The security threat lurking at your printing station

Dennis Amorosano

Data management is a growing challenge for government. Petabytes of information -- including digital documents, consumer data, transactions and photos -- are piling up at all branches and divisions of local, state and federal government. Management and analysis of that data is a top priority, as is security and prevention of data leaks.

But while agencies focus on protecting their data networks, facilities and digital assets, they might be missing an unexpected area of vulnerability: multifunction printers (MFPs) and the hard-copy and digital workflows that surround them.

According to Verizon's 2012 Data Breach Investigations Report, employees contribute to 36 percent of data loss incidents in larger organizations. Furthermore, devices used by employees are generally the first point of entry for a potential security breach, including printers and MFPs.

When considering information security, agencies must carefully evaluate both physical and digital access. Who has access to confidential information printed from your devices? Are sensitive documents with confidential information lying exposed on the output tray where anyone could see them or accidentally take them? Can anyone in your organization walk up and retrieve a document?

The following preventive measures can help agencies minimize and defend against potential MFP data security breaches.

Authenticate users. It is important to remember that the data users send to a networked device can potentially be seen by anyone. Controlling an MFP begins by securing access to the device via user authentication, such as card access, keypad logins or personal identity verification. As an initial component of network hardening, a device-based login is a simple, effective way to control who can access particular features on a given MFP. It also enables an organization to build a detailed record of use that can be reviewed in response to security issues or to monitor overall efficiency.

Manage documents in the cloud. Data is moving to the cloud at an accelerated rate. Security (or lack thereof) is one of the biggest concerns for IT professionals because they must ensure that information is carefully tracked and managed. Consider output management and cost control software for MFP devices. Such tools are designed to provide effective control over your entire print fleet by offering solutions such as secure printing, document output accounting, cloud access management and device management.

Encrypt the devices' hard disks. The data processed and stored on an MFP might be laden with confidential information, especially in the government sector. Disk encryption is intended to protect data by using proprietary software or hardware to make files unreadable to unauthorized parties. Be sure encryption keys are unique to each device; otherwise, hard disks can be moved from one device to another and easily read. Also store the keys separately from the encrypted data.

In addition, it could be fairly simple to extract confidential information from an MFP even after it has been deleted unless the file has been effectively overwritten. To prevent such breaches, organizations should implement a hard-drive data-erase function to ensure that no traces of temporary data or deleted documents remain accessible on the device's disk drive.

Government agencies and the IT professionals who guide them are constantly looking for solutions that simplify and improve critical processes within their infrastructures. Given the risks associated with daily use of today's MFPs, don't leave your critical information exposed. Take a holistic view of security and partner with your office equipment vendor to ensure that you have a comprehensive strategy in place to mitigate risk.

About the Author

Dennis Amorosano is senior director of solutions marketing and professional services in the Business Imaging Solutions Group at Canon U.S.A.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group