By Dennis Amorosano
Dec. 1, 2011
In today’s wired workplace, the traditional office copier has evolved into a highly intelligent multifunction device containing powerful software and storage capabilities where information is written, stored and accessed. However, this technology has also opened a potentially dangerous hole in IT security. Despite the integral position that multifunction printers (MFP) have within a network, business owners tend to overlook the security risks inherent in these devices, and focus on protecting computer-based data. Executives must recognize that the MFP of today is a network-centric device that requires careful consideration and incorporation into a holistic information security plan.
Printers and MFPs have hard drives that store data similar to those on computers and mobile devices, which means that residual data remains on a printing device after recent tasks have been completed. Because the majority of data security breaches originate with information stored on a networked device or internal hard drive, much of the security measures are placed on minimizing external access to sensitive information, with little consideration to safeguarding internal weaknesses. According to the 2010 Data Breach Investigations Report, more than one third (36 percent) of attacks originate from end-user devices, meaning the devices used by employees are the first point of entry for potential hackers, including printers and MFPs.
Whether an organization needs to meet the strict security demands of the private sector or comply with the stringent privacy and auditing regulations of the public sector, most print providers offer features that help form a comprehensive security solution that delivers higher levels of data protection. The following preventative measures can also help minimize and defend against potential MFP data security breaches.
It is important to remember that what users send to a networked device can potentially be seen by anyone. Controlling an MFP begins by controlling access to the device via user authentication. Universal-facility ID card access, key pad log-ins or personal identity verification can be used to control access to computers, buildings and networked devices. As an initial component of network hardening, device-based login is an effective way to control who can access particular features on a given MFP device. It also enables an organization to build a detailed record of usage that can be reviewed in response to security issues or to monitor overall efficiency.
Disk encryption, which uses proprietary software or hardware to make files unreadable to unauthorized parties, will effectively protect data from unauthorized access. Built-in data encryption kits are designed to protect all temporary data and stored documents on the internal disk drive of an MFP. Using an inaccessible key, the data is virtually irretrievable by anyone seeking to recover it from within the device or through external file recovery utilities. Further, this prevents an encrypted hard disk drive from being moved from one device to another, since encryption keys are not stored on the disk drive directly.
The information that can be found on MFPs is often laden with confidential information including social security numbers, bank records, birth certificates and more. Information can be fairly accessible if someone has local or remote access to the printer and the right tools, even after it is deleted. To counteract this, organizations should implement a hard drive data erase function to ensure that no traces of any temporary data or deleted documents remain accessible on the device’s disk drive. Depending on the level of required security, the feature can be configured to overwrite data once with null data, or with random data, or overwrite with random data three times for maximum security. The overwrite process, which includes any references to the data’s physical locations in the directory, is performed each time a file is deleted. When data has been erased, its ability to be retrieved by hackers through disk utilities and file recovery tools is severely limited.
Should I Be Concerned?
If your organization is concerned with securing print and MFP technology - then the answer is yes! While data overwrite and encryption are good initial steps for securing device technology, they fail to provide holistic protection against all threats and often lead to a false sense of security. One of the most frequent breaches of customer confidential information is the innocuous physical print or copy that often finds its way outside of an organization. This is why progressive businesses secure hard disks through overwrite and encryption technologies, but also implement user authentication coupled with systems that can actually alert administrators when documents containing sensitive information are processed. As a sign of the continued development in this arena, new solutions can prevent these documents from being processed altogether. Some may call this level of security overkill. At Canon, we like to call this prudent.
Choosing the Right Partner
In an era of relentless competition, business leaders often look for solutions that simplify critical processes within their infrastructures. When considering the best means of securing an organization’s MFP fleet, it is critical to choose a partner that is ready to offer in-depth knowledge, practical expertise, and field-tested technology. Qualified print providers can analyze and evaluate existing security processes, then partner with an organization’s chief information officer to carefully implement solutions that address MFPs and other networked devices. Incorporating print and MFP technologies into a comprehensive security policy is an important step toward minimizing security risks and protecting an organization’s key assets - its information.
Dennis Amorosano is senior director, Solutions Marketing, at Canon USA. He has played a key role in bringing the industry’s first networked digital multifunction system to market. During nearly 18 years at Canon, Mr. Amorosano has held numerous positions across Imaging Systems Group business units including leading product marketing for imageRUNNER, imagePRESS, Image Filing Systems and software solutions. He can be reached at www.usa.canon.com.