How can businesses assess and mitigate the security threat of
networked devices such as printers that have operating systems
which can continually re-infect networks with malware?
As with all threats, the risks have to be appropriately
evaluated, writes Andrea Simmons, member of theBCS Security
ForumStrategic Panel. There are a
significant number of "end points" connected across and to our
networks that have to be managed and, as ever, there are
technologies that can be rolled out that will assist in this task,
but the fundamentals still remain: What have you got? Where is it?
Who should be taking responsibility for it?
Network scanning technology needs to be capable of addressing
the
end points to ensure that anti-virus or software updates are
run on printers and other connected devices to keep them virus-free
and "healthy". This is especially true the more our networks run on
IP technology and are structured by IP addresses. These need to be
carefully managed in terms of inventory listings to gain knowledge
of the active end points and the likely traffic flowing through
them.
The more technologically able printers are, the more likely it
is that they come with the capability to retain data in a stored
memory facility. This can present itself as a risk if the printer
needs to be taken offsite for maintenance purposes as the nature of
the information stored would need to be assessed to ascertain
whether or not it should be allowed to be taken offsite. Such
issues need to be addressed in contract management so procurement
colleagues need to be involved.
Printer ownership is always a challenging battleground, but the
security professional has to be able to share with colleagues
across all areas of the business where the known risks are and
provide the appropriate advice. It is then up to the individual
business areas to
undertake their own risk assessment on the basis of their known
risk appetite and decide what they are prepared to live with - i.e.
the realisation of the risk of infection of a known end point that
is under proper daily housekeeping and control.
Read more expert advice from the Computer Weekly Think Tank
>>