By Melissa Donovan
Part 2 of 2
Managed document and managed print services (MDS/MPS) offer security features that prohibit any important data from being hacked into and used inappropriately. The first article in this series looked at some of the insecurities found in printers used today and the features implemented to prevent vulnerabilities. Here, we share specific information from a few vendors in this space.
Canon U.S.A., Inc. and McAfee together provide enhanced embedded protection against malware execution and tampering of firmware and applications for multifunction printers (MFPs). Through the partnership, Canon customers receive McAfee Embedded Control as an additional standard security feature on third generation imageRUNNER ADVANCE 3rd edition MFPs once enabled.
McAfee Embedded Control helps defend against zero-day and advanced persistent threat (APT) attacks by blocking the execution of unauthorized applications through intelligent whitelisting. This helps reduce the risk posed by sophisticated malware, such as worms, viruses, and Trojans. Further, it helps ensure that only Canon-approved, authorized updates can be implemented within the supported imageRUNNER ADVANCE system, helping to prevent tampering of existing firmware and applications.
This new functionality adds to the extensive set of security features incorporated into imageRUNNER ADVANCE MFPs. These features help secure the device and related communications, and provide the capability to efficiently manage security policies and monitor activity.
McAfee Embedded Control is available as a standard feature on imageRUNNER ADVANCE 3rd edition MFPs. These models already in customer environments can be upgraded to include this feature via a Unified Firmware Platform update available through Canon authorized dealers.
The protection of customer data is at the core of HP Inc.’s business. It achieves this in multiple ways. HP JetAdvantage Secure Print software offers secure PIN or pull printing. HP and TROY counterfeit deterrent solutions use a security toner to stain printer paper if it is subjected to chemical tampering. HP MFPs embed anti-fraud features—custom signatures, company logos, and security fonts—in sensitive printed documents.
HP Capture and Route Data Loss Prevention avoids sensitive information from being scanned, copied, or faxed by unauthorized users. HP Access Control Print Data Loss Prevention tracks sensitive, important data and prevents sensitive documents from being printed to prevent breaches. HP Access Control Secure Pull Printing protects confidential information, enhances device security, and increases efficiency.
Konica Minolta Business Solutions, U.S.A., Inc. offers the bizhub SECURE service on nearly all of its MFPs. Part of the service includes bizhub SECURE Alert, which is an enhanced document log and breach notification system. Powered by Prism DocRecord, the application automatically processes Konica Minolta MFP activity records, which are referred to as Image Log Transfer Files (ILTFs). The ILTF records all user MFP information and then provides a data file and a PDF document of the activity. Both files are run through Prism DocRecord, which OCRs, categorizes, and archives them.
Konica Minolta also offers Consult: Secure Print. It runs on a cloud-based platform and adds secure pull print functionality. Users are required to authenticate at the MFP before jobs are released.
Ricoh USA, Inc. offers a layered security approach to its MFPs. At the heart of its printer security model is the device itself. According to the company, the Ricoh operating system does not share vulnerabilities that are present in many operating systems, and many of its MFP devices are certified to be IEEE 2600.2 as standard. Hard disk encryption and disk overwrite security help ensure that processed data remains confidential.
Ricoh works hard to help ensure that printer security is not weakened by the user interface Smart Operation Panel, which uses a Ricoh-only operating system. Unnecessary components are not installed, and root access is not available. Embedded applications must pass Ricoh compatibility testing before they can run on the Smart Operation Panel.
The Ricoh DataOverwriteSecurity System (DOSS) addresses the vulnerabilities that are presented when temporary data—scan/print/copy image data, user entered data, or device configuration—is stored on a hard disk drive or memory device. DOSS destroys temporary data stored on the MFP’s hard drive by overwriting it with random sequences of ones and zeroes. Temporary data is actively overwritten and erased each time a job is executed.
Sharp Imaging and Information Company of America arms its MFPs with leading-edge security features. Firmware Attack Prevention and Self Recovery help identify a malicious intrusion and restore the machine firmware to its original state. An Application Whitelisting feature detects access attempts to the machine file system and denies access if the source data is not on the white list.
Built-in Authority Groups manage and restrict copying, printing, and scanning features to safeguard data as well as control costs. Active Directory Group Policy offers centralized configuration and control for select security and print driver settings. In addition, a remote device manager enables users to maintain security policies and deploy scheduled administration password changes.
In addition to the features found on its MFPs, Sharp posted a security checklist at business.sharpusa.com/document-systems/security, which helps customers deploy the proper settings on their MFPs. Similarly, Sharp provides this information to their dealer channel, so they too can help customers deploy the correct security features.
MFPs present many opportunities for vulnerabilities. Vendors of MFPs and the MDS/MPS that control them offer a number of security features that combat hacking and other related issues. dps
May2020, DPS Magazine