imaging and printing security best practices
DESCRIPTION
Imaging and printing security best practices . Steve Andrews GSLC, CHP, CSCS, CDIA+ Solution Consultant, HP. Objectives and agenda. Objectives Understand potential security and exposure risks, and learn how HP solutions can help you proactively protect your organization Agenda - PowerPoint PPT PresentationTRANSCRIPT
© 2008 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
Imaging and printing securitybest practices
Steve AndrewsGSLC, CHP, CSCS, CDIA+Solution Consultant, HP
2 04/22/23 HP Confidential
Objectives and agenda•Objectives–Understand potential security and exposure risks, and
learn how HP solutions can help you proactively protect your organization
•Agenda–Why be concerned about imaging and printing security?
• Security threats, risks and vulnerabilities• Compliance and privacy concerns
–How to secure your imaging and printing environment
3 04/22/23 HP Confidential3
Over 20,000 compliance regulations exist worldwide•Which ones impact your Organization?
3
Why be concerned about imaging and printing security?
5 04/22/23 HP Confidential
Anonymous Authorized printing
The cost of poor imaging and printing security
Security breaches account for $59B in proprietary and intellectual property loss each year by U.S. companies*70% committed by unauthorized employees**
95% result in financial losses**
Anonymous Authorized
*American Society for Industrial Security (ASIS), US Chamber of Commerce, Price Waterhouse Coopers; **CSI/FBI Security Study, 2003
6 04/22/23 HP Confidential
Security
66
TREN
D • Explosion of security regulations, complexity • Data breaches growing, and very costly• IT security spending continues to grow even in today’s economy
“Average cost per incident in 2008 was $6.65 million last year, up from $6.3 million in 2007.”
—Ponemon Institute
Fourth Annual US Cost of Data Breach Study January 2009
“In normal times, Gartner suggests that enterprises spend 3% to 6% of their IT budgets on security. In 2009, spending may actually rise to 8% of reduced IT budgets”
— Gartner, March 2009
2009 Update: What Organizations Are Spending on IT Security
“Deliberate actions of current and former employees are a primary threat to proprietary information.”
—American Society for Industrial Security
Trends in Proprietary Information Loss Survey 2007
6
7 04/22/23 HP Confidential
We know you’re concerned about security• Multi-function printers (MFPs) are intelligent devices—
much like connecting a server or computer to the network• Confidential information can be “hijacked”– In printer output trays– On the network– Inside printers and MFPs
• Financial loss can be significant– Compliance violations– Theft of proprietary information– Damage to company image– Legal fees
Imaging and printing security needs to be a partof your overall IT security and compliance strategy
8 04/22/23 HP Confidential
9 04/22/23 HP Confidential
Output privacy
10 04/22/23 HP Confidential
Output privacy•Problem: uncollected documents–Confidential information accessible
• George Clooney’s medical records (HIPAA)• Major financial institution: upcoming IPO information; $7M profit
– “Print and sprint:” leaving without picking up a printed document
–Documents accidentally/deliberately taken: reprinting–Waste: customers are seeing 10-15% cost savings by
using HP Pull Printing solutions
11 04/22/23 HP Confidential
Unauthorized access
12 04/22/23 HP Confidential
Unauthorized access•Problem: walkup access– Impersonation: digital sending and faxing–Device configuration changes–No audit trail for compliance
•Problem: network access–Device configuration changes
• Print 100 copies instead of 1• Send messages to front panel display: K–12 school kids• Unauthorized firmware upgrades
13 04/22/23 HP Confidential
Network security
14 04/22/23 HP Confidential
Network security•Fact: most companies do not encrypt the traffic on their internal networks
•Problem: network traffic is susceptible to sniffing and/or redirection– Print spool files are sent “in the clear”–Digital send/scan files are sent “in the clear”–Network sniffers (e.g. Ethereal) can be readily downloaded
from the WWW (Google search)•Man-in-the-middle attacks: data can be easily re-routed to another device–University: students re-routed documents to their PCs
15 04/22/23 HP Confidential
Data at rest
16 04/22/23 HP Confidential
Data at rest: retained information•Fact: data is stored on the hard drive and memoryof all printers and MFPs– Stored jobs– Address books – Temporary spool files– Fonts
•Problem: how to protect this data at rest from–Hardware theft: drive or entire device– Refurbishment/redeployment–Network access
17 04/22/23 HP Confidential
Proactive system management
18 04/22/23 HP Confidential
Core Printing and Imaging Management Requirements
Security• ability to secure devices at various
levels
Proactive Management• reduce end user downtime with real
time status updates of printers
Fleet Deployment• remote installation & configuration of
unlike devices
Problem Resolution• provide helpdesk with ability to
remotely manage & monitor
Reporting & Optimization
• trend asset utilization over time by users
Central Office
Remote Office
How to secure your imaging and printing environment
20 04/22/23 HP Confidential
The 7 steps
1. Get control of the fleet2. Secure the devices3. Authentication4. Pull Printing5. Encryption6. Job-level Tracking7. Document Security
21 04/22/23 HP Confidential
Summary• Security is everyone’s concern• Your technical solutions are only as strong as the policies
they support and the procedures built around them• To successfully implement security strategies you need
to get management to drive them, IT and HR to implement them and staff to understand and respect them.
• Security is a value add and a business enabler
Imaging and printing security must be part of your overall IT security & compliance strategy