The Ins and Outs of Secure Fax and Document Delivery Solutions for the Enterprise

Featured Article by Bill Ho, President, Biscom

Data center annual budgets today are often devoted to securing an organization’s IT networks, the applications that run on them, and the data managed by the applications. One of the most important security considerations IT personnel face is the need to protect sensitive information, such as data exchanged within the healthcare, financial, and legal sectors. Regulations such as the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability & Accountability Act (HIPAA), and the Sarbanes-Oxley Act (SOX) have made it mandatory that organizations transmit and store sensitive information with particular standards.

One method of electronic document exchange has been in use for longer than the Internet has been around: fax. In general, fax has always been considered a secure method of data transmission; after all, fax travels over physical phone lines or via the Internet as secure data packets – both of which embed the fax as a TIFF image via a dedicated connection, and are not often targets for hackers – a big reason why today faxes are still considered secure, legal and binding versions of their original documents.  Despite its reputation as a secure means of transmitting often-sensitive data, fax is also subject to the increasingly demanding security requirements of today.

Compared to the use of physical fax machines or MFPs, network fax servers and enterprise solutions provide inherently more security because they manage fax documents behind the company firewall or in a secure cloud environment. Also, as faxes remain in digital format from start to finish and are then stored in a protected environment, the accidental viewing of sensitive information on faxes sitting at a fax machine is no longer an issue. Not all enterprise fax solutions are the same however, especially when it comes to securing the fax during its entire life cycle, both on the outbound (create and send a fax) and inbound (receive, route and process a fax) side of things. Security issues may arise at any number of points along the way.   The following drawbacks are concerns when it comes to fax data security:

– Faxes that are “at rest” on the fax server may not be encrypted.

– Faxes sent or received as email attachments may not use secure connections like SSL, TLS, or other secure transmission methods.

– Interfaces between the fax server and other processing or workflow components may not be secure.

– Remote access to the fax system (via the Web, for example) may use unsecured connections.

Today’s enterprise fax solutions might be on-premises fax systems, cloud-based fax services, or a combination/hybrid of both. Cloud-based faxing is gaining ground as companies are looking to outsource their faxing services to the cloud.  Not all automated faxing systems or services can ensure end-to-end protection of the actual fax and the information it contains.  This places them at risk for security breaches and compliance violations.

To maintain a high level of security and compliance and a low level of risk, IT decision makers have several aspects to consider when choosing and implementing a secure enterprise fax solution.

– Where will the system reside and who will manage it? Will it be all on-premises and administered in-house? Will it be cloud-based or a hybrid?

– Does the system architecture scale gracefully as traffic grows?

– At what points in the fax transmission life cycle is the data encrypted and how so? It the data encrypted both in-transit and at-rest?

– Do administrators have visibility into fax flow and can they manage large systems simply?

– Does the system tie into other enterprise systems such as directory services (LDAP/AD) for authentication?

– Does the system support other secure delivery mechanisms?

A new approach to secure faxing integrates the simplicity of fax communication with secure file transfer capabilities – marrying the two technologies to provide an even higher level of security and auditability. By maintaining received faxes in an encrypted and authenticated system, administrators can add an additional layer of protection for faxes. By integrating SFT capabilities into fax software for outbound deliveries, legacy systems that are fax-based can immediately leverage the added security that SFT provides while also providing a notification to senders that their fax was successfully received.

While faxing can seem like an old-fashioned technology, it is still used heavily today for mission critical applications, especially when communication between disparate systems can only be accomplished through a common format and channel. So fax solutions must continue to evolve and meet the new security standards that CIOs expect from their infrastructure. Hopefully, some of the topics we discussed here can help you as you perform your due diligence.

About the author:

Bill Ho brings more than 20 years of Internet and software experience in the technology field to his position as president at Biscom. Bill received a BS in Computer Science from Stanford University, an MS in Computer Science from Harvard University, and an MBA from MIT Sloan School of Management.