Hello and welcome to today’s Webinar, “Maximize Your MFPs (or multifuction printers) With Cloud Faxing – Is Your Business Ready?
I’m Michael Flavin, Sr. Product Manager with eFax Corporate®, and I’m joined by Brad Spannbauer, Director, Product Development, also from eFax Corporate®.
Today we’re going to cover a few topics, starting with why faxing is still necessary for millions of businesses, even in our modern, Internet era. Then we’ll discuss and dispel some of the major misconceptions about faxing, email and MFPs.
After that we’ll talk through a few uses, to show you how integrating MFPs with fax can benefit businesses. And then we will introduce you to the eFax Corporate MFP faxing feature, and show you why it makes sense for your business.
And finally, we’ll turn the discussion over to you, and your questions, with our Q&A section.
So… Multifunction Printers (MFPs) are often overlooked as opportunities to improve the efficiencies and workflows of a business’s workforce.
Once they’re installed, MFPs are utilized for most of their intended uses – printing, copying, and scanning to email or shared server files…but what about faxing right from “the glass”?
First, let’s discuss why faxing is still relevant today – and will be for the foreseeable future. Then we’ll discuss how you can integrate your fax capability into the MFPs you’ve already invested in, to extend the capabilities of your MFPs to the cloud. And finally we’ll get into why that’s a smart decision.
Now, I know what some of you are thinking: Isn’t fax just another outdated technology we no longer need? Is it still even necessary?
It is for these guys! Industries like healthcare, legal, real estate, financial services and manufacturing all rely on faxing, sometimes every day, to operate their businesses. Many other industries do as well. We’ll discuss why in a moment.
But first, consider these stats.
According to a CIO Magazine article from just a couple of years ago, nearly three quarters of US businesses still have traditional fax machines.
And a recent MSN News feature cited research indicating there are roughly 17 million fax machines operating today.
Interestingly, 17 million is also the number of MFPs sold in 2014, according to a report from research firm IDC.
By the way, these MFP makers shown here represented the top 5 brands for 2014.
But let’s get back to fax, which is still an important component of most businesses’ overall communication infrastructures, for many reasons.
There are business needs. For example, what if delivery requires a confirmation receipt?
There are compliance needs. What if a fax transmission is more aligned than other communication methods with your industry’s privacy regulations?
There’s also often the need for document traceability. What if you need a clear and complete audit trail of every transmission?
And of course there are market demands What if your customers or partners demand a fax?
Security Requirements. What if your document contains sensitive data and needs additional layers of security only a secure fax can provide?
So, we’ve established that fax is still relevant, even necessary, to many industries. And we’ve established that faxing as a communication protocol is not going away anytime soon.
The questions now are…
How old are your fax servers? At 3 years, may be time to look at retiring.
Where does it hurt? Rebooting servers often? Having regular technical or outage issues?
Business Model and SLAs: Does your provider sell ‘hybrid’ and on-premise fax servers? Why would they sell you both? Is this in your best interest?
Features: What features does the provider offer? Mobile apps? Lifetime storage online, with easy search capability? Do the features meet your org’s needs?
Financial considerations: Have you done a cost/benefit analysis of Traditional vs. Cloud Faxing?
It’s easier than you might think to eliminate fax machines, fax servers, telco lines, fax cards and the IT headaches associated with supporting aged or end-of-life fax infrastructure…
In fact, it can even be quite seamless and painless, with new technology that lets you integrate your MFPs directly with a cloud fax service.
The best way to explain how this works is to quickly run through some common misconceptions about fax, email and MFPs.
Many people believe they can eliminate all fax capability and replace it with scanning and emailing.
But this leaves the business open to several issues. First, there’s no centralized process for tracking and auditing documents scanned and then emailed.
Also, as we stated earlier, what if your customer demands communicating by fax? And what does this scan-to-email mean for compliance with privacy rules?
Many organizations have also been burned by the VoIP and FoIP migration misconception.
They assumed that moving to these IP-based technologies for their communications would allow fax to follow along. But VoIP and FoIP are notoriously unreliable when it comes to faxing. They often drop packets and simply fail to transmit fax documents.
And what about the notion that email is more secure than fax?
It certainly can be, but organizations need to build in that security themselves — such as using advanced protocols like Transport Layer Security for transmission and then at least as strong encryption protocols for the emails while at rest, in storage. A secure faxing protocol — such as the cloud-fax system from eFax — can be more secure than email.
Finally, many people assume that the scan-to-email solution is their only option to transmit a document straight from the MFP device — because, they believe, you can’t fax from an MFP.
Not so! Turns out with the right cloud fax solution, you can integrate your faxing with virtually any Multifunction Printer or Multifunction Device — no hardware required, no client software required, no setup, no maintenance. And no more IT headaches!
So let’s talk about that last point. Yes, you can deploy a cloud fax solution that lets you take advantage of the one function you might have assumed impossible with your existing Multifunction Printers: you can fax directly from them.
And here’s how fast and easy it is to extend the capabilities of your MFPs to include cloud faxing.
An eFax account and your existing MFPs are all you need.
Our first scenario, this is typical of the setup in a small office, say a small legal practice or real estate office where a desktop or Consumer MFP is being used, often shared by the office. In most cases, the MFP has an email address assigned to it by the manufacturer, with emails routed through a cloud email service managed by the vendor. Usually messages sent to the MFP’s email address will be printed automatically.
To set up the integration, just add the MFP’s email address as both a Send and Receive Address on one of the office eFax user accounts. Once added to an account, faxes sent to the user’s fax number will be emailed to the printer and will print automatically. When sending, use the “scan to email” function to generate an email message, then address the outgoing email as normal when using eFax: firstname.lastname@example.org.
This is easy to set up, easy to use, and has almost no administrative overhead – you’re just using an existing account. Because it’s all tied to one account, though, you lose reporting on individual usage and have only a minimal audit trail. Using the vendor’s email server limits your security options – TLS encryption may not be supported.
The second scenario involves the use of a larger MFP, usually one of many located within a larger office or across an enterprise. These devices are often integrated more tightly into the organization’s network. In most cases, these MFPs will have an email address assigned by the network admin and will leverage the organization’s email infrastructure. The device may also have access to network shares for storing files. Messages sent to the MFD’s email address can be printed automatically or written to a storage directory. The MFD is not configured to require individual user authentication – anyone in the office can walk up and scan, copy, or print.
To set up the integration, create an eFax user account for the device, using its email address for sending and receiving. Faxes sent to the MFD’s fax number will be emailed to the printer for automatic printing or storage. When sending, use the “scan to email” function on the MFP, then address the outgoing email as normal when using eFax: email@example.com.
This configuration is easy to set up and easy to maintain, and allows any employee in the office to send a fax without having an eFax account. You can assign a custom cover page to each printer account. And by using your email server, you can implement tighter security protocols like TLS encryption.
However, like the desktop solution, this configuration doesn’t provide delivery confirmation receipts to individual senders, nor does it offer granular reporting or usage tracking.
In the third scenario, the MFP has an even tighter integration into the organization’s network. In addition to an email address on the organization’s email server, the MFP will also be tied to the Active Directory or LDAP server for user authentication. The MFP is then configured to require individual user authentication – users in the office must log in on the device before they can scan, copy, or print.
To set up the integration, create an eFax user account for every person in the office who’ll be using fax services. Faxes sent to the users’ fax numbers will be emailed to each user for viewing.
When sending, users log in to the MFP and use the “scan to email” function on the MFD, then address the outgoing email as normal when using eFax: firstname.lastname@example.org. Unlike the previous scenarios, the emails appear to come from the user themselves, not from the printer, and are thus tied to each individual’s eFax account.
Since individual users are identified, this scenario allows for the greatest degree of reporting and tracking accuracy, and it provides a very clear audit trail. Each user receives their own delivery confirmation receipt and can have their own custom cover page.
The gains in reporting come at the expense of administrative overhead – for this configuration to work, every user in the organization must have their own properly configured eFax account.
Our final scenario is an Enterprise level integration with eFax Corporate. This solution is designed for organizations that want to allow any user to send a fax with detailed usage tracking and delivery confirmations, but without the requirement of an eFax account for each user.
To set this up, create an eFax account for each MFP in the organization, making sure to use the device’s email address. To send a fax, use the scan to email function, but instead of the standard address – email@example.com – your users will include additional parameters in the recipient address. These parameters allow users to specify an email address for the delivery confirmation, select a custom cover page, or supply a client matter or departmental billing code.
After faxing, the delivery confirmation is emailed directly to the sender, while the email address and billing code are stored in the usage logs, allowing granular reporting, usage tracking, and an enhanced audit trail. With this feature, we’ve reduced the administrative overhead, while giving every user in the organization a customizable outbound fax solution.
With eFax Corporate®, you are able to leverage your MFP in a number of ways:
Fax directly from the glass; also annotate and add electronic signature
Maintain complete audit for all faxes, easily accessible online
Enjoy complete faxing capability directly from the MFP. This includes using distribution lists, custom cover sheets, return receipts, etc.
Can also use eFax Corporate to fax from any Internet-connected device and even tools like MS Word and Adobe
eFax Corporate® has these benefits for faxing from your MFPs:
Sunset fax machines and servers
Increase efficiency in staff workflows
Increase fax security
Enhance compliance & reporting
Reduce IT headaches of fax infrastructure
… and enjoy peace of mind.
Now let’s discuss a use case of an actual eFax Corporate customer, a healthcare provider, whose business depends on sending approval requests to their patients’ insurance companies, most of which demand these requests be sent by fax.
The firm needed a more secure and less cumbersome method for sending these faxes – and to help ensure they’d meet with HIPAA and another federal regulatory standards for transmitting ePHI or other sensitive personal data.
The company implemented our fax API, eFax Developer – and created a secure fax process from the cloud. The company can now fax from anywhere — computers, smartphones, and also directly from their multifunction printers — in a way that’s secure, reliable and HIPAA compliant.
And here’s a real-world case study of a law firm that has many locations — and maintained fax servers and fax machines onsite at several of them.
The firm already had several Multifunction Printers at these locations as well, so by deploying eFax Corporate®, they were able to retire their fax machines, servers and related telco lines. And the firm’s lawyers didn’t lose any of their fax capability, which is a vitally important part of their business.
One final example of an eFax Corporate customer — this time in the financial services industry.
This firm was able to save on follow-up calls to clients to ensure they received their faxes, which the firm often had trouble delivering with their desktop fax machines.
All because our MFP faxing feature sent employees delivery confirmations by email, and then stored all of this usage detail online so any authorized employee of the firm could check anytime on faxes delivered successfully.
Did you know you can improve your organization’s compliance by moving to cloud-based faxing with eFax Corporate?
Yes, our enterprise cloud fax service, designed with the decades of real-world experience to help businesses comply with federal regulations like HIPAA and SOX, can help you address the many compliance related to:
Using desktop fax machines and fax servers
Your employees using mobile devices, or “end points,” to fax sensitive corporate data
Encryption protocol issues – such as determining whether SSL or TLS are the right protocols to employ?
Keeping your fax documents protected at rest and in transit
So, why eFax Corporate? Several reasons:
No hardware, software or dedicated fax lines to buy, install, maintain, or upgrade.
Choose a number from 4,600 cities worldwide.
Scalability is a snap, with virtually unlimited capacity and bandwidth-on-demand.
The network is multi-redundant, for enhanced security and reliability.
There are continual technology upgrades and 24/7 system support.
Another key differentiator about eFax Corporate® is that faxing is our core business.
eFax Corporate® has a geographically dispersed, global network with Tier III and Tier IV colocations, providing a 99.5% uptime, rapid delivery times and unparalleled transmission security.
Now let’s turn the conversation over to you, and address your questions.
Hello and welcome to today’s Webinar, “Maximize Your MFPs (or multifuction printers) With Cloud Faxing – Is Your Business Ready? Part 2.”
This is the second part of two-part series. If you joined us for Part 1, thank you again. If you were not able to attend the previous webinar, as we mentioned on the registration page you’ll receive a link to watch Part I on demand.
I’m Michael Flavin, Sr. Product Manager with eFax Corporate®. Our Brad Spannbauer could not be here today, but we are privileged to be joined by Peter Ely, Leader, Channels, Enterprise Marketing, also part of j2 Global®. Thanks for joining Peter!
For our agenda today, we’ll answer the questions, How does eFax Corporate® integrate with the MFP, and how to get it?
Next we’ll discuss what these features can do for your organization – in creating a single, integrated system for all of your document transmissions
We’ll also discuss how integration of your MFPs with eFax Corporate® can create streamlined and efficient workflows and eliminate unnecessary fax infrastructure
Then we’ll review some Use Cases with businesses== segments that rely heavily on fax as part of their business, such as legal and insurance
We’ll then discuss how integrating your fax processes with eFax Corporate® can enhance compliance
And finally, we’ll review why eFax Corporate® is a solid candidate for outsourcing to the cloud
We’ll conclude with a Q&A, where we turn the discussion over to your questions.
As we discussed in Part 1 of this webinar series, Multifunction Printers (MFPs) are a great way to increase productivity and improve workflow from an existing asset. Because most IT organizations aren’t fully maximizing their MFPs, we see these improvements as low-hanging fruit – because these features can be deployed quickly and cost-effectively, without adding any additional hardware.
We discussed in Part 1 the many reasons that fax is still a necessary business technology, and will be for years to come.
But I wanted to give a quick, 1-minute review of those reasons — because there’s a common misconception in business that fax is on its way out. Briefly, here’s why businesses still need fax capability…
There are compliance needs. What if communication modes your business is using, such as email, are not in alignment or puts your business at risk with industry privacy regulations such as HIPAA, GLBA?
There’s often the need for document traceability. What if you need a clear and complete audit trail of every transmission?
And there are often market demands. What if your customers or partners demand a fax, or need to send one to your organization?
There are Security Requirements. What if your document contains sensitive data and needs additional layers of security only a secure fax can provide?
17 million MFPs were sold in 2014, according to a report from research firm IDC. By the way, these MFP makers shown here represented the top 5 brands for 2014.
Okay, so let’s get into the specifics of eFax Corporate’s MFP Fax Direct feature, and how it can help you improve employee workflows, boost staff productivity — and, perhaps just as important, relieve you of some of the IT headaches associated with your current faxing process.
We’ll get into some specifics of how eFax Corporate®’s MFP feature can help you optimize workflows and increase the ROI from your existing MFPs, but for now… just a quick overview.
Our MFP faxing feature essentially lets your staff fax right from the “glass” of your existing MFPs.
It’s simple. You place a paper fax onto your printer and use the printer’s control panel to send it. eFax Corporate® converts the fax to an electronic file — PDF, TIFF or other format — and sends it to your recipient’s fax number, where it appears as a standard fax.
eFax Corporate® logs all relevant details of this transmission, emails you a delivery confirmation, and you then have the option to securely store the digital fax itself and the usage log in your eFax Corporate® cloud, so your organization has access to it anytime for auditing or compliance purposes.
And in case you’re wondering just how simple it can be to eliminate your fax machines, fax servers, telco lines and all of the IT hassles that go with them, here’s a visual explanation of what happens when you use eFax Corporate® with your MFP.
You go from this… a complicated IT network of in-house managed fax machines and fax servers…
To this… a fully hosted cloud fax model where all management and upkeep of your fax infrastructure is outsourced to a team of professionals.
It’s easy to integrate your MFPs into your eFax Corporate® cloud faxing service — and eliminate your legacy fax hardware.
In essence: creating a single, integrated system for all of your fax and document transmissions, while eliminating significant IT overhead and pain points of maintenance, support, fax machines, fax server, telephone lines – things that can bog a business down.
So, the question we get from a lot of IT managers, CIOs, or business owners: how much work is the integration or migration to cloud faxing and faxing from your MFP?
Well - here’s how fast and easy it is to extend the capabilities of your MFPs to include cloud faxing.
So, the question we get from a lot of IT managers, CIOs, or business owners: how much work is the integration or migration to cloud faxing and the MFP Fax Direct Feature?
STEP 1: Set up eFax Corporate cloud fax account.
STEP 2: Make sure your office MFP is Internet-connected or ready.
STEP 3: Make sure your MFP can send or receive email, either with its own email address or using an external address.
And that’s it! As soon as you set up your eFax Corporate® account, your staff can start sending paper faxes right from your MFPs.
What a lot of companies we talk to didn’t realize is that moving to a cloud fax model enables faxing from ANY end point – as long as it has internet connectivity and you’ve setup an account, you can send and receive faxes electronically as emails. Training is easy because if users can send email they can send a fax and again, when sending those wet ink signatures or business requires paper fax, send from their MFP.
Let’s review the standard scenarios for integrating cloud fax capability with an organization’s existing MFPs. You can use this walkthrough to find the scenario most appropriate to your company’s needs and circumstances.
Our first scenario, this is typical of the setup in a small office, say a small legal practice or real estate office where a desktop or consumer type MFP is being used, often shared by the office. In most cases, the MFP has an email address assigned to it by the manufacturer, with emails routed through a cloud email service managed by the vendor. Usually messages sent to the MFP’s email address will be printed automatically.
The second scenario involves the use of a larger MFD, usually one of many located within a larger office or across an enterprise. These devices are often integrated more tightly into the organization’s network. In most cases, these MFDs will have an email address assigned by the network admin and will leverage the organization’s email infrastructure. The device may also have access to network shares for storing files. Messages sent *to* the MFD’s email address can be printed automatically or written to a storage directory. The MFD is not configured to require individual user authentication – anyone in the office can walk up and scan, copy, or print.
To set up the integration, create an eFax user account for the device, using its email address for sending and receiving. Faxes sent to the MFD’s fax number will be emailed to the printer for automatic printing or storage to a SAN for example. When sending, use the “scan to email” function on the MFD, then address the outgoing email as normal when using eFax: firstname.lastname@example.org.
However, like the desktop solution, this configuration doesn’t provide delivery confirmation receipts to individual senders, nor does it offer granular reporting or usage tracking.
In the third scenario, the MFD has an even tighter integration into the organization’s network. In addition to an email address on the organization’s email server, the MFD will also be tied to the Active Directory or LDAP server for user authentication. The MFD is then configured to require individual user authentication – users in the office must log in on the device before they can scan, copy, or print.
When sending, users log in to the MFD and use the “scan to email” function on the MFD, then address the outgoing email as normal when using eFax: email@example.com. Unlike the previous scenarios, the emails appear to come from the user themselves, not from the printer, and are thus tied to each individual’s eFax account.
Our final scenario is designed for organizations that want to allow any user to send a fax with detailed usage tracking and delivery confirmations, but without the requirement of an eFax account for each user. (e.g. AD or LDAP).
To set this up, create an eFax account for each MFP in the organization, making sure to use the device’s email address. To send a fax, use the scan to email function, but instead of the standard address – firstname.lastname@example.org – your users will include additional parameters in the recipient address. These parameters allow users to specify their OWN email address for the delivery confirmation (they can enter their own email address), select a custom cover page, or supply a client matter or departmental billing code.
This is a great use case for employees who do a lot of faxing because many MFPs allow for programmable hot keys – or programming this SMTP info into memory as a memorized address – more about that in a moment.
So, after faxing, the delivery confirmation is emailed directly to the sender, while the email address and billing code are stored in the usage logs, allowing granular reporting, usage tracking, and an enhanced audit trail. With this feature, we’ve reduced the administrative overhead, while giving every user in the organization a customizable outbound fax solution.
Now let’s walk through some use cases.
First, we’ll apply some actual use cases and delve a bit more deeply into the ‘how’ of configuring an MFP to integrate with the eFax® Corporate. We will use the enterprise example Michael mentioned , giving you overview of how to configure your MFP so that your users can fax directly from the MFP glass AND can also take advantage of customizing options – things like custom cover pages, return receipts, client matter or billing codes, amongst others.
Next we’ll review two specific examples - how businesses in the legal and insurance industries have used this feature to solve some of the business workflow inefficiencies associated with fax.
As mentioned, integrating your fax process with cloud faxing through eFax Corporate® is a great way to simplify your business workflow — creating a one-step process — by faxing directly from the MFP glass.
For example, in healthcare – the need to send ePHI to pharmacies or insurance companies for further action. This must include ePHI disclosure page (cover sheet). The MFP configuration can be setup so this is done with a single push of a button process (set up by a Sys Admin), and includes a custom cover page and Confirmation receipt automatically — a step that’s critical for HIPAA compliance and great for audit trails — and better patient care.
Let’s walk through a sample configuration given Michael’s example.
As discussed earlier, you’ll first need to setup an eFax® account; have an MFP that’s network-ready, and use the existing email of the device – or assign an email to it. With your eFax Corporate® account, from your Admin Portal simply setup this printer as a ‘user’. If needed, our great support staff can help you with this setup for all of your organizations' devices.
This is also where you can upload custom cover pages for use from the MFPs with the one time help of the administrator.
Note: mandatory fields are the + sign
Admin must set the users and the MFP.
In the Enterprise integration scenario, using the Enterprise Integration, anyone can walk up and send a fax. It just depends on what’s best for your organization.
For number s that will be sent to frequently, you’ll want to enter this info into the MFP user interface. This is an example screen – other MFPs will have a different UI or flow, but your IT support or administrators can add this in for your organization.
In this case, you’re leveraging the MFPs ‘fax to email’ functionality.
Once the fax number is added to the MFP’s address book and shown as “hot buttons” on the printer control panel any user can walk up and send a fax directly from the glass. As shown in the entry in green, this address entry can include the triggers for including a custom cover page and return receipt address — so it only has to be entered once as you initially configure the MFP.
In this scenario, the administrator programmed in the fax number@efax send, also added in a custom cover page called ‘WGCP1’ (which stands for work group copier 1) , and the return address email@example.com.
So this user is setup to send this from the address book of the MFP – faxing directly to the cloud with the touch of a button.
Now let’s consider how some typical organizations in the business world are using the MFP Fax Direct feature.
By example, we work with half of the law firms in “The American Lawyer (ALM’s) top 100, who rely heavily on our portfolio to send faxes worldwide.
This particular customer uses eFax Corporate® with optional TLS encryption enabled to send documents on behalf of their clients to the courts.
Let’s drill down a little bit….
One of our top 100 law-firm customers has 19 locations, and wanted to solve for automation of the process so that administrative assistants or paralegals could send documents to the same court with a touch of a button, accompanied by a custom cover page, a confirmation receipt (to ensure timely filings of appeals) and done so in a highly secure manner to protect client confidentiality.
In this case, the firm programmed in what you see in the green
2) ra=john :admin to trigger the return address confirmation receipt
With this, once the firm has scanned in and sent the fax document via MFP, the audit trail will be easily traceable along with the confirmation receipt – a critical piece to law practice operations. Administrators have the option to copy the return receipt to a share folder or storage area network for future retrieval as well.
In the insurance industry, many of our clients rely heavily on faxing for authorizations, medical claims or transmission of other protected health information. This involves the critical elements of security, compliance and confirmation/audit trails.
In this example we’re looking at one of our insurance clients that uses fax to send authorizations to their associated Providers for surgeries.
This particular insurance firm sends ePHI – known as electronic protected health information and protected under HIPAA - to a given surgery center, multiple times each day.
Their goal was to automate this process and enhance security, as their original mode of communications may not have been aligned with HIPAA.
Typical examples of misalignments, not for this Client but in general are faxes without specific PHI disclosures on the cover page, or faxes lying in the open exposed to PHI breach
These both may trigger reportable events under HIPAA.
Automate the process of sending signed hardcopy authorizations to surgery center each day — ideally with “the touch of a button.”
Each fax will contain patient PHI
Each fax will contain ePHI disclosure
Each fax needs a custom cover page
Transmission must be encrypted — per HIPAA!
Using eFax Corporate, and with the optional TLS configured, the Insurance Administrator is able to send many fax authorizations to the surgery center every day by simply dropping them on the MFP, scanning them, and then utilizing the memorized MFP fax address configured to do this – a great time saver which also helps enhance compliance.
Here, a custom cover page was generated, disclosing the ePHI that’s being transmitted to the receiver; a confirmation receipt is set to be sent to the sender, and a copy is also sent to the secure folder on their exchange server, managed by their systems administrator.
In summary – businesses and enterprises can enjoy the benefit of a single, integrated system for all fax documents…
…with the added perk of eliminating unneeded and dated fax infrastructure – commonly a pain point for IT staff or business owners.
We also discussed how new customers and existing clients are pleased to get more use out of their existing MFP investments, while improving workflows and compliance!
All by moving to a cloud fax solution with eFax Corporate.
Now I’ll hand it back over to Michael to wrap up.
Businesses in virtually every industry, particularly those that need to send highly sensitive material by fax or that are heavily regulated by data privacy laws, choose eFax Corporate® as their Secure, Compliant Online Fax Solution. They do so for the following reasons:
Compliance and audit capabilities.
Scalability of their fax infrastructure — up or down, as often as they need.
Redundancy and disaster recovery.
Another key differentiator: Faxing is our core business. eFax Corporate has a geographically dispersed, global network with Tier III and Tier IV colocations, providing a 99.5% uptime, rapid delivery times and unparalleled transmission security.
Now let’s turn the discussion over to you and answer your questions.
Meet the Speakers Michael Flavin Sr. Product Marketing Manager j2 Cloud Services Michael Pearson Chief Information Security Consultant Health Security Solutions
Michael Flavin Sr. Product Marketing Manager j2 Cloud Services Michael Pearson CISSP Cyber Hacking in Healthcare: Snapshot HHS Office for Civil Rights 1,199 incidents 41.5 million individuals FBI warnings to industry: “The FBI has observed malicious actors targeting healthcare related systems…for the purpose of obtaining Protected Healthcare Information (PHI)” Top 5 Health Data Breaches in 2014 7.4 million individuals affected Data Breaches Year to date 90+ million individuals affected Huge change in scope 1,800%! increase from 2008-2013
Sources of a Breach ORGANIZED CRIMINAL WELL-MEANING INSIDER MALICIOUS INSIDER
Stages of a Breach
CAPTURE Access data on unprotected systems Install root kits to capture network data
DISCOVERY Map organization’s systems Automatically find confidential data
INCURSION Attacker breaks in via targeted malware, improper credentials or SQL injection EXFILTRATION Confidential data sent to hacker team in the clear, wrapped in encrypted packets or in zipped files with passwords
Six Best Practices for Securing ePHI Using the SANS Security Model and HIPAA Compliance
• SANS Security Model provides a good framework for protecting, storing and transmitting ePHI – focus on security!
• HIPAA Compliance does NOT equal a plan secure PHI
• IT Executives must balance security, data protection and training with conduct of regular business
SANS Security Model Defensive Wall 1: Proactive Software Assurance - Application Security Skills Assessment & Certification
ANS Security Model Defensive Wall 2: Blocking Attacks: Network Based - IDS/IPS, FW, MSS
SANS Security Model Defensive Wall 3: Blocking Attacks: Host Based - Endpoint Security, NAC
SANS Security Model Defensive Wall 4: Eliminating Security Vulnerabilities - Vulnerability Management, Patch Management, Penetration testing.
SANS Security Model Defensive Wall 5: Safely Supporting Authorized Users - Encryption, VPN, DLP
SANS Security Model Defensive Wall 6: Tools to Manage Security and Maximize Effectiveness Log Management, SIEM, Training, Forensics Firewalls Are Not Enough NIDS Monitoring NIDS Monitoring
- Botnet C&C Detection NIDS Monitoring - Watchlist Detection NIDS Monitoring NIDS Monitoring - Botnet C&C Detection NIDS Monitoring - Watchlist Detection Firewall Logs Associated with IDS Alerts NIDS Monitoring NIDS Monitoring
- Botnet C&C Detection NIDS Monitoring
- Watchlist Detection Firewall Logs Associated with IDS Alerts Firewall Logs
- Scan Detection Firewall Logs
- Botnet C&C Detection Firewall Logs
- Backdoor Detection Firewall Logs
- Anomaly Detection Firewall Logs
- Watchlist Detection NIDS Monitoring NIDS Monitoring
- Botnet C&C Detection NIDS Monitoring
- Watchlist Detection Firewall Logs Associated with IDS Alerts Firewall Logs
- Scan Detection Firewall Logs
- Botnet C&C Detection Firewall Logs
- Backdoor Detection Firewall Logs
- Anomaly Detection Firewall Logs
- Watchlist Detection HIDS Alerts OS / Application / Database Logs Endpoint Protection Alerts Average: NIDS Monitoring ~32% Good: NIDS Monitoring + Core Firewall Monitoring ~50% Better: NIDS Monitoring + Firewall Advanced Analysis ~80% Best: NIDS Monitoring + Firewall Advanced Analysis + HIDS + LMS + MEP Approaching 100%
What are the Threats? Technology Impacting. - Security Architecture – Firewalls, Anti-Virus - Unpatched Client Side Software and Applications - Advanced Malware and Ransomware - Accessing Malicious Website
What are the Threats? Technology Impacting. - Poor Configuration Management - Cloud Computing/Storage - Unencrypted ePHI and Removable Media - Mobile Devices, aka BYOD - Botnets - Phishing
What are the Threats? Business Impacting. - Marketplace Reputation and Customer Loyalty - Liability - Legal costs - Credit assistance for customers - Training, call center triage - Fraudulent charges - Stock price, earnings, etc. - IT Resources
Most Common Pitfalls - Risk Assessment - Lack of Accurate Data Inventory/Controls - Audit logs (critical for compliance and root cause) - Humans - “Accidents happen” - Social Engineering and - Security Awareness Training
Most Common Pitfalls - Missing Policies and Procedures - Incident Response Team and Plan & Audit Trail
Most Common Pitfalls - Password Security (may overlap with 3rd Party vendors) - 40% have a password from the top 100 - 79% have a password from the top 500 - 91% have a password from the top 1000
Why do Compliance Mandates get More Complicated? Compliance - Security - Compliance is the output of post-mortem – Some organization did not secure their data, and now everyone else must deploy solutions, software, policies, and guidelines - Compliance will always be a step behind the latest threat
Faxing in HealthcareToday - Trends - Faxing is still a widely used, especially in highly regulated industries such as healthcare, finance, legal (1) - Trend is toward cloud faxing from on premise faxing - Cloud faxing offers a secure, reliable way to send ePHI and to covered entities or business associates, enhancing HIPAA Compliance
Email, Secure Browser, Mobile App & eFax Messenger User Interfaces TLS Encrypted in Transit Hosted Fax Service Encrypted Fax Storage via eFax Secure (optional) PSTN Telco Service Inbound/ Outbound Faxes The world’s #1 online fax company – and the industry’s most experienced hosted fax service - The most widely deployed online fax service for the Fortune 500 - Trusted by more major healthcare, legal, financial and other highly-regulated firms than any other online fax provider to transmit sensitive documents
Product Spotlight: eFax Secure™ - Secure: TLS encrypted transmission and storage of ePHI data to enhance security and HIPAA compliance – encryption at rest and motion - Reduce costs – eliminate cost of physical fax servers, phone lines, and enhance compliance with routing to specific user’s email - Improve your overall communications with our highly redundant network delivering 99.5% up-time SLAs and unparalleled transmission security - Tier III or IV colocations for servers with high redundancy and fail over capabilities
Helpful Links - SANS Security Model - DHS HIPAA Security 101 for Covered Entities - DHS HIPAA Security: Physical Safeguards -enterprise.eFax.com - Recorded slides of this presentation - Whitepaper: “Is Cloud-based Faxing Right for You?”
Q&A - Visit us at enterprise.eFax.com - Visit us at HIMSS Booth #7756 - Email: - Michael Flavin: - Mike Pearson: firstname.lastname@example.org
1. HIPAA IT Pitfalls to Avoid in 2015 Understanding Compliance & Exceptions Brad Spannbauer Director, Product Development eFax Corporate®
2. The information provided in this presentation does not constitute, and is no substitute for, legal or other professional advice. We strongly encourage you to consult your own legal or other professional advisors for individualized guidance regarding the application of the law to your particular situations, and in connection with any compliance-related concerns.
3. Are you HIPAA compliant or not? Do you have a HIPAA Compliant Fax Solution?
4. Today’s Agenda • 7 common incorrect HIPAA assumptions • Putting it all together: – The Conduit Exception – The BAA: Does it transfer your responsibility? – The Encryption requirement • So, are you compliant or not? • Q & A
5. Document Concerns
6. More Questions Than Answers?
7. HIPAA Misconception #1: Our vendor’s service is HIPAA compliant… so we’re HIPAA compliant.
8. HIPAA Misconception #2: Our vendor signed a BAA… so we’re covered.
9. HIPAA Misconception #3: We don’t use cloud services… because they’re not secure.
10. HIPAA Misconception #4: Our corporate policies restrict access to PHI… so we’re in compliance.
11. HIPAA Misconception #5: We use an in-house fax server, so our transmissions are… secure behind our firewall.
12. HIPAA Misconception #6: Our EHR system has a well-documented audit trail… so a document-sharing policy would be redundant.
13. HIPAA Misconception #7: Our email provider offers TLS encryption… so we’re secure sending email attachments. Right?
14. Putting the Pieces Together
15. Fax for PHI
16. Putting It All Together The Conduit Exception
17. Conduit Exception Scenario #1: Hosted Fax Without Archiving The Conduit Exception
18. Conduit Exception Scenario #2: Hosted Fax With Archiving The Conduit Exception
19. A BAA Doesn’t Transfer Responsibility to Your Vendor. It Means You Share Responsibility.
20. We Recommend Sending Encrypted Notifications, Not Documents HOSTED FAX
21. Consider Data Encryption to be a de facto Requirement It’s definitely Best Practice
22. Data Security is Key for Patient Records Both at Rest… and in Transit
23. Next Steps • Read “7 HIPAA Compliant Assumptions” http://www.hitechanswers.net/7-hipaa- compliant-assumptions-can-trip/ • Whitepaper: “Is Cloud-based Faxing Right for You?”
25. Thank you for your time.
This webinar explains the evolution of fax and core capabilities that online faxing offers today’s law firm. Join us for an informative discussion on how fax has evolved in recent years from a stationary, stand-alone device to a robust portable service that allows you to sign, send and receive contracts and documents from anywhere.
In this ever-changing world of business technology, your organization is faced with making choices between the old and the new – weighing big and small decisions to maintain, replace and upgrade the technologies that help to support and grow the core business. While you have seen many technologies and processes get replaced and quickly forgotten about, one legacy technology seems to persist: faxing.
Faxing remains prevalent in our daily processes with clients, vendors and partners. But this does not mean we should still fax the old fashioned way – the least efficient, most costly, least reliable way – the fax machine.
Unplug Your Fax Machine - Legal Faxing Services
Tim Dubes Sr. Marketing Manager
It’s been a tough year for fax machines. World Leader in Internet Faxing
#3: Elvis Dumervil loses $8M contract because of late fax.
#2: Faxes could cost small business owner up to $48 Million
#1: Kim Jong-un Sends Fax Threat to South Korea
Let’s play Word Association…
Fax? Why don’t you just send it over on a dinosaur?
Why have a fax machine at all?
17,000,000 active fax machines in the US 350,000 bought in the last year alone! (No, we’re serious.)
Slow. Busy Signals. No paper. Paper jam. They do nothing else.
So… why have a fax machine?
Cell service Word processor Voicemail Broadband
Fax technology is… FLEXIBLE SECURE
Hosted fax services offer… FAX More Control More Security Lower Expenses No Hardware World Leader in Digital Faxing
Sending & Receiving Faxes in the Cloud
• No hardware, software or dedicated fax lines.
• Choose a number from 4,600 cities or a US toll-free number
• Easy scalability • Enhanced security and reliability
• Continual technology upgrades and 24/7 system support
Cloud fax services offer… FAX Best of fax:
• Audit trail • Connectivity to fax machines
Enhanced regulatory compliance Best of email:
• No paper
• No waiting
• No phone lines
• Connectivity to PCs & smart phones
• Recorded slides of this presentation
• Article “2014: Is this the year you finally get rid of your fax machine?”
“Is Cloud-based Faxing Right for 30 You?”
In this ever-changing world of business technology, your real estate office is faced with making choices between the old and the new – weighing big and small decisions to maintain, replace and upgrade the technologies that help to support and grow the core business. While you have seen many technologies and processes get replaced and quickly forgotten about, one legacy technology seems to persist: faxing.
1. Unplug the Fax Machine
2. Unplug the Fax Machine Tim Dubes Sr. Marketing Manager World Leader in Secure Fax
3. 2013 was a tough year for fax machines.
4. #3: Elvis Dumervil loses $8M contract because of late fax.
5. #2: Faxes could cost small business owner up to $48 Million World Leader in Secure Faxing
6. #1: Kim Jong-un Sends Fax Threat to South Korea
7. Let’s play Word Association…
11. Email! World Leader in Digital Faxing
12. Fax? Why don’t you just send it over on a dinosaur?
13. Why have a fax machine at all?
14. Why have a fax machine at all?
15. 17,000,000 active fax machines in the US 350,000 bought in the last year alone! (No, we’re serious.)
19. Slow. Busy Signals. No paper. Paper jam. They do nothing else. World Leader in Cloud Fax
20. So… why have a fax machine? World Leader in Secure Faxing
21. World Leader in Internet Faxing
22. Cell service Word processor Voicemail Broadband World Leader in Online Faxing
23. Fax technology is… FLEXIBLE SECURE
24. Hosted fax services offer… FAX More Control More Security Lower Expenses No Hardware
25. Sending & Receiving Faxes in the Cloud
• No hardware, software or dedicated fax lines.
• Choose a number from 4,600 cities or a US toll-free number
• Easy scalability • Enhanced security and reliability
• Continual technology upgrades and 24/7 system support World Leader in Cloud Faxing
27. Hosted fax services offer… FAX Best of fax:
• Audit trail
• Connectivity to fax machines
• Enhanced regulatory compliance Best of email:
• No paper
• No waiting
• No phone lines
• Connectivity to PCs & smart phones
• Portability World Leader in Digital Faxing 27
28. eFax Corporate Demo
29. What’s next?
• Recorded slides of this presentation
• Articles and Whitepapers:
• Scotsman Guide Article: “Focus on Faxing”
• MorgageOrb Article “Retire the Fax Server and Head for the Cloud”
• Whitepaper: “Is Cloud-based Faxing Right for You?”
• Whitepaper: “A Real Fax Solution for Real Estate”
•eFax World Leader in Digital Faxing
There is always a difficult tipping point when it comes to technology, and when you have to forget about the large investment you made several years ago in a device or software application and face the harsh reality that it has outlived its usefulness.
Fax Servers have reached the tipping point. This presentation discusses the decision to replace fax servers with a hosted cloud fax services.
1. Is it Time to Retire Your Fax Servers to an Enterprise Fax Service?
2. All skills and resources… In sports, business and all areas of life, skills diminish. Kareem Abdul Jabbar, center for the Los Angeles Lakers, played 20 years, 19 time all star, 6 time MVP, 6 time NBA champion. When Kareem was in his prime, he was graceful, intimidating, and unstoppable on the basketball court.
3. … eventually diminish. But by 1989, Kareem’s last year in the NBA, he lagged behind, playing less, and becoming the fourth scoring option on the team and a liability on defense. It just goes to show that in sports—and technology and in life for that matter, Resources that you once depended on… can no longer do what you need them to do. Better options become available, and the old reliable system becomes too expensive to maintain.
4. “We can print right here in our office!” “You won’t believe where I’m emailing you from.” Just as Kareem was indispensable to the Lakers in the 1980s, so were dual floppy pcs, wheel impact prints, and blackberry email solutions to business productivity in the past 20 years. I bring up Kareem and reflect the parallel between his career – he was indispensable to the 1980s show time Lakers—and the technologies that I have used throughout my career.
5. “What did that thing do?” But progress is inevitable. One day, a fax machine like this will look as old as these forms of communication do for us… But would they be smart decisions today?
6. Innovation in Documents & Music Hieroglyphics and Victrolas… Amazing advancements for their time… 5,000 years ago some Neanderthal got the notion to associate characters with meaning and chisel it into a rock… Thomas Edison invented the phonograph in 1877, recording sound using a needle and a rotating cylinder… These things did not represent the invention of documents and music, but were responsible for incredible advancements in their day.
7. More than a decade ago, the media hailed email as the end of fax. Paper was bad, it was reasoned, and email would quickly drive faxes and other paper-based documents to their demise.
8. The Devices Evolve But think about it: wouldn’t it have been ridiculous in 1980—the year Kareem won his second NBA championship by the way—to suggest that music was going away because 8- tracks and cassette tapes were being supplanted by CDs? We all know that it wasn’t music itself that was dying…
9. Just Disco.
10. But the demand for music remains. Dark Ages Middle Ages Our Age The Devices Evolve Like the need for music, transmitting documents securely and quickly remains a critical business need. And like music, the devices continue to evolve. Let’s put these devices and the mediums they represent into a bit of a time perspective:
11. Wall Street - 1987 Here billionaire Gordon Gecko is using the latest mobile phone technology to explaining to Bud Fox how the financial world operates. Money never sleeps! When we saw this scene a quarter-century ago, would any of us have guessed…
12. Greed is Good… that what we were really looking at was the future of portable music?
13. As exactly no one predicted, the future of portable music didn’t come from the Walkman…
14. But instead from the mobile phone. And any futurist who says that they predicted this phenomenon is using revisionist history. The big brick mobile phone was not a multi-tasker.
15. And so it goes with fax. This same separation of media and device applies to fax technology.
16. And so it goes with fax… Would you believe that the thermographic fax was invented in 1846? More than 30 years before Edison invented the phonograph and, interestingly, 30 years before Alexander Graham Bell invented the first practical telephone…there was fax.
17. And so it goes with fax… In the late 1970s fax machines became a mass market product. Eventually their popularity waned…
18. And so it goes with fax. And so in the 1990s fax was incorporated into Multi-Function Devices. Plain paper faxing and all in one devices put fax in the department and eventually at the desktop.
19. But People were still frustrated by waiting in lines, paper jams, poor image quality, slow transmission times, and they expressed their frustration openly, as the workers in the movie Office Space demonstrated.
20. At the same time, on the corporate side, to handle high-volume enterprise faxing, dedicated fax servers were placed in network server rooms… which centralized document rasterization and leveraged multiple phone lines in a trunk structure. The model of one phone line–one fax machine…at least in the corporate world…became an obsolete model.
21. Fax servers made some aspects of fax communications management much easier, lowered the time consumption associated with it, and reduced the number of paper documents hanging around the office.
22. The Internet Changes Everything At least for the companies that could afford the large price tag associated with them. So why might fax servers be the next obsolete technology that bogs down your organization? VoIP is the paradigm-changing technology.
23. In the mid 2000s VoIP went mainstream, meaning voice quality was acceptable over the Internet. VoIP became the de facto standard for business telecommunications in companies large and small. The benefits included cost savings, easier administration, and global applicability. You didn’t need a PBX or analog phone lines to make business calls.
24. This change brought a new problem to fax: the need to attach fax boards directly to analog or T1 digital telephone line made VoIP deployment more complicated and expensive than it needed to be.
25. Telephony and Fax Since its early mainstream usage, corporate fax has always been associated with telephony. Your company had a PBX system for managing calls and separate dedicated lines or trunks to transmit faxes.
26. So as VOIP came about, companies were faced with a choice: leave the fax server as the only service still connected to legacy analog telephone lines, or move the fax server to the Internet as well, requiring new gateways, software and implementation services.
27. FoIP t Sending Fax Machine Gateway TR1034-based Fax Server Receiving Fax Machine IPPSTN End-to-End T.30 Protocol Management T.30 T.30 T.38 T.38 In turn, fax-server vendors needed to adjust, and so they developed FoIP –Fax over Internet Protocol and adopted a new transmission standard T.38 to supplant the T.30 analog fax standard. The business could keep its server blades and software onsite, but instead of multiple phone lines, faxes would now be encrypted and sent over the Internet. This is called “digital faxing.”
28. is to… is to… FoIP as… Analog fax phone lines The storage closet Logically FoIP follows VoIP It seemed to many IT professionals like the logical next step for their organization’s fax communications. Telco (PSTN) lines gave way to Voice over IP, so analog fax lines should give way to Fax over IP. However, this is not an optimal fax delivery method.
29. Remember the music... Until very recently, it was logical for you to guess that as the Walkman had evolved into the CD player…and digital music storage further evolved to a highly compressed format like mp3… the most popular model for portable music today would be the iPod and similar devices.
30. Music isn’t about the device But of course if you follow this logic, you’d be wrong. Like FoIP fax servers can send transmissions via the Internet, MP3 players can service the need for portable music from the Internet.
31. Streaming Content z The most popular way to enjoy music is to have it delivered over the Internet, and to play it on your smart phone—iTunes, Spotify and Pandora are all the growing backbone of the music delivery industry. Gordon Gecko had it right.
32. Cloud Computing And just as with music, with fax the device itself is not as important as the service. With a cloud or internet business fax, you can send and receive faxes over email or through a web browser – from your computer, tablet or yes, even your smart phone.
33. Cloud Fax Solutions The paradigm shift is not the device, it’s the delivery. You don’t purchase the music hardware and buy the music software, you subscribe to the music service and listen on any device you like. Similarly, fax has moved from a device that you buy, house and maintain… to an Internet- based subscription model. You don’t buy the fax server hardware, and pay for the transmission lines, you simply subscribe to the cloud service and pay for the use.
34. FAX SERVERS vs. INTERNET FAXING Centralized build or de-centralized? How many channels? Systems integration? NONE Multiple points of failure in architecture; labor-intensive diagnosis NONE No server back-up; expensive, complex expansions and upgrades NONE Coordination issues between email and fax server NONE Network redundancy / fault tolerance YES Ongoing administration, reports, maintenance YES Hosted Fax Service While underlying technology behind hosted fax servers and FoIP is the same, there are substantial differences when you look at how the service works and benefits. o no dedicated hardware, no software or paper are needed o no upfront investment or ongoing support and maintenance costs o Pay as you go
35. Now consider your current fax infrastructure….. Whether you’re still using traditional standalone fax machines or a fax server, it might be time to update your solution. https://enterprise.efax.com (888) 532-9265
36. You may not look as outdated as this fellow, but you might still be experiencing productivity loss and resource drains.
37. My Organization’s Fax Profile Here are some measurable self-evaluation questions: 1. How many faxes does my organization send on a typical day? 2. Is the load balanced or do we have peaks and valleys? 3. Do we have a backup plan for unexpected server downtime? 4. Is our organization distributed? 5. Is our telephony plan stable, or are we planning service changes? 6. What are our monthly fax expenses? (Incl. phone lines, ink, maintenance, etc.)
38. 1. How many faxes does your organization send each day? Once the infrastructure is in place the actual document flow goes unnoticed until the fax traffic strains capacity of the server. Fax servers require constant monitoring of system capacity and throughput to ensure the solution is right- sized for your organization. Is it Time to Retire Your Fax Servers?
39. Is It Time to Retire Your Fax Servers? 2. Is your fax volume constant or do you have peaks and valleys? Owning the equipment and infrastructure for faxing means that you need to purchase hardware and bandwidth that can accommodate your highest usage level. With large usage fluctuations, you may have faxing overhead, capable of a much higher volume than it is used for.
40. Is it Time to Retire Your Fax Servers? 3. Do you have a backup plan for server downtime? The adage “failing to plan is planning to fail” is familiar to IT directors. For fax servers, it is advisable to have a second back-up server and a rerouting option for telephony issues, expensive components, because faxes are quite often time sensitive transactions. If you don’t have a backup plan with appropriate service outage contingencies, business-critical documents may be delayed or go undelivered.
41. 4. Is your organization distributed? If you have remote salespeople, work from home employees and/or multiple office locations, then having fax services in one location may not be the most efficient—or most reliable— system for you. Is it Time to Retire Your Fax Servers?
42. Is it Time to Retire Your Fax Servers? 5. Is your telephony environment stable or dynamic? With sound quality equal or exceeding equivalent public switched telephone networks (PSTN), Voice over Internet Protocol (VoIP) for voice communications has been adopted by over 80% of companies. However, if you have already made the switch to VoIP—or are in the process of doing so—continuing to support an in-house fax server will mean maintaining otherwise unnecessary telephony costs.
43. Is it Time to Retire Your Fax Servers? 6. What is your cost for each page faxed? Measuring the costs can be convoluted: hardware and software maintenance, electricity, telephony lines or IP gateways, employee time for maintenance and management. Similarly, your actual cost per transmission may higher than you would suspect. With hosted fax services this number is much easier to obtain and control.
44. Once you have a better understanding of your own fax environment, you can consider the benefits of a hosted fax solution, with features and integrations suited to your needs. Sending or receiving faxes can be initiated from the applications that end-users already use, including Microsoft Outlook or Office, or even from Enterprise-wide systems like SAP, easing the implementation (minutes to a couple of days).
45. A hosted service can accommodate Desktop faxing—typically individual transactions to and from individual users, Production Faxing--Sending the same document to thousands of recipients simultaneously, and Application Faxing—API for sending or receiving customized template documents to thousands of recipients.
46. There are many other features that can be selected to accommodate transport security, fax archiving, and mobile devices.
47. Is it time to retire your fax servers? I’ll leave that for you to decide, but at least now you know that there are newer technologies available that offer a practical solution to transmitting documents.
48. Thank you for your time.
Welcome, and thank you for joining us for our webinar today, “Cloud Considerations for SAP NetWeaver Integration and Faxing”.
I’m Peter Ely. I’m currently responsible for the Enterprise Partner Program for j2 Cloud Services, I am a 28-year technology veteran, having held senior executive positions looking after presales, product management, product marketing and technical evangelist teams across two continents and three countries in the telecommunications and data networking arenas.
For our agenda today, we will be covering SAP Integrations: How are third party applications doing it today? We will also look at 10 tips to enhance the security of your SAP implementation, key questions to ask any third-party cloud vendor and how the eFax Corporate® SAP Connector 2.0 enables secure faxing.
First, A little housekeeping before we begin. The information provided in this presentation does not constitute, and is in no substitute for, legal or other professional advice. We strongly encourage you to consult your own legal or other professional advisors for individualized guidance regarding the application of the law to your particular situations, and in connection with any compliance-related concerns.
So, how are organizations integrating SAP with their other business platforms and processes?
The primary mechanism is through SAP Netweaver — a technology platform developed by SAP to integrate a wide range of processes, software tools and databases into a company’s SAP systems.
SAP Netweaver is the mechanism eFax Corporate uses, for example, to integrate our enterprise customers’ cloud faxing directly into their SAP applications. I’ll discuss that more in a few minutes.
The most common scenarios are integration with a company’s CRM platform, integration with suppliers’ systems, and integration with third party-purchase order systems. Let me speak briefly about each of these use cases…
The most typical type of SAP integration is between a company’s ERP and CRM systems. An example of this might be integrating SAP with Salesforce, where a sales rep wants to quickly sync all relevant data of a new customer the company is onboarding. This might include financials and performance management, and the other functions SAP typically handles.
Another common SAP integration is with supplier systems — such as with RFPs or RFQs. When a request is created in a company’s SAP environment, often the company then needs to export the request to send it to all potential suppliers for bidding. Then these suppliers’ responses are then imported back into the company’s SAP environment. When SAP can be integrated into all of these suppliers’ systems, however, the company generating the request can greatly streamline its own efforts.
A third common scenario is integrating SAP with third-party purchase order systems. This also streamlines workflow because the employees generating purchase orders within their SAP environment can then immediately and seamless transmit these POs directly from SAP, rather than having to export them into another application for transmitting.
All of these can significantly streamline a company’s business processes and boost employee productivity — by removing several steps in everyday workflows, allowing an employee working in their SAP environment to accomplish many tasks from start to send without having to leave SAP.
But there are often challenges with third-party cloud applications before they can be integrated into SAP.
First, many cloud vendors lack the Software Development Kits (SDKs) to allow an organization to make the SAP integration quick and easy. So that’s something you should always investigate in a cloud application that purports to integrate with SAP — learn first how much work and resources such an integration will require of your IT team.
Second, and equally important, many cloud vendors simply do not offer the highest levels of security for your data stored on their cloud. Because integrating your SAP environment with a third-party cloud application will often mean transmitting sensitive corporate data back and forth between your on-premise SAP platform and a cloud vendor, you also need to investigate upfront what levels of security that would-be cloud vendor provides for your data while it’s at rest on their cloud.
Which offers us a nice segue into the recommendations from SAP itself for dealing with any third-party app into your SAP environment.
I am going to briefly cover a few of these SAP recommendations here, which come from the company’s paper – “SAP Guidelines for Best-Built Applications That Integrate With SAP Business Suite.” For further exploration of SAP’s guidelines for dealing with third-party integration, I recommend downloading the full paper. I have included a link to it here, which I’ll share with you at the end of this webinar.
One of the fastest and most effective ways to determine whether a third-party app will be reliable and secure when integrated into your SAP environment is to find out whether the vendor is certified to SAP’s standards.
SAP states early and often in its best-built-applications guide that wherever a software solution can be certified by SAP, then certification is recommended.
They further state that a vendor that simply follows SAP’s guidelines as they relate to its application is not the equivalent of an app that has actually attained certification.
So SAP certification is an excellent vetting or screening tool in your investigation for third-party app integration.
I’d also like to discuss a few more details SAP suggests you consider before integrating your SAP environment with any cloud service.
In its best-apps guide, SAP also lists a series of 15 product quality standards you should investigate before integrating any app into your SAP software.
I want to call your attention to 3 of these standards in particular…
First, performance — specifcally, scalability. You might not give this much thought when first deploying a cloud application that integrates into SAP, because your organization is focused on functionality and the app’s ability to streamline workflow. This makes sense. But you also need to be mindful of the longer-term implications: what if your employees do build this app into their everyday SAP usage, and at some point the cloud vendor simply cannot handle the data and bandwidth demands on its systems?
In this guide, SAP states that in practical terms this scalability and strong performance should translate to the vendor’s ability to handle many terabytes of data and to have a high-volume transactional and reporting load.
The second quality standard is security. This is a critical question when it comes to any cloud vendor that will be transmitting and storing your data on its cloud. You might assume that all cloud app providers protect their customers’ data at all times, as a matter of standard practice. But as security firm Skyhigh Networks found, only 9.4% of cloud vendors encrypt data stored on their cloud.
Given that so much of an organization’s data within its SAP environment is proprietary, regulated or otherwise highly sensitive, you first need to do your homework on the level of security you can expect from any cloud app integrated into your SAP.
… and , third, network availability and uptime. This is another item SAP recommends you investigate before integrating any cloud tool into your SAP environment.
Again, not something you’d necessarily think of when looking for vendors that supply a particular app you need for streamlining workflow or cutting costs or increasing the ROI of your existing SAP systems.
But keep in mind that your employees might well be processing and transmitting mission-critical corporate data over this cloud service, if it’s integrated into their SAP workflows. Given that, you need to know upfront that the vendor has process redundancies, a sophisticated network, guaranteed uptimes and other elements like this in its SLAs.
Now let’s take a step back and discuss this topic in broader terms. Whenever you plan to entrust you corporate data with a cloud vendor, you should first learn about the sophistication of their data security protocol.
So here are a few questions you would want to ask ANY would-be cloud vendor — before entrusting your data to their cloud. These issues are all relevant to an SAP integration, but also apply more generally to cloud services of all types.
First: how much responsibility, if any, will you take on for protecting our data?
Many cloud vendors take responsibility only for their physical infrastructure, and leave all obligation to their customers to secure their own data in terms of access and encryption.
As I stated previously, the cloud security company Skyhigh Networks found that fewer than 1 in 10 cloud vendors apply any encryption to their customer data stored on their servers.
You also need to know whether the vendor offers any guarantee in terms of making your data recoverable and accessible in the event of a disaster. Many do not.
It’s worth noting here that another of SAP’s best-app recommendations is that you find out first whether a cloud vendor has backup and recovery procedures in place for your data stored on their cloud. All of the security and encryption in the world won’t matter much if the cloud vendor you’re working with loses all of your data in a power outage or natural disaster — and has no backup process in place and no way to retrieve the lost data.
This is a crucial question to ask any cloud vendor upfront.
For an SAP third-party provider, first and foremost, you need to know if they are indeed SAP Certified, and if they are certified to the latest BC-SMTP standards for secure document transmission.
Then there are a host of other security and best-practice certifications you’ll be looking for.
If your vendor for credit card processing will be storing your data in an offsite data center, has it passed the SSAE-16 audit successfully — demonstrating it takes sufficient measures to address availability, security and confidentiality of data, utilizing robust SOC control reports? Also, does your company fall under regulations mandating that its data cannot leave the United States?
Is the vendor certified as PCI-DSS compliant, demonstrating sufficient data encryption and security processes? And has the vendor been reviewed and tested against the best practices of the ISO-27002:2013 Standards, meeting the International Standards Organization’s guidelines for information security management practices?
Finally, if your business is in a regulated industry — or if you merely handle Personally Identifiable Information (PII) or Protected Health Information (ePHI) for your clients — you will want to ask any cloud vendor on whose applications you will be storing such data, whether or not their processes are compliant with the relevant regulations, such as HIPAA, GLBA or SOX.
This might be the most telling answer you will receive when comparing third-party cloud vendors.
To this point we’ve been focusing primarily on technological security measures, such as encryption, and terms and conditions, including to what level a vendor will assume responsibility for protecting your data.
But the truly trustworthy and secure providers will have a host of redundant physical security measures in place wherever they store your corporate data. What separates the trustworthy vendors here from the lesser players is that physical, onsite security requires investment, infrastructure — and most cloud vendors simply don’t have it.
You’re looking here for measures such as onsite physical security guards at your vendor’s data center, ideally at the facility 24/7.
You also want authentication measures for access, such as badges, and even biometric readers like fingerprint or retinal scans. And you will want the facility under constant 24/7 video surveillance.
Finally, you’ll want storage redundancy — where, ideally, your data resides at two geographically distinct locations, with failover capability in the event that one data center experiences an outage or other disaster.
You will find that most providers simply can’t afford to offer this level of physical security for your data. But the ones who can… are probably worthy of your business.
So now I would like to introduce you to one such third-party application, which seamlessly integrates with SAP via Netweaver…
It’s certified to SAP’s latest BC-SMTP standards...
It was actually the first SAP fax partner in North America...
It has been smoothly and reliably working in the SAP environments of major corporations for many years...
And it checks all of the “recommended” boxes in the SAP Guidelines for Best-Built Applications.
It’s eFax Corporate SAP Cloud Faxing Integration Connector 2.0, an add-on component to the eFax Corporate enterprise cloud fax service.
So, how can you leverage this cloud faxing service to improve your business?
First, you’ll optimize and streamline your employees’ workflows
If your employees use fax regularly to send and receive key business documents — purchase orders, contracts, invoices, etc. — you can save them substantial time by removing the added steps required in a legacy fax environment: standing by an office fax machine for an anticipated incoming fax; or printing documents to be sent, taking the documents to an office fax machine or sending them to the in-house fax server, and waiting for the fax to be delivered.
With a cloud fax solution integrated into the SAP application they already use to generate purchase orders, bills of lading or other standard documents, you can empower your staff to simply click a “fax document” button to handle the entire process within their SAP environment. This includes auto-populating the fax recipient’s information, generating a customizable cover page, delivering the fax through the cloud, and even sending back a Delivery Status Notification (DSN) by email when the fax successfully reaches its recipient.
If your business does a high volume of faxing, this SAP integration can significantly streamline your business workflow, boost staff productivity and save your company money.
Second, you can boost the ROI of your SAP applications
Another benefit of integrating a fax-by-email service into your SAP environment is that it’s a great way to increase the ROI your business receives from your investment in those SAP tools.
Adding such a valuable, business-critical service as integrated cloud faxing can make your SAP platform substantially more valuable to your business over time.
Third, you’ll enhance your fax security and compliance, as we’ve already discussed.
Sending a fax from your SAP environment using eFax Corprate’s secure network, you can keep that data more secure than by sending it through traditional fax means — either as a piece of paper on an office fax machine or through an in-house fax server.
Fourth, you’ll save money and headaches by eliminating your legacy fax infrastructure
Finally, when you migrate your fax infrastructure to the cloud with eFax Corporate — and then embed our high-volume fax capability into your SAP applications — you will be able to stop paying to maintain onsite fax hardware, software and analog fax lines.
You will also be able to outsource all of the hassles inherent in maintaining that aging fax infrastructure, like troubleshooting problems with fax machines and rebooting crashed fax servers.
And one more benefit: With eFax Corporate you’ll enjoy more simplified, centralized fax management — including better data tracking, complete audit trails, the ability to create unique client billing codes, etc. — even from those faxes sent and received through your SAP environment.
Here’s how it works: the eFax Corporate fax-connector solution is deployed in your SAP environment, through SAP NetWeaver.
This means your employees can send and receive secure faxes directly from within any of their SAP applications — there is no need to export documents like invoices or bills of lading to another application or to print them before faxing. The entire process, including recording a full audit trail and receiving a delivery confirmation, can take place within your SAP environment.
SAP natively outputs your faxes as SMTP messages, which travel across the Internet directly to eFax, where we convert and process them to be delivered to your fax recipients. When the fax is delivered successfully, eFax sends a Delivery Status Notification (DSN) email back to the originating instance of SAP, where it can be routed to the proper module for your team to log the transmission for record-keeping and audit purposes.
As an eFax Corporate customer, your organization will maintain complete administrative control over all cloud faxes sent or received through your eFax account via SAP. This also helps control fax security because you will have control over all fax usage and can assign (and remove) faxing privileges on an as-needed basis.
It’s also worth noting here that eFax Corporate is SAP’s first certified fax-connector partner in North America, compatible with its latest BC-SMTP specifications.
And finally, our cloud fax service provides the most sophisticated encryption — Transport Layer Security (TLS) — to ensure your faxes remain secure from point of origin to delivery. When the fax is delivered successfully, eFax sends a Delivery Status Notification (DSN) email back to the originating instance of SAP, where it can be routed to the proper module for your team to log the transmission for record-keeping and audit purposes.
Let me talk briefly about eFax Corporate, and our j2 Cloud Services parent company.
eFax Corporate® is part of j2 Global®, Inc. – a cloud services company with significant enterprise resources and a global footprint: We represent the #1 cloud-fax solutions, and the solutions trusted every day by many of the world’s leading businesses — particularly large enterprise companies in the most heavily regulated industries, like healthcare.
eFax Corporate® is also backed by an unparalleled global, secure network, with 30+ colocations.
We are including in today’s webinar two helpful links that speak to Top 10 SAP Security and SAP Guidelines for Best Built Apps that Integrate with SAP.
With that, we thank you for joining us today for an informative discussion on Cloud Considerations for SAP NetWeaver Integration and Faxing.
If you need a single fax number or a fax solution for less than 10 employees, you can sign up online at www.efax.com.