|
Saperion
Document Security
Saperion offers strong
security features to guard against
unauthorized access to archived documents, and to ensure that the archive
medium cannot be accessed by external tools. Access to specific portions
of the archive can be defined and changed at any time by the authorized
system administrator. Users gain access to documents, or to specific
pages within a document, according to the group they belong to, the
role of the group, and the rights granted to them.
 Access Control Lists are used to define security privileges that define
which users may access which documents. This may be defined based on
the user name, group or profile. Access can also be restricted by setting
conditions based on the indexing criteria (metadata).
The
integrity of the original document is never compromised. ANY change
made on a document, or on its indexing information, results in a revision being created. Thus, there is no way that information within an image
or document be modified without leaving an audit
trail, and without
maintaining the previous version. There is no
limit to the number of
revisions, and one can browse through the revision history at any time.
Secure Annotations guarantee that only certain users may see or modify
them.
Archived documents are not written in a file system format, and thus
it is not possible to bypass the system's security measures to access
the documents. Saperion takes direct control of storage devices like
optical drives and jukeboxes. Eliminating 3rd party software to access
storage devices makes it impossible to bypass Saperion's security measures,
and also reduces the cost of deployment.
It is also possible to copy
and mirror optical media either within
the same jukebox, or between jukeboxes that may be in different cities. Placement
strategies allow designating certain media to hold specific
type of documents. This can be used for example to store confidential
information on separate media from those used to hold other documents.
As an additional option, Saperion offers the ability to encrypt documents
using several algorithms including those provided by the MS Crypto
interface and also the 128 bit Blowfish algorithm. In addition, Saperion
can also support electronic signatures to ensure documents validation.
SAPERION – Data Security
SAPERION offers a very high degree of
security on its information repositories:
- Security for Stored Data:
You can save all document information (document,
indexing, document structure, annotations, table definitions,
etc.) including all
changes on the storage medium.
- Complete reconstruction of the
index databases is possible from the medium
at any time.
- Protection from unauthorized access
by saving the data in a data format
defined by SAPERION, which cannot be read without the Document
Server.
- Access rights for complete documents,
single pages and annotations.
- Manual creation of copy media is possible.
- Automatic mirroring of media: if required,
with the use of the high-end Document Servers, you can also have
physically separated systems where
one system can act as a “Hot Site” for the other.
- The Audit Trail
option can track and log every transaction and event occurring
within Saperion.
- No third party products are used
for any security sensitive features.
Security of Access by Rights
Assignment The
SAPERION system uses user names and passwords to grant
access to the
electronic storage repository. The definition of Saperion’s
user management is similar
to that of Windows NT/2000, and thus it is easy to transfer
it and synchronize
between the two environments.
- Function
Rights: You
can define function rights according to Roles, and
different roles can be assigned to any combination
of
user groups. These
rights control access to general system functionality
and menu items.
- Access
Rights: You can
assign access rights for complete documents, single
pages or to annotations (black markers, text notes,
and stamps) through
access control lists (ACL). An ACL consists of any
list of user names or
groups with the ability to define various permission
levels for each member of
an ACL.
- Encryption
and Digital Signatures may optionally be added to saved
documents to further enhance security.
Security
When Using the Storage Repository via the Internet
 There are several security
mechanisms to protect the Web
server, the electronic storage repository, and any
transmitted
documents from unauthorized access: You can configure
the
Web server so that only certain user groups gain
access, and
there are specific ports available for SAPERION.
Firewalls and
VPN further increase security.
Access to the repository
can be protected by user names and passwords just like
in a
local SAPERION network. This is also valid for all
function and access privileges via
the Internet, since users, groups, roles, and access lists defined
in the user
management of SAPERION also have full validity when connected via
the Internet. SAPERION
- Document Server
SAPERION’s Document Server is one
of the world’s most secure servers available
today. With its unique architecture, you can completely rebuild
lost or corrupted
databases from information stored on the Saperion storage media.
The
system monitors and logs all of the writing process until
the end of the full
transaction. This is very helpful in the document recreation
process. It is also
possible to mirror all documents onto another medium while
they are being written.
The Document Server works in a sequential,
object-oriented memory format. This is
a state-of-the-art developed approach that is not file-System
oriented. SAPERION is
constantly optimizing and updating the Document Server
using experience collected
from over hundreds of projects. The Document Server is
now even more suitable for
deployment in large enterprises due to its scalable multi-tier
architecture. It offers
higher flexibility and simplified administration (especially
its remote maintenance).
The large Cache, RPC connection, and its multithreading
capability, make the
Document Server one of the best high-performance document
storage backend
solutions in use today.
SAPERION – High End Document Server
SAPERION
is designed around a Multi-Tier architecture that allows
very high orders
of scalability. A large number of locations, servers,
storage repositories, Caching
servers, and users may be configured to work together
with high performance.
For large enterprises and others
that store large volumes of data, strategies for
document distribution to several jukeboxes and document
servers become
necessary. For the administration of such a network
of several document servers,
the SAPERION High-End Document Server offers various
replication mechanisms.
 This concept applies particularly
to the control of media mirroring
or media replications between optical jukeboxes that
may be
located anywhere in the world. If the jukebox or
the original
medium fails, you can continue working with the
mirrored
medium. Storage of documents can also continue
by using the
cache until a new original medium is made available
or the active
jukebox is back online.
If a Document Server or jukebox
fails, the high-end Document Server can step in for
the original server’s affected media and can then
allow all types of access to continue
normally. The end users are not aware of the
switching between servers or
jukeboxes. Because of all these redundancy features,
the high-end Document
Server also permits uninterrupted operation during
maintenance. It offers the
highest security against media loss (e.g. due
to theft or fire). It also offers a true
disaster recovery and business continuity solution
option.
Download: Security
Brochure (PDF)
|
