When most people think of security in the enterprise, they think of PC, network, and cyber security, but many don’t consider the printer/copier/MFP. But as Hewlett-Packard explains, today’s printer/copier, or MFP, can be a significant risk in the enterprise – whether it’s a sales person copying their customer list to take to another company, confidential print-outs lying in a paper tray, confidential data recorded on hard drives, hacking through network ports, or unauthorized emails sent with a company’s email return address. These activities can result in lost revenue, regulatory fines, and even lawsuits, and for IT professionals, maybe even their jobs.
On September 4th, Wirth Consulting met with executives from Hewlett-Packard who discussed these concerns, and laid out HP’s major new security initiative for printing security, and a new branding tag “Printing. Scanning. Protecting.” The new initiative includes JetAdvantage Cloud Pull Print, LaserJet Enteprise Flow MFPs with more than 200 security features, Secure Content Management & Monitoring, enhanced HP Imaging and Security Center (v 2.1) , HP Printing Security Advisory Services, and HP ArcSight Printer Integration. The new solutions are designed to provide automated print-fleet security-compliance monitoring, a first for the industry, and complete data and document protection.
According to HP’s Ed Wingate, vice president of Solutions, LaserJet, and Enterprise Solutions, the new initiatives are designed to lock-down what can be one of the biggest holes in an enterprise’s security strategy if not addressed: the printer/MFP, but which is often overlooked by IT personnel. “IT managers are often not aware of security risks of MFPs. They can go on for two hours about their network, but many don’t consider printer-security risks. And hacks go through the paths of least resistance, not the bolted door.”
Michael Howard, who is HP’s Worldwide Security Practice Lead, LaserJets and Enterprise Solutions, notes that the threats continue to grow, citing data from a June 2014 study by Quocirca showing that 90 percent of organizations have suffered data loss through unsecured printing – indeed, the average cost of a security data breach is $5.4 million. Of these breaches, 65 percent are internal.
“Most, if not all enterprises have taken steps to secure their network and PCs with things such as firewalls,” Howard noted. “Printers can also be a liability if not secured – think of them as citizens on your network – we need to lock them down.”
One of HP’s first secure-printing initiatives is encrypted hard drives, so that data stored on hard drives is encrypted and can’t be read. “All of our devices today have encrypted drives,” says Howard. “We also have tools to encrypt older installed drives.”
Next are user-access controls to prevent unauthorized use of the MFP. “Authentication and authorization is critical,” says Howard. “IT managers need to be able to control who can use copy, scan, fax, etc.”
Also key is preventing unauthorized users accessing print-outs in paper trays. Howard notes that not only does a security breach occur when unauthorized users typically pick up and look at the document, but often times these users take the document, so that it must be reprinted.
Other security vulnerabilities include lack of printer monitoring, which leads to non-compliance with regulations, and increased risk; outdated firmware and missing security policies; and no security policies at all.
Howard says HP is unique in that, as it also deploys PCs and network and data-center infrastructure, it can take security from the data center, to the desktop, to the MFP.
Printer Integration with ArcSight
For instance, there’s new printer integration with HP’s ArcSight Security Information and Event Management software, which provides real-time security monitoring of HP FutureSmart MFPs and printers, so that printers and MFPs can be monitored as a part of the broader IT ecosystem. With printer integration for ArcSight, IT can manage printers similar to how they how they manage other network devices from ArcSight’s console – monitoring the security posture of HP printing devices in real-time as part of the broader IT ecosystem.
HP Imaging and Printing Security Center 2.1
HP introduced the next generation of its Imaging and Security Center, Imaging and Printing Security Center (IPSC) 2.1, which is designed to help enterprises simplify security deployment and monitoring for their large HP print fleets.
With Imaging and Printing Security Center, IT can apply a policy-based approach to securing their HP print fleet, deploying a single custom policy across their fleet, or they can use the baseline setting policy, which covers about 40 settings. The baseline settings are automatically applied to newly discovered HP MFPs and settings are available for email, network security, and more. This solution also provides reports detailing current risks, and enables IT to install unique identity certificates across their fleet of HP devices with less administrative overhead than manually installing certificates on one device. “It allows the IT manager to proactively manage their printers …with the same ease as with their PC fleet,” says HP’s Wingate. Wingate also mentioned that IPSC is backward-compatible (to varying degrees) with millions of HP devices that were introduced as far back as 12 years ago.