remote Meter Reading (collects meter reads automatically from enabled imageRUNNER devices) and imageWARE Remote Service Monitor (provides information about device status, error notifications and statistics about parts lifetime and consumables). Both services use the same underlying technology - either eRDS (embedded Remote Diagnostic System), or RDS Plug-in (imageWARE Enterprise Management Console Remote Diagnostic System Plug-in) to capture device information and transmit such information to a server managed by Canon Inc. via the Internet, where it is accessible by the service provider via a web interface (the Canon Inc. Universal Gateway or “UGW”).

The RDS Plug-in solution requires imageWARE Enterprise Management Console to be installed as a base operating platform and this requires a server to host the software. 

The eRDS solution on the other hand does not require any additional hardware or software since the solution is already embedded within the imageRUNNER device. 

How to Evaluate the Data Security Capabilities of Cloud-Based Services

Executive Summary

One of the critical issues in evaluating cloud- based services is data security. Cloud-based services today can be compared to Internet banking. Consumers were initially afraid that online banking would make them more vulnerable to fraud or identity theft. Now that online security technologies have improved, online banking is actually safer than getting paper statements in the mail.

Likewise, using a cloud-based service supplier instead of operating your own internal system can be a major step toward becoming liberated from serious security issues. However, you must choose your provider wisely. Suppliers must demonstrate that they have the optimal technologies, infrastructures and processes in place to ensure data security. And each healthcare facility needs to require evidence that patient data is protected at all levels and stages of the workflow – from duplicate disaster recovery copies and physical protection of the data center to data transmission, storage, and user access.

It’s important to understand the four key components of data security: availability, integrity, confidentiality, and traceability. Data availability ensures continuous access to data even in the event of a natural or man-made disaster or events such as fires or power outages. Data integrity ensures that the data is maintained in its original state and has not been intentionally or accidentally altered. Data confidentiality means information is available or disclosed only to authorized individuals, entities, or IT processes. And data traceability means that the data, transactions, communications, or documents are genuine and that both parties involved are who they claim to be.

All components of data security must be maintained at the following three levels:

  1. The physical infrastructure of the data center;
  2. The hosted application that manages data; and
  3. The policies and procedures to maintain continuous security in the cloud.

imagePRESS CR Server A7000 Powered by Creo Color Server Technology For the Canon imagePRESS C7000VP/C6000VP/C6000


The purpose of this document is to describe the various access and security attributes of the Creo Color Server product line, specifically for the Creo Color Server for the ImagePress CRA7000, and the potential threats to these attributes. Security relates to a collection of methods for access and integrity protection that a system provides in order to manage which users can access the system, and what features or data they can view or change.

Security threats are issues that relate to compromising the integrity of the system, hampering the integrity of job data, compromising secured feature access, or allowing unauthorized data access. The Creo color server relies mostly on the security of the Microsoft® Windows® operating system to provide these capabilities.

When describing security one has to address the following issues:

  • Identification and authorization
  • Access control (local and remote)
  • Data Security
  • System integrity
  • Accountability (auditing)

This document is divided into two major parts:

  • Part 1: A description of the product, network environment, software and hardware components.
  • Part 2: A description of the identification and authorization, access control, data security, system integrity, and accountability (auditing) categories.

Visioneer OneTouch® with Kofax® VRS® Technology A White Paper

“There is nothing more powerful than an idea whose time has come.” It’s not often that Victor Hugo gets quoted in the world of document imaging. So you should already be expecting something spectacular. Two technologies that have shaped and influenced the art and practice of making document scanners easy to use and dramatically enhanced image quality have come together.

In 1998, Visioneer changed the way that users interacted with their scanners. Previously there were multiple steps to scan a document or photo. Launching software, setting resolution, paper size, prescan, color depth, cropping, saving, etc. And the average user who was not skilled in scanner or imaging technology had no idea how or why to make these choices. So any scanning task took up to 14 steps and some techno-savvy. Enter Visioneer OneTouch. Visioneer created buttons on scanners that let the user scan with one touch to already configured settings for different applications: scan a photo, scan to email, scan to the printer (copying), etc. Before you knew it, everyone starting putting buttons on scanners. Why? Because ease of use was ease of use was more important than any other feature including price. The steak is more important than the sizzle.

At the other end of the user spectrum was Kofax. In the high speed production market where scanners eat paper for a living, there was trouble in scanned document image quality. Document quality differed, sometimes dramatically. There were of course clean laser quality documents, but also faded copies, unclear faxes, colored multipart forms, highlighted text, etc. And at one scanner setting, some pages scanned fine and others were illegible. At speed greater than 100 pages per minute, there was  no time to go back and adjust settings for imperfect originals and then return the fixed  scan to the digital stack. So Kofax developed Virtual ReScan or VRS. VRS intelligently makes 1998 Visioneer OneTouch Ad  custom adjustments to each scanned page in a stack of mixed quality documents so that every page is adjusted to a crisp and clean image without impacting the speed of the job. This not only improved image quality for the human eye, but the computer’s eye as well since OCR accuracy dramatically increased with improved image quality.

Enterprise Records Management Demand for a Comprehensive, Compliant ERM Program is Clear— the Methodologies and Road Map for Universal Success Are Not.


While records management has traditionally focused on physical assets (paper, microfilm/fiche, etc.), today’s business realities have driven a renewed focus on the management of enterprise records. Even so, as technology and services to manage electronic records are now available and maturing, the process and strategy for enterprise-level records management requires preparation, planning and an approach that includes active participation from several areas of the organization.

Many technology vendors have jumped on the “Compliance Bandwagon”— ot always with success. There is no out-of-the-box ERM or compliance solution in today’s marketplace. Compliance technology, especially for archival and formal records management, is also being leveraged for litigation and discovery initiatives (suspension, hold, preservation). Further, wider adoption of enterprise content management technologies (including imaging, document management, archival, storage, workflow, etc.) is on the rise as companies seek to implement a solid records management strategy.

The many challenges of records management

Records management spans multiple formats, with electronic gaining on paper every day. Making the transition from physical to electronic records management is a key challenge, with many organizations lacking expertise to fully internalize and implement these changing requirements. The ability to maintain accurate records from creation through storage to final disposition adds complexity, as does integrating with legacy and other line of business (LoB) imaging, archival and document management systems. 

Compliance and regulatory mandates, while some are new, offer acute challenges for organizations with high volumes of records. Staying current on regulatory changes and new requirements and keeping costs down while adhering to these requirements are crucial. Other key challenges include establishing and enforcing records creation and policies, and engaging employees on their responsibilities.

Minimizing corporate risk is top of mind in most organizations today. Litigation has increased, legal precedents tip, discovery costs toward the defense (e.g., Zubulake vs. UBS Warburg) and business continuity and protection of vital records are now integral parts of a records strategy. The need to protect sensitive content and the unauthorized usage and dissemination of corporate materials is growing. All in all, the corporate risks manifest themselves in several ways: reputation, valuation and brand loyalty among the top.

The Problem: Reams of Themes. The Solution: Campus Clusters.

The Challenge

Pupils producing paper. Lots of it. That was getting to be an expensive problem for the University of Notre Dame, which was seeing its costs skyrocket as students printed out reams of themes, dissertations and reports. A key issue was lack of oversight; there was no way to monitor, much less control, paper output or its costs. 

The University knew it needed a cost-effective print network to more efficiently manage student paper needs. With such a network – and associated cost tracking – the school’s OIT Department hoped to reduce paper waste, and bring down printing costs.

The Solution

Xerox stepped in with a two-fold print network solution for Notre Dame. First, due diligence: we monitored student printing needs to determine the best solution for the job. Then we put the network solution in place – installing multiple “print clusters” around campus, using Xerox Phaser™ printers and Pharos Uniprint® network software. 

Under the new network setup, students electronically send their documents to a nearby cluster for printing. Then, at their convenience, they simply walk to the cluster location, log in at a “computer release station,” and print their documents.  

A New Business Model for Color Printing: A Color Cost Per Page That Rivels a Black-and-White Cost Per Page Lifts the Final Barrier to Color Adoption and Usage


IDC believes that the use of color in documents can be a very effective communication tool. Compared with black-and-white-only output, color output offers significant benefits that can drive potential business opportunities. However, many potential users either are restricted from using color or are significantly limited from using it as much as they would like. The primary reason for this restriction/limitation comes from the traditionally higher costs associated with putting color on a page versus settling for monochrome output. As long as there is a significant delta between the color cost per page and black-and-white cost per page, the color market opportunity, while attractive, will be hampered by this cost obstacle. Unfortunately, this all-too-common scenario serves to limit companies’ ability to capitalize on the numerous benefits available in adding color to general business documents.

Xerox, in an attempt to address the significant differential between color and black page costs, has created a new printer model for its product portfolio. The new Phaser 8860 printer incorporates a unique pricing model so that a larger share of the total costs is applied up front to the acquisition price.

This new printer has substantially lower-cost color consumables — to the point where its color output costs rival black-and-white-only output costs on most standard laser printers. This achieves three primary objectives:

  1. Typical workgroup color printer users can gain significant cost savings with a Phaser 8860 versus conventionally priced color laser printers.
  2. The new pricing model is designed to drive more color usage by eliminating the fear of high color costs when printing significant color volume.
  3. The Phaser 8860 can produce high-impact black business-oriented documents with some color at a cost that is similar to that of black- nly pages produced on other devices. As a result, Phaser 8860 users get the benefit of using color without paying more for it.


Subscribe to RSS - Whitepaper