I
recently read an interesting article in the Wall Street Journal
(October 16, 2008, “New Data Privacy Laws Set for Firms”) that
outlines new state-by-state regulations for data security. The
article contains a great quote that I think sums up the major
concerns for IT managers right now, but it doesn’t come from Technology makes an ever-increasing contribution to profitability in today’s highly competitive business landscape. However, the same technology that enables high productivity in the workplace can easily be compromised if not sufficiently secured. The consequences of inadequate protection could be financial loss, identity theft, risk to intellectual property, or even the ruination of an upstanding business due to identity theft.
Organizations spend significant capital to protect digital assets from threats, yet frequently overlook one of the most used network devices today -- the office multi-function peripheral (MFP). As these devices become more advanced and integrated, they offer companies a myriad of new benefits. However, because they are a document’s entry and exit point on your network, they also pose a number of threats that cannot be overlooked. For a comprehensive security strategy to be effective, it is imperative for organizations to demand a greater level of protection from MFP vulnerabilities.
MFP: The Overlooked Security Risk
An MFP is a powerful asset in your office’s environment. Left unsecured however, an MFP can pose one of the greatest threats to your organization. Just consider the types of documents that are copied, printed, faxed or scanned on a daily basis -- personal information, financial statements, confidential reports, e-mails, memos, customer data and employee information. Much like a computer, this data remains on the unit’s hard drive indefinitely.
The Risks to Office Multifunction Peripherals
Internal Threats
Important information can be at risk at the internal level, from
threats within your organization. At the device level, confidential
information can be accidentally or even purposefully copied from
stored documents on the unit’s hard drive, taken from the output
tray or faxed without authorization. Any information stored on a
local desktop computer or accessible through the Local Area Network
(
External Threats
Data is also at risk via external threats, outside the company’s
realm. From across a Wide-Area Network (WAN), the Internet or a
Virtual Private Network (VPN), information such as stored documents,
scanned data or print data can be intercepted. In the worst case, a
user from the outside can obtain confidential information, unleash a
Denial of Service (DOS) attack, or even place a virus on the device
via the network or a phone line. Through a FAX line, or corporate
IT mangers need to also consider what happens to office equipment once they have reached their end of life. If copiers or MFPs are being leased, there is always a chance that these units can fall in to the hands of hackers who can unlock data stored on the hard drive.
The Solution: Multi-Tiered Security
In any situation, protecting your MFP from just one threat is not adequate. A solid security suite will offer a multi-layered approach to protection -- providing better control over the users, devices, ports, protocols and applications on your MFP(s). A comprehensive approach to security will account for protection at every step in the document lifecycle, from the initial scan or print to final output and distribution.
Solutions for Internal Threats
The first step is to secure data that is stored right on the MFP that users can access locally. Manufacturers have introduced Common Criteria security solutions to offer encryption and data overwrite features for various levels of use. Ensure that your MFP meets the highest commercial level of Common Criteria Validation.
Data Security
A powerful security suite or security kit protects and controls
the major MFP systems, subsystems (print, copy, scan, fax jobs,
network settings, operating system, memory components, local user
interface, engine and job controller) and all data before it is
written to
Access Control Security
To limit unauthorized access to each device, specify account
codes, user/group profiles, passwords, or external user accounts
contained in an LDAP or Active Directory server. And to mitigate the
risk of interception, user credentials should be transferred using a
proven combination of encryption standards, such as, Kerberos,
An MFP security suite should also enable you to customize your
solution to meet your unique requirements and ensure data
confidentiality and integrity. For instance, government agencies
should seek out a security suite or development platform that can be
customized for use with MFD or
Audit Trail Security
A modern MFP will provide an internal audit trail, and/or third party application software such as Equitrac Office, for comprehensive auditing of all user activity. Certain federal regulations parameters, such as 'to', 'from', 'when' and 'file name' can be logged, reviewed and archived for conformance. Be sure that your MFP is customizable so that, if audit trail software is not embedded, you can easily request or download the appropriate software.
Solutions for External Threats
Unlocking the true potential of your MFP means having it fully integrated with your network, so employees can scan to email, or browse and preview data from the server right on the MFP. Of course, adding another entry point to the network present another possible threat to a company’s data. A security suite should provide you with the proper safeguarding against external threats too, allowing you to scale up as needed, but adequately safeguarding the network infrastructure and MFP installed base, without affecting network traffic or workgroup productivity.
Network Security
A multi-tiered security suite will feature an intelligent network
interface that can limit access to specific computers on a network
by IP or
Fax Security
Often times attackers can gain access to the internal systems of
the MFP or the local network via fax lines. The MFP should provide a
logical separation between the fax telephone line and
Platform Virus Security
Be sure that the MFP operating platform is secure. A proprietary platform is ideal, since it won’t be susceptible to viruses designed to attack more popular operating systems available on personal computers.
Taking the time to talk to your dealer about these features is vital. The time spent will be minimal but the cost savings, both tangible and intangible, will be enormous. Regardless, do not settle for a cookie-cutter, one-size-fits-all security package. Threats to private information and data will always be present and are always evolving. Make sure you are ahead of the game when it comes to security and that your MFP security suite is evolving fast enough to stay ahead of these threats.
Vince Jannelli is the associate director, Applications and Partners, for Sharp Information and Imaging Company of America.