© 2008 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice

Imaging and printing securitybest practices

Steve AndrewsGSLC, CHP, CSCS, CDIA+Solution Consultant, HP

2 04/22/23 HP Confidential

Objectives and agenda•Objectives–Understand potential security and exposure risks, and

learn how HP solutions can help you proactively protect your organization

•Agenda–Why be concerned about imaging and printing security?

• Security threats, risks and vulnerabilities• Compliance and privacy concerns

–How to secure your imaging and printing environment

3 04/22/23 HP Confidential3

Over 20,000 compliance regulations exist worldwide•Which ones impact your Organization?

3

Why be concerned about imaging and printing security?

5 04/22/23 HP Confidential

Anonymous Authorized printing

The cost of poor imaging and printing security

Security breaches account for $59B in proprietary and intellectual property loss each year by U.S. companies*70% committed by unauthorized employees**

95% result in financial losses**

Anonymous Authorized

*American Society for Industrial Security (ASIS), US Chamber of Commerce, Price Waterhouse Coopers; **CSI/FBI Security Study, 2003

6 04/22/23 HP Confidential

Security

66

TREN

D • Explosion of security regulations, complexity • Data breaches growing, and very costly• IT security spending continues to grow even in today’s economy

“Average cost per incident in 2008 was $6.65 million last year, up from $6.3 million in 2007.”

—Ponemon Institute

Fourth Annual US Cost of Data Breach Study January 2009

“In normal times, Gartner suggests that enterprises spend 3% to 6% of their IT budgets on security. In 2009, spending may actually rise to 8% of reduced IT budgets”

— Gartner, March 2009

2009 Update: What Organizations Are Spending on IT Security

“Deliberate actions of current and former employees are a primary threat to proprietary information.”

—American Society for Industrial Security

Trends in Proprietary Information Loss Survey 2007

6

7 04/22/23 HP Confidential

We know you’re concerned about security• Multi-function printers (MFPs) are intelligent devices—

much like connecting a server or computer to the network• Confidential information can be “hijacked”– In printer output trays– On the network– Inside printers and MFPs

• Financial loss can be significant– Compliance violations– Theft of proprietary information– Damage to company image– Legal fees

Imaging and printing security needs to be a partof your overall IT security and compliance strategy

8 04/22/23 HP Confidential

9 04/22/23 HP Confidential

Output privacy

10 04/22/23 HP Confidential

Output privacy•Problem: uncollected documents–Confidential information accessible

• George Clooney’s medical records (HIPAA)• Major financial institution: upcoming IPO information; $7M profit

– “Print and sprint:” leaving without picking up a printed document

–Documents accidentally/deliberately taken: reprinting–Waste: customers are seeing 10-15% cost savings by

using HP Pull Printing solutions

11 04/22/23 HP Confidential

Unauthorized access

12 04/22/23 HP Confidential

Unauthorized access•Problem: walkup access– Impersonation: digital sending and faxing–Device configuration changes–No audit trail for compliance

•Problem: network access–Device configuration changes

• Print 100 copies instead of 1• Send messages to front panel display: K–12 school kids• Unauthorized firmware upgrades

13 04/22/23 HP Confidential

Network security

14 04/22/23 HP Confidential

Network security•Fact: most companies do not encrypt the traffic on their internal networks

•Problem: network traffic is susceptible to sniffing and/or redirection– Print spool files are sent “in the clear”–Digital send/scan files are sent “in the clear”–Network sniffers (e.g. Ethereal) can be readily downloaded

from the WWW (Google search)•Man-in-the-middle attacks: data can be easily re-routed to another device–University: students re-routed documents to their PCs

15 04/22/23 HP Confidential

Data at rest

16 04/22/23 HP Confidential

Data at rest: retained information•Fact: data is stored on the hard drive and memoryof all printers and MFPs– Stored jobs– Address books – Temporary spool files– Fonts

•Problem: how to protect this data at rest from–Hardware theft: drive or entire device– Refurbishment/redeployment–Network access

17 04/22/23 HP Confidential

Proactive system management

18 04/22/23 HP Confidential

Core Printing and Imaging Management Requirements

Security• ability to secure devices at various

levels

Proactive Management• reduce end user downtime with real

time status updates of printers

Fleet Deployment• remote installation & configuration of

unlike devices

Problem Resolution• provide helpdesk with ability to

remotely manage & monitor

Reporting & Optimization

• trend asset utilization over time by users

Central Office

Remote Office

How to secure your imaging and printing environment

20 04/22/23 HP Confidential

The 7 steps

1. Get control of the fleet2. Secure the devices3. Authentication4. Pull Printing5. Encryption6. Job-level Tracking7. Document Security

21 04/22/23 HP Confidential

Summary• Security is everyone’s concern• Your technical solutions are only as strong as the policies

they support and the procedures built around them• To successfully implement security strategies you need

to get management to drive them, IT and HR to implement them and staff to understand and respect them.

• Security is a value add and a business enabler

Imaging and printing security must be part of your overall IT security & compliance strategy