Companies that do not put the right information security measures in place in their document output environments could expose themselves to the risk of information theft or leakage. That’s according to Holger Groenert, Itec product marketing manager.
Groenert says that reams of valuable information are passed through companies’ scanners, copiers and printers every day. Yet the average enterprise does not give as much attention to information security in the office automation environment as it does to securing its network and computers.
As a result, a dishonest employee will probably photocopy the client database or a confidential business plan rather than trying to steal it electronically, says Groenert. Perhaps more common is the accidental leakage of sensitive company information because someone who printed out the payroll or the company financials forgot to collect it from the printer tray.
Groenert says that awareness of the importance of document output security is starting to grow throughout the world as companies begin to the feel the heat from regulators and lawmakers. A 2010 survey from InfoTrends found that 40% of businesses that have not implemented secure printing and document management plan to do so soon while 40% that have secured printing plan to beef security up even further.
Legislation such as Sarbanes-Oxley has driven this trend in the international market. In South Africa, companies will also need to think more carefully about how they handle consumers’ information when the Protection of Personal Information Bill becomes an act, says Groenert.
The penalties for leakage of customer data under this law could be severe. Even without these penalties, loss or theft of customer data could result in a loss of revenues or damage a company’s reputation. Groenert says that security in the print and office automation environment starts with a sound information security policy. The information security policy will guide end-user behaviour and enforce security standards across the enterprise.
Perhaps the most fundamental technologies for print and office automation security are strong user authentication and user privilege management controls in the document output environments, he adds.
Today’s multifunction products (MFPs) offer a range of hardware and software solutions that allow companies to control access to information and printers, authenticate users, track user activity in the printing environment and enforce company policies. This software makes it easy to track, audit and control all printing and photocopying on a network.
Companies can integrate this software with hardware solutions such as keypads, card readers and even biometric readers for access control and user authentication, says Groenert. For many companies, the simplest solution is get users to authenticate themselves at document devices with the same cards they use to access the building.
Once these solutions are in place, companies can introduce functionality such as follow-me-printing as a security and cost control mechanism. With follow-me-printing, users have to authenticate themselves at the printer before the print will be released, thereby ensuring that confidential documents are not left unattended in the printer tray, says Groenert.
Other solutions can be used to insert a security code in a printed document that will dictate whether the printout can be copied freely, copied if a password is supplied, or not copied at all. However, this is not cross-vendor functionality yet, so it will work only in single-vendor environments. Alternatively, prints can be numbered and allocated to users so that someone can be held accountable in the event that an unauthorised copy of a sensitive document surfaces.
Most MFPs will secure information on their hard drives with strong encryption so that it cannot be accessed by an unauthorised user on another printer. These hard drives can also often be removed for safe storage to even further reduce the risk of information leakage.
Holger Groenert, Itec’s product marketing manager