As IoT devices, smart MFPs are susceptible to the growing threat of attempts to implant malware, recruit to botnets (to help perpetrate DDoS attacks), as well as potentially providing an open gateway to the corporate network. A managed print service (MPS) is an effective approach to building a multi-layered print security strategy. This can support cyber resilience; the ability to prepare for, respond to and recover from cyber-attacks. Print infrastructure is a potential security blind spot and businesses of all sizes should seek the expertise of MPS providers to ensure their print infrastructure is resilient and secure-by-design.
An evolving and sophisticated threat landscape
As cyber-attacks continue to grow in both number and sophistication, and businesses face increased regulatory pressure to protect data, cybersecurity is rising up the corporate agenda. The print infrastructure remains a critical element of the IT environment – networked printers and MFPs must be treated as any other endpoint device.
Left unprotected smart MFPs are a potential open door to the network, as well as a source of confidential or sensitive information for hackers. Security vulnerabilities include weak or default passwords, misconfigured devices, software vulnerabilities or lack of software updates.
While many businesses recognise the risks, Quocirca’s Print Security 2019 Study reveals a security gap that must be closed; 73% of organisations report they are concerned about print security, and 77% are increasing print security expenditure, but just 24% are confident that their print infrastructure is secure. It is perhaps unsurprising that 59% had experienced a print-related data loss in the past year.
Measured by Quocirca’s Print Security Maturity Index*, just 27% of organisations in the study are print security leaders, having made the investments in print-specific security integrated with broader IT security. However, for the majority, protection of the print environment is patchy, relatively few organisations having advanced capabilities, and print security is all too often isolated from IT security.
Data theft, a common aim and outcome of cyber-attacks, can lead to financial losses, legal repercussions, reputational damage and loss of customer confidence. To avoid this, businesses must do more to mitigate threats, improve defences and ensure security-by-design within the print environment. This is increasingly important as digital transformation initiatives accelerate and the print infrastructure becomes the bridge between paper and digital workflows.
MPS as a multi-layered approach to print security
The multiple points of vulnerability that characterise the print infrastructure demand a multi-faceted approach that protects the device, the data and the network. An MPS can support an effective and complete print security strategy in the following ways:
- Comprehensive security assessments
An MPS should evaluate the existing device fleet to discover potential vulnerabilities. Legacy devices may have firmware that has not been updated for years and newer devices should be subject to the same update regimes as user devices. Such visibility provides a foundation for the ongoing monitoring of devices once the fleet is optimised and secured. Security assessments can vary widely by MPS providers, with the most advanced offering security maturity roadmaps for their customers.
- A secure-by-design print infrastructure
Print devices with embedded security will be protected through their lifecycle, from deployment to retirement. Automatic vendor upgrades should mean future proofing devices as they become more powerful, store more data and increase in functionality. Legacy devices, that cannot be managed in this way, should be retired or isolated on the network.
Like other networked devices, MFPs require controls that limit network access, manage the use of network protocols and ports, and prevent potential viruses and malware. The most secure MFP platforms offer run-time intrusion detection, BIOS protection and self-healing capabilities should a potential anomaly or attack be detected. More manufacturers are offering security information and event management (SIEM) tool integration, a way of using syslog data to detect potential security events.
- A security policy for the entire printer fleet.
An MPS can establish rules governing the use of networked printers and MFPs. This can prevent employees from accessing certain device functions. User authentication (or pull printing) grants or denies certain privileges based on user roles. This ensures documents are only released to authenticated users (for instance using a smartcard or PIN). Such solutions can be hosted on-premise or in the cloud.
- Continuous monitoring and management
To ensure compliance and to trace unauthorised access, organisations need a centralised and flexible way to monitor usage across all print devices. Auditing tools should therefore be able to track usage at the document and user level. This can be achieved by either using MFP audit log data or third-party tools, which provide a full audit trail that logs the identity of each user, the time of use and details of the specific functions that were performed. Some leading MPS providers offer compliance reports, that include security breach monitoring and reporting. In some cases MPS providers may offer post attack remediation services should a breach be detected.
- User education and training
With many data loss incidents being caused unintentionally by internal users, MPS can be a foundation for not only employee education and training, but development and enforcement of secure print policies.
As organisations accelerate their digital transformation, a secure print infrastructure ensures that productivity and innovation is not threatened by poor security practices. Ultimately, print security demands a comprehensive approach that includes education, policy and technology. In today’s compliance-driven environment, where the cost of a single data breach can run into millions, organisations must proactively embrace this challenge.
An information security strategy can only be as strong as its weakest link, and it is imperative that all organisations evaluate MPS as a means to strengthening the resilience and security of their print infrastructure.
*The index considers seven factors: the proportion of overall IT security spending that goes on print security; the use of print security assessments; the use of pull printing; having a formal print security policy; secure mobile printing; third party testing of printing devices and printer firmware updates.