MPS: The First Line of Defense from Security Threats2 Jun, 2015 By: Mike Feldman, Xerox
It’s safe to say that 2014 will be remembered as “The Year of the Data Breach.” High-profile retailers, financial institutions and a powerful movie studio all experienced severe cybersecurity breaches and spent millions of dollars undoing the damage. These were major attacks that harmed not only the company’s bottom line, but its reputation. To prevent another year like 2014, companies need to focus on implementing an IT security plan that reduces risk and protects data.
The need for security is pervasive across organizations, but “security” means different things to different functions within an enterprise. The executive suite and the legal team want to protect intellectual property from competitors and keep customer credit card numbers safe from hackers. Safeguarding employee records and personal information is concerning for Human Resources. Various industry regulations and mandates also add complexity to the term “security.” In healthcare for example, organizations must maintain the security of patient records to be in regulatory compliance. The common denominator in all of this is IT.
Where the Trouble Lies
Before an IT security plan can be developed, it’s important to understand network and device vulnerabilities so the liabilities can be addressed. A few security considerations to keep in mind include:
The Grab and Go — unsecured output trays with no provision for identifying users before spitting out printed pages. Anyone can walk past the device and take sensitive documents that were meant for someone else.
Device-level Hacks — many multifunction printer (MFP) configurations and parameters can be set right at the device, and without password protection. Device-level access can include commands for printing stored documents, routing print jobs to other machines or wiping custom settings to create confusion or downtime.
Stored Secrets — business-class MFPs include a built-in hard disk drive that can store print jobs, scans, copies and faxes, making the drive a point of vulnerability. A stolen machine can produce reams of sensitive documents, and MFPs that are taken out of service without having their drives erased contain a trove of corporate data.
Listening In — the networking capability common to most MFPs makes them susceptible to the same kinds of network hacks as their computer counterparts.
Opening an Opportunity— networked devices are also potential portals into corporate systems. Users on the network can access unprotected network printers, and if those printers are web-enabled, the pool of potential hackers is exponentially multiplied.
- The Human Factor – people who interact with devices are often overlooked as a potential security risk, but can end up being a company’s biggest threat. According to a study by the Ponemon Institute, employees and negligence account for 35 percent of data breaches – the leading cause of security incidents, but remain the least reported issue.
If you’re going to start with one part of a company’s IT security plan, I recommend beginning with documents and the devices creating paper and digital information. Sometimes business information starts as hardcopy, that later gets scanned into digital workflow. Sometimes it goes the other way, with digital records emerging from output devices as printed documents like applications or certificates.
Devices like smartphones that photograph documents, scanners that read paperwork, or secure digital printers that put out hardcopy information, allows information to easily flow back and forth between the two realms, making reliable security measures difficult.
Covering All Angles with MPS
The answer to document security gaps lie in an MPS program. MPS providers are experts at securing the content that passes through connected devices, making them the best line of defense when it comes to protecting vulnerable data and print jobs that contain confidential information.
When customers work with an MPS provider to analyze their information security status and evaluate company policies and procedures, they should discuss the following issues to cover all angles and dark corners of information security:Information access
- Device security policy
- Employee guidelines
- Device vulnerability
- Device behavior variability
- Network assurance
- Security configuration verification
- Remediation assurance
- Mobile workforce
After evaluating the security gaps, an MPS provider can help secure and integrate the device environment, resulting in tighter control of network devices and business-critical information.
The Perfect MPS Partner
But how are companies choosing their MPS partner and what partners are getting it right? It’s safe to say that not all MPS providers are created equal, and many choose a partner with valuable experience and priorities that align with their objectives. Security issues play a key role in many of today’s organizations, and it’s important to show how partnering on MPS initiatives can help eliminate vulnerabilities, reduce risk and ensure effective remediation when a problem arises.
Security goes hand in hand with risk management and compliance, and tools to help organizations meet strict legal requirements that govern their particular industry should be touted. Good MPS partners take the basic steps to ensure that risk management and regulatory compliance are accounted for. One example of this safeguarding is with MacAfee whitelisting, a ConnectKey security feature that only allows approved and predefined files and code to run on a Xerox MFP. The feature also detects and prevents unauthorized access, and sends alerts when someone attempts this.
Advanced MPS solutions that provide insights and visibility into IT networks and devices take device security even deeper, allowing partners to mitigate security risks for their customers before they happen.
Internal device security isn’t the only type of security MPS providers should keep in mind. Basic document output and retrieval security is critical to any organization. Solutions like the Xerox Secure Print Manager Suite are being developed that require a user to swipe a badge to access the printer and release their jobs from a secure print queue. With Xerox Secure Print, users assign a password or PIN to a document as it is sent to the printer and the document can’t be printed until the user enters the correct password at the printer. Steps like these are critical to data security and prevent unauthorized individuals from seeing confidential information when they come to the printer to collect their own output.
The need to let end-users print on the go from mobile devices is exploding. But like any IT system introduced into a business environment, mobile printing must offer air-tight security to avoid compromising critical data and networks. Make sure you’re diligent in ensuring that mobile printing does not become a point of vulnerability for partners.
Bringing It All Together
The security of your or your customers’ document domain can’t be taken for granted anymore, but the networked imaging systems in the enterprise can become your allies. Advanced MPS providers understand the challenges of protecting document workflow and should offer advice and solutions to reduce risk.
No matter what lens you look through, information security depends heavily on making sure the network isn’t vulnerable. That includes the endpoints like servers, printers, scanners and multifunction devices, making MPS solutions vital in a successful information security strategy.
Mike Feldman is President, Large Enterprise Operations, Xerox Services. For full company information please visit www.xerox.com.