This blog post was written by Quocirca's print speciailst, Louella Ferandes
Despite a continued reliance on printing, many businesses overlook print security in their overall approach to data protection. This may be set to change with the recent announcement that Xerox will be incorporating McAfee whitelisting technology into its multi-function printers (MFPs). This will enhance the hardware and software security capabilities that Xerox already offers to provide more secure printing, scanning, faxing and copying.
Quocirca welcomes the move; print security certainly needs to move higher up the IT security agenda. Although MFPs are an intrinsic part of the IT infrastructure, many organisations remain oblivious of the security risks they pose. These devices have the capability to scan, print, copy and email, operating as sophisticated document processing hubs with network connectivity, hard disk drives and embedded software. As such printers and MFPs are more than peripheral in today’s IT environment.
Without the appropriate controls, it is easy for confidential data to fall into the wrong hands – whether unintentionally or maliciously. Yet, a recent Quocirca study amongst 125 European and US enterprises, revealed that only 15% were concerned with data loss via a printer or MFP. Given the legal and financial ramifications of a data leak, as well as potential brand damage, businesses need to wake up to the print security threat.
There are a variety of measures that can be taken to mitigate the risks. A layered approach is required depending on the security posture of a given organisation. Devices can be protected through enabling features such as hard-disk encryption or overwrite, unused network ports can be disabled and user security can be applied through PIN only printing. Yet, Quocirca research shows low levels of adoption of these features. Whether this is complacency, a genuine lack of awareness or the complexity of implementation, it indicates that businesses are failing to protect themselves against an obvious threat.
The McAfee and Xerox partnership is a step in the right direction. By embedding McAfee software into its MFPs, Xerox customers will gain the benefits of whitelisting, a method that allows only approved files to run, which is more secure than traditional black listing, where the user has to be aware of, and continually update the list of malware (viruses, spyware etc.) in order to block it. Additionally, the security software provides an audit trail to track and investigate the time and origin of security events, and take action on them. The McAfee technology will be included in selected product releases over the next year. It will be available “out of the box,” meaning no special software uploads or Xerox service-driven upgrades are required post-installation. Xerox plans to roll-out the technology in new products as they are introduced.
Print security is a minefield for many businesses, particularly as standard security features vary widely between manufacturers, and even within a manufacturer’s own product range. The security threat landscape continues to encompass a wider set of threats – whether these are insider or external – and printers are far from immune. Quocirca believes that Xerox and McAfee’s proactive approach will raise print security higher up the overall IT security agenda.