VARs must switch on to secure printing

Networked printers pose a risk that needs managing, writes Marcus Austin in the third of our five-part series

Touch sensitive: A printer with a fingerprint reader attached will not print a job until the job owner activates it

Most office-based workers have walked over to a printer to pick up their pages only to find a print job in the tray with no apparent owner. Some will have even stumbled across sensitive documents, such as a staff salary review or an internal restructure proposal.

According to an IDC survey for Canon, a worrying 40 per cent of staff are more than happy to pick up and read such sensitive company data from shared office printers.

Just over 72 per cent of office workers admit to picking up their colleagues’ personal emails, while 18 per cent have come across personnel records including private home addresses, mobile phone numbers and salary information.

In addition, as many as 70 per cent of workers in some departments have found job-hunting employees’ CVs on shared printers and one in 10 have even happened across job applications.

For businesses, these findings clearly indicate inherent security concerns with printers. IDC warns that companies that do not protect their sensitive information could fall foul of privacy legislation such as the Data Protection Act (DPA), and could be unwittingly breaking non-disclosure agreements with other organisations.

Matt Marshall, research director at IDC, says: “Our findings appear to be shocking, especially in terms of today’s compliance-driven business environment.

“Many companies could unknowingly be breaking legislation and commercial agreements in terms of sensitive client and employee data such as company financials and personal information.

“It is important that UK businesses and their staff take these findings on board and focus on solving the problem.”

Unaware of the risks
In addition, Brother has recently conducted YouGov research into printing habits. It shows that three out of four SME owners are not aware of the risks of unsecured printing. Even in businesses that are aware of the problems, only 43 per cent have measures in place to safeguard against them.

Terry Caulfield, general manager for sales at Brother UK’s Printing Solutions division, adds: “Printer security is often overlooked. Even if a network is secure, packets of information sent to a printer can be susceptible to hacking. This can have serious commercial repercussions for any business.”

With security enabled for an organisation’s printer estate, the secrets in the salary review print job, or the CV or the private email remain in the printer, waiting for the job’s owner to type in a PIN code before it is printed.

But secure printing is still generally unknown, says Roger Christiansen, marketing manager at InfoPrint Solutions.

“With most printers and multifunctional printers [MFPs] sitting on a network these days, they are open to the same kinds of security threats as PCs and laptops, yet the vast majority of businesses do not know or understand this. So an opportunity exists for resellers to educate users and explain the various solutions available to them,” he says.

Secure printing is mainly used in government and in defence industries, but has filtered through to large enterprises, mainly in the legal and financial services industries. As secure features and functions start to turn up on smaller and less expensive devices, the market will grow to take in SMEs.

Neil Sawyer, enterprise marketing manager at HP’s Imaging & Printing division, believes that an untapped market exists for secure printing among smaller law firms.

Low-hanging fruit
“The legal sector is a low-hanging fruit,” Sawyer says. “There is lots of potential out there. Local solicitors and small law firms are all ideal target markets.”

Sawyer sees accountants and education markets as other customers ripe for secure printing.

An alternative approach to selling devices with secure printing is suggested by Steve Pearce, marketing product manager at Samsung Electronics UK: “Secure printing is particularly important to departments within an organisation where security is key.

“Take the HR department as an example. Practically every document they print will be confidential: salary details, disciplinary information, contracts. And this is where the channel should be targeting.

“Using a horizontal marketing approach, resellers should focus on an organisation’s security needs as opposed to its printing needs, as would normally be expected. Once success has been proven in one department, it is much easier to approach others within the comp-any than it would be as an unknown external supplier. “Word of mouth is a powerful tool when it comes to selling.”

Compliance imperative
As well as the obvious need for secrecy in professions such as law and accountancy, there are further reasons to guard data.

Legislation such as the Data Protection Act (DPA) lays a duty of care on companies towards customer data. And while the Information Commissioner’s Office (ICO) - the department that enforces the DPA - has been lenient in the past, that is changing.

Earlier this year, an ICO investigation found that Orange was failing to keep its customers’ personal information secure. The mobile phone giant had been allowing new members of staff to share usernames and passwords when accessing the company IT systems.

Orange had to sign a formal undertaking to comply with the principles of the DPA. Failure to meet this undertaking could lead to further enforcement action by the ICO and possible prosecution.

Canon sees laws such as the DPA as one of the main reasons why more and more businesses are adopting secure printing.

Geoff Slaughter, director of Canon’s partner channel, says: “We always think of secure printing as coming from government departments and the Ministry of Defence, but actually every company has an issue with secure printing because of things like the DPA, which covers personnel records - which every company has - as well as the usual customer records and databases.”

There are many different ways to manage printer security, and they all have their own strengths and weaknesses.

At the most basic level, the abil-ity to track what is being printed in the business through a printer management package is a good start.

PINs on printers can stop a print job from being printed where everyone can see it, although it will not stop someone gaining access to a PC while the user is at lunch and printing off files they should not have access to. However, users can log and track usage, which at least allows people to see who has used what and where.

Print managers
Most corporate PCs have the facility to lock down their USB ports and CD writers, but they usually will not stop users printing a file.

With a print management package such as HP’s Web JetAdmin - a free download that works with HP printers and any printer that complies with management information base - users can log and track print jobs, set passwords for printers and set security features on the printer.

A bonus of print management software is that it also allows users to reduce printer costs. Because it sends the correct job to the correct printer, users waste no paper or toner on jobs that have to be re-sent to the correct device.

It can also monitor use by users and departments, allowing departments to be charged for print use. Print management software can also deny features such as colour and single-sided printing to certain users or groups of users - see last week’s feature on print management for more details.

Sawyer sees the management of the printer environment as central to print security.

“Managing user rights and the hardware itself is critical,” he says. “A departmental MFP is just like a server now and can often provide a hackable entrance into a company’s corporate network unless it is managed and monitored properly.

“Resellers can add real value by taking their sales strategy to the next step by encouraging customers to manage their infrastructure with solutions such as Web JetAdmin.”

PIN security and features that prevent jobs being printed until a user swipes their card, or puts their finger on a fingerprint reader on the printer, are starting to appear on a wide range of printers, not just the high-end devices, as manufacturers realise that security is a big issue.

While PINs are becoming the industry-standard authentication system on higher-end devices, Pearce thinks that proximity cards and biometrics will become more prevalent over the next year.

He says: “To maximise their potential in this area even further, resellers should ensure they keep abreast of the latest security technologies as much as possible, particularly proximity card technology. The education sector currently uses these cards so that university students can pay for items such as food and drink, travel and even building access using just one card.

“However, this has not yet been extended to printing - cash is still the only way to pay for this service. This is a real area of opportunity to add value and resellers should be looking to capitalise on it.

“Biometrics has also been a hot topic for a number of years now, and we believe that in 2008 it will be a major focus within the print arena.”

VARs must switch on to secure printing

Networked printers pose a risk that needs managing, writes Marcus Austin in the third of our five-part series

Securing the network
Between the security at the printer and the security at the PC lies the network. The jobs that pass over the network are unencrypted, so in theory anyone could pick up a print job on its way to the printer.

While this sort of print job hijacking is difficult with wired networks, it is potentially a lot easier to hijack a print job on a wireless network - providing the hacker can get past the security. So there are now solutions that encrypt print job information as it passes over the network.

Brother’s Caulfield thinks that encryption is the next big issue in printer security: “Brother’s new colour laser printers and multifunction machines support the Secure Socket Layer [SSL] application, which prevents hacking and allows sensitive documents to be printed securely via a wired and wireless network.

“SSL is already widely used in e-commerce to protect customer information such as credit card details and this is the first time this technology has been used to provide a truly secure printer.”

Alan McLeish, product marketing manager at OKI Printing Solutions has encryption down as the must-have for secure printing: “For us, security is customer led and it is still a niche.

“However, the bigger corporates, banks and insurance companies are concerned about security, and the latest concern is interception on the way to the printer. So we now have a solution that encrypts data as it leaves the PC and decrypts at the printer, and the data cannot be grabbed by any other printer on the network.”

There are also a number of solutions for a potential security hole in larger workgroup printers. Larger printers often save print jobs to an internal hard disk while they hold them in the print queue. If someone wanted to get print information badly enough, it would be possible to take the disk, find the print jobs on it and print them out.

There are three ways to solve this problem: the disk can be securely fixed to the printer so it is impossible to remove without a key; the information on the disk can be encrypted; or the data can be erased after a job is printed by writing over it one or more times.

But McLeish warns that adding this sort of encryption also has its downsides.

“We offer this as an option rather than supply it as standard because the additional step of erasing the data on the disk slows down the printer as it takes time to write over the data,” he explains.

Wireless window
As more manufacturers start to sell wireless printers, the wireless link could become another security issue. HP’s Sawyer describes wireless printers as avenues for “hackers to hack into and grab data from” the corporate network. However, other vendors are dismissive of the threat posed by wireless devices.

Most vendors bundle PIN-type secure printing as a feature with high-end printers, but there are also solutions that allow security devices to be retrofitted to printers if they do not support secure printing features - see Third-party solutions, 36. Features such as disk and network encryption are also optional extras.

Christiansen advises a few alternative methods to create revenue: “Our features are all provided free of charge, so opportunities for partners to make money out of selling security could be: consulting on how to assess a user’s security; or replacing printers likely to have confidential output with one that supports advanced security features such as network encryption using open standards such as Intelligent Printer Data Stream.”

However, while security is a big issue for users, it is not such a big issue with the manufacturers
that they are going to start a big advertising campaign on the issue any time soon. Only one said it had any sort of plans to educate users, and Canon was the only company to mention any sort of specific dealer and reseller training in secure printing, although most have some sort of white paper that looks at secure printing as a standalone issue.

So if resellers want to start highlighting the problems of insecure printing versus the ease and peace of mind of secure printing for their customers, they will probably have to produce the evidence themselves.

Third-party solutions

Capella
Offers authenticated user access to MFP and digital sender functions in Windows environments through the VeriUser Authentication Solution, which is available as a hardware module or a software update that can be installed on a wide range of existing MFP devices.

Jetmobile
Produces a variety of authentication mechanisms for retrieving print jobs. A basic PIN may be used for job retrieval, using either the MFP’s control panel or an add-on terminal with authentication through a swipe card, proximity badge, smartcard or fingerprint technology.

SafeCom
A suite of security capabilities, including pull printing and authenticated MFP device access, that supports a variety of hardware authentication devices, including magnetic swipe cards and proximity badges. Also offers optional encryption for communications which can be integrated with job tracking and billing tools.

Ringdale
Ringdale’s FollowMe provides pull printing, as well as access controls to printing and scanning functionality. Users may be authenticated using a variety of hardware-based mechanisms, including proximity cards and smartcards.

Secure printing: key features

Security threat: Printer hard disk
In detail: Most disk drives in MFPs and printers are insecure because they can be quickly removed, giving access to the data on them
Solution: Encryption of the data; drive locks to prevent removal; overwriting of any data on the drive

Security threat: Network
In detail: Third parties can eavesdrop on print jobs as they pass over the network. Wireless networks and devices are particularly insecure
Solution: Encryption of print jobs between PC and printer

Security threat: Printer/MFP
In detail: Anyone can pick up a job as it arrives at the printer
Solution: PIN, swipe cards and fingerprint technologies allow users to stop jobs being printed until they arrive at the printer

Security threat: PC
In detail: Users can print files they are not authorised to print from an unattended PC
Solution: Document and print management software logs print usage

Summary

*Printer security is a big issue in larger businesses, but there are niches in the SME sector, particularly in the financial services and law-related markets, that VARs can easily exploit.

*Starting with departments such as HR or accounts where high levels of security are required helps you to sell into other departments subsequently.

*Secure printing falls into three categories: security at the printer itself, security over the network, and security over the jobs sent to the printer.

*Most printer manufacturers build security features into their workgroup multifunctional printer and printer products, but third-party products exist that can be retrofitted if required.

Contacts:

Brother (0161) 330 6531
www.brother.co.uk

Canon Business Solutions
(0870) 608 8833
www.canon.co.uk

HP (0870) 013 0790
www.hp.com/go/secureprinting

InfoPrint Solutions UK (02392) 561 444
www.infoprintsolutionscompany.com

OKI printing Solutions (01753) 819819
www.oki.co.uk

Samsung Electronics (01932) 455000
www.samsung.com/uk