Despite the vital role that networked printing and imaging resources play in the processes and workflows of many organisations, the imaging and printing infrastructure is often an overlooked security vulnerability. In today's office, multifunction peripherals (MFPs) can print, copy, scan to network destinations, send email attachments and handle incoming and outgoing fax transmissions. As such, MFPs have evolved to become an efficient and cost effective method of document distribution and storage and an integral part of the IT infrastructure. However, it is this network connectivity, along with hard disk and memory storage, that means that MFPs are susceptible to the same security risks as PCs and servers.
The more advanced and integrated MFPs become, the greater the risk to confidential information during a document's life cycle when it is being copied, printed, scanned or faxed. It should be a given that data integrity is ensured at all stages including the processing, transmission and storage of printed material. Printed material remains a core component of most business processes, and securing sensitive or confidential paper based documents and information is key to complying with regulations such as the data protection acts, the US Sarbanes Oxley Act and Basel II—to name but a few. An unsecured printing environment can have serious implications for any business in relation to maintaining the information security of businesses and the customers.
So what are the main MFP security challenges and how should they be addressed?
1. Protect the device
At the most basic level, document security can be compromised by printouts being left in output trays to be picked up by unauthorised recipients. Using secure print products guards against the risk of interception by ensuring only authorised users are able to access their print jobs. This is achieved through print authentication which is a cost-effective and relatively non-disruptive means of increasing security. It offers a form of access control that enables organisations to prevent unauthorised users from using specific device functionality, route sensitive documents to secure printers as well as regulate retrieval and create an auditable paper trail detailing device usage to ensure regulatory compliance.
There are typically two categories of print authentication controls: Walk-up authentication occurs at the MFP and allows organisations to predetermine service availability based on specific user qualification criteria such as job function or title. In contrast, network authentication occurs at the infrastructure level and allows organisations to predetermine service availability based on technological criteria such as device type and location. Also known as PIN and pull printing, print jobs can be saved electronically in the device, or on an external server, until the authorised user is ready to print them. The user provides a simple PIN code or uses an alternative authentication method such as a swipe card, proximity card or fingerprint authentication. There are many products in this space, including Capella's MegaTrack, Jetmobile‘s SecureJet and Ringdale's FollowMe, all of which are compatible with most MFP devices.
The majority of MFPs on the market today offer a standard hard disk drive that provides large storage capacity. In addition to storage, the hard disk drive is used to manage all data flow in to and out of the device. As the image data is transmitted or scanned into the device, it is stored temporarily in the hard disk drive until processed. Additional steps are needed in order to completely render all data on an MFP's hard drive completely useless to safeguard against the theft of the MFP device or the drive itself.
There are several options to protect the integrity of the hard disk drive and network data. This includes lockable and removable hard drives, data encryption and disk overwrite features. Data overwriting ensures that the hard drive is absolutely clear of readable data. It works by overwriting the actual data with random and numerical characters. Residual data also can be completely erased when the encryption device and the hard disk drive are removed from the MFP.
When it comes to scanning, further protection is needed when scanning documents to email and network locations. With Secure PDF, users can assign a password to scanned PDF documents directly from control panel of the MFP. The password allows for various levels of control such as access, printing, editing and copying the content. Canon, for example, offers features such as secure watermarks and digital user signatures, to track who has sent, printed and scanned each document. Users have to identify themselves before they can send an email, thereby eliminating unauthorised use.
2. Secure the network
Many print jobs are unencrypted and therefore are unsecured as they pass over the network. This need not be so, MFP devices can make use of several protocols and communication methods to improve security. The most common way of encrypting print jobs is SSL (secure socket layer) which prevents hacking and allows sensitive documents to be printed via a wired or wireless network. Using an SSL connection means the information exchanged, including the user's credentials, names, email addresses and fax numbers, is encrypted to preserve the confidentiality and privacy of the data. Implementing secure protocols such as IPSec allows all wide area network traffic to and from printers and MFPs to be secured in the same way.
3. Use Print Management Tools
Printing and imaging environments are often a complex and diverse mix of products and technologies, further complicating the task of understanding what is being printed, where and by whom. Print management tools offer capabilities from printer fleet configuration to access control and audit trails. This not only addresses security concerns but also has cost benefits in allowing an organisation to understand the full extent of their printing and imaging costs. HP's Web JetAdmin is an example of a widely used print management tool, which also offers automatic firmware updates which improve device performance and patch security vulnerabilities. Products are also available from companies such as Equitrac or Print Audit.
With MFPs increasingly becoming an essential component of document distribution, storage and management, it is vital that organisations manage MFP security in the same way as the rest of the IT infrastructure. By using the appropriate level of secure printing solutions appropriate to their business needs, an organisation can ensure that its most valuable asset—corporate data—is protected.