This issue may be more theoretical than technical, but it is one that I need to do some research on and I appreciate any feedback from this esteemed community. If I have posted this in an inappropriate forum, I apologize and please direct me to a more appropriate forum.
I have developed Crystal Reports for years ( currently using version 10) but am new to Crystal Enterprise. My organization recently purchased Enterprise 10, and we will upgrade to version XI when the Linux version is available. With Enterprise, we will be able to distribute our reports and information to all our in-house and remote users (teleworkers). This will be a real boon for us. Our users will be able to view and print our reports (after supplying the proper login credentials of course) from anywhere via the web without having to install anything on their computer.
I have learned through a friend that a governmental agency (a county) is about to change their remote user access policies and procedures. Teleworkers there currently use a county-owned “dumb terminal” and a “Citrix connection” to connect to their network, and can print reports to a local printer attached to the “dumb terminal”. The county is changing technologies, scrapping their “dumb terminals”, and is now requiring the teleworkers to connect to the county network via the web and their own personal computers. Authentication will be controlled via a “RSA FOB”. Printing reports will not be allowed to any local printers. All report printing by the remote users must be directed to a network printer. The reason stated for this printing procedure is that if a report is printed to a local printer, and that report contains confidential information, someone after the fact could use the computer to view what was printed. Apparently, “traces of data” of what was printed will always remain on the hard drive. In fact, the county policy states that if the inevitable occurs and a report must be printed from the personal computer to a local printer, the county will physically destroy the harddrive on their personal computer after the teleworker leaves their employment. According to their policy, “this is done to protect any residual county data that may be left on the harddrive from unauthorized discloser (sic)”.
There are several issues here, one of which is requiring teleworkers from a governmental agency to use their own personal computers to conduct business. The issue I would like to research is this: If a user views and then prints a report from Crystal Enterprise, and assuming they do not save or export the report to a file and that the paper copy is properly disposed of or filed away, can somebody in the future look at or examine their computer and view the contents of the printed report? Is their a risk that an unauthorized person could see what was printed? If so, how high of a risk is this to an organization - is this something that an average person could do, or would it require specialized software or hardware, or could it only be accomplished by using data recovery specialists performing harddrive forensics (which I understand could cost several thousand dollars)?
I appreciate any comments. Thank-you.
I have developed Crystal Reports for years ( currently using version 10) but am new to Crystal Enterprise. My organization recently purchased Enterprise 10, and we will upgrade to version XI when the Linux version is available. With Enterprise, we will be able to distribute our reports and information to all our in-house and remote users (teleworkers). This will be a real boon for us. Our users will be able to view and print our reports (after supplying the proper login credentials of course) from anywhere via the web without having to install anything on their computer.
I have learned through a friend that a governmental agency (a county) is about to change their remote user access policies and procedures. Teleworkers there currently use a county-owned “dumb terminal” and a “Citrix connection” to connect to their network, and can print reports to a local printer attached to the “dumb terminal”. The county is changing technologies, scrapping their “dumb terminals”, and is now requiring the teleworkers to connect to the county network via the web and their own personal computers. Authentication will be controlled via a “RSA FOB”. Printing reports will not be allowed to any local printers. All report printing by the remote users must be directed to a network printer. The reason stated for this printing procedure is that if a report is printed to a local printer, and that report contains confidential information, someone after the fact could use the computer to view what was printed. Apparently, “traces of data” of what was printed will always remain on the hard drive. In fact, the county policy states that if the inevitable occurs and a report must be printed from the personal computer to a local printer, the county will physically destroy the harddrive on their personal computer after the teleworker leaves their employment. According to their policy, “this is done to protect any residual county data that may be left on the harddrive from unauthorized discloser (sic)”.
There are several issues here, one of which is requiring teleworkers from a governmental agency to use their own personal computers to conduct business. The issue I would like to research is this: If a user views and then prints a report from Crystal Enterprise, and assuming they do not save or export the report to a file and that the paper copy is properly disposed of or filed away, can somebody in the future look at or examine their computer and view the contents of the printed report? Is their a risk that an unauthorized person could see what was printed? If so, how high of a risk is this to an organization - is this something that an average person could do, or would it require specialized software or hardware, or could it only be accomplished by using data recovery specialists performing harddrive forensics (which I understand could cost several thousand dollars)?
I appreciate any comments. Thank-you.