Administrators must consider the potential vulnerabilities posed by the printer if they are to secure their networks
Businesses today are ruthlessly focused on the need to cut costs and improve their operational efficiencies. But at the same time they also face increased rules and regulation, which is in turn forcing IT management teams to re-evaluate their compliance and security procedures.
Security has been one of the top concerns with CIOs and IT decision makers for a while now. It begins in its most basic physical form, with many employees nowadays only able to enter their offices and workplaces after undergoing some form of validation, such as access cards or password. Yet security concerns have expanded beyond just protecting physical assets, to incorporate the prevention of both external and sometimes internal threats to the corporate network.
Remember the humble printer
Part of this overarching view of security therefore must include assessing the potential vulnerabilities that can be posed by one of the most commonly used assets in a business, namely the humble printer or multifunction printer (MFP).
This can be an area of potential oversight, and a security lapse within the print environment can have potentially devastating consequences for the company. After all, what is to prevent a worker from printing out the confidential customer database? Or someone seeing a printout revealing the salary details of a co-worker?
And many administrators overlook the fact that sensitive company information can be easily leaked when a printer or MFP is taken away for repair or disposal.
All these issues need to be considered to provide a thorough assessment of the security vulnerabilities for a business.
Understanding Printer Security
Securing the print environment requires a great deal of thought. Firstly you have to secure the access usually via some form of authentication and authorisation. Secondly you have to secure the data, usually via encryption. And thirdly, you have to secure the printed document, usually via a secure printing option, a watermark or a stamp of some kind.
Sensitive company information has to be securely printed, copied, scanned, and faxed, as the printing environment can suffer from the following security issues:
- network penetration
- network sniffing
- retained information theft
- unauthorised access
- output privacy invasion
- intentional or unintentional removal of data
Therefore it is worth understanding some of the real issues involved in securing the print environment.
Networked Printer Risks
Networked MFPs can potentially be a network penetration weak spot for an organisation, and it is worth checking what level of Common Criteria (CC) security validation your particular device is certified to.
Common Criteria is an international security standard used across the IT industry to certify the security level of products. This certification system helps the IT professionals to streamline the process of choosing network devices. In order to be certified, vendor needs to submit a device to the Common Criteria lab. Only when each of the security features passes Common Criteria testing, the device security level get rated and issued a Common Criteria certificate. Samsung for example received EAL 3 certification for its MFP security features, giving its customers peace of mind.
Continued on Page 2