Tuesday, January 10, 2012

Take Steps in 2012 to Keep Your Printing Environment Secure

Take Steps in 2012 to Keep Your Printing Environment Secure
by Andy Jones, director and general manager, Global Document Outsourcing, Xerox Europe

All of us know that information is a key corporate asset that should be protected, yet no one these days seems too surprised when high-profile data breaches via lost laptops or USB sticks make the news. These stories have drawn attention to flimsy security policies as well as the unreliability of human behaviour. While many organisations have taken steps to limit data loss from devices such as laptops and smart-phones, a more hidden security risk still prevails: the printing environment.
The risks involved with printing documents do not always make headlines, but the fact that a printer offers a connection to an organisation’s entire network should give any business pause for thought.

Understanding the Print Security Gap

Employees use printers to print, fax, copy, scan and send valuable company information across the enterprise network every day - often without a second thought. Today’s multifunction printers (MFPs) offer more data-handling features than ever, including hard drives for storing documents and scan-to-e-mail services, making them as sophisticated as desktop PCs. Enterprises routinely attach MFPs to networks, giving them all the flexibility, and security vulnerability, of any computer on a network. Ultimately today’s MFPs pose the same risk as any unprotected device.

At Xerox, we work with companies to protect their ideas and reduce the chance of theft through a document breach. One manufacturer contacted us after discovering that highly confidential research and development documents were stolen. The company told us that an investigation suggested that the leak occurred in the printing environment. While unfortunate, we helped the company take the necessary steps to secure its environment, and prevent this type of incident from happening again.
By working with many clients to successfully mitigate these types of risks, we have developed a system to help our clients quickly identify specific needs. Using a layered model, we walk clients through a series of questions to determine how best to secure their particular environment. The model’s first layer addresses the security aspects of the IT environment. For example, we carefully review what steps need to be taken to secure the IT environment in order to protect networks and devices from unauthorised network access. As mentioned above, MFPs should be treated like any other device with storage capability.

Remember, today’s MFPs can store print image data which presents a security risk if they’re not wiped before disposal.

The model’s second layer tackles the security of the physical workspace. Conventional wisdom suggests that the best security is to educate users. However most users don’t pay much attention to security, especially when they find it a hindrance to doing their job. Therefore it’s important to put in place a transparent and easy-to-use security solution, which includes measures such as secure print. With secure print, a job is only printed when the user physically types in their unique PIN number and releases the job.

In more extremes ecurity environments there may be a need to physically isolate devices and use operators to handle highly sensitive or secure output. To increase security even further, print governance tools, which add banners and watermarks to printed pages, may also be used. For some of our clients, we have been able to control some of our printing devices to mark pages in a way which can include unique codes. This enables operators to individually identify pages and also prevents copying.

As these examples demonstrate, there is a wide array of security measures available to meet a company’s needs. Whilst requirements vary dramatically across industries (an investment bank’s needs are different from a healthcare provider or manufacturer) we’ve seen an increase in the number of companies that are aware of the risk, and have begun taking some level of action to make their print environment and company secure.

Securing the Print Environment with Managed Print Services
As we entered the millennium, businesses realised that the internet age brought with it more end-user printing. Due to increasingly large volumes, many global businesses looked for ways to radically reduce printing costs. For some, this meant handing over all or part of the print management challenge to a third party. In addition to reducing printing costs, boosting productivity and supporting environmental targets, these companies discovered that managed print services can play an important role in securing confidential and sensitive information.

Here’s why:
When they outsource their printing, businesses engage a partner to assume the potential risk involved with printing. To do so, the print partner must maintain a trustworthy and secure print environment – after all security is one of the things the print vendor is selling to its customers.

Xerox has facilitated this type of secure outsourced printing environment with many organisations, including a major U.S. government customer. In this particular project, the client worked on 17 campus locations across the United States from Florida to California. The customer was required to maintain a high-security deployment environment with several unique constraints including:
• the campuses were co-located on military bases
• the environment faced ongoing attempts at infiltration by agents of foreign governments to obtain technology secrets
• the environment required restricted facility access to U.S. citizens
• the customer faced continuous auditing for compliance with security.

We offered a multi-pronged approach to security, incorporating people, which included a dedicated security analyst, as well as standards and technology. To date all security audits have passed; 95 percent of devices are in secure state; there have been no violations of customer facility policies; and, most impressively, there have been no security incidents resulting in the loss or compromise of data.
These days all organisations, whether in the public or private sector, need to make sure they have processes to support security protocols. They need secure print practices across the board and should certify that every printing device is at the correct, custom level of security for their organisation.
Xerox can help deliver this through our managed print services. We’ve watched our customers gain visibility, control their spending, and enhance document security. This helps them free up budget for innovative projects that can improve efficiency and drive competitive advantage.

Quocirca analyst Louella Fernandes has written a very comprehensive report on closing the print security gap, and it’s definitely worth a read if you’re interested in learning more about this topic.