Imaging and printing security best practices
description
Transcript of Imaging and printing security best practices
![Page 1: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/1.jpg)
© 2008 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
Imaging and printing securitybest practices
Steve AndrewsGSLC, CHP, CSCS, CDIA+Solution Consultant, HP
![Page 2: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/2.jpg)
2 04/22/23 HP Confidential
Objectives and agenda•Objectives–Understand potential security and exposure risks, and
learn how HP solutions can help you proactively protect your organization
•Agenda–Why be concerned about imaging and printing security?
• Security threats, risks and vulnerabilities• Compliance and privacy concerns
–How to secure your imaging and printing environment
![Page 3: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/3.jpg)
3 04/22/23 HP Confidential3
Over 20,000 compliance regulations exist worldwide•Which ones impact your Organization?
3
![Page 4: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/4.jpg)
Why be concerned about imaging and printing security?
![Page 5: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/5.jpg)
5 04/22/23 HP Confidential
Anonymous Authorized printing
The cost of poor imaging and printing security
Security breaches account for $59B in proprietary and intellectual property loss each year by U.S. companies*70% committed by unauthorized employees**
95% result in financial losses**
Anonymous Authorized
*American Society for Industrial Security (ASIS), US Chamber of Commerce, Price Waterhouse Coopers; **CSI/FBI Security Study, 2003
![Page 6: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/6.jpg)
6 04/22/23 HP Confidential
Security
66
TREN
D • Explosion of security regulations, complexity • Data breaches growing, and very costly• IT security spending continues to grow even in today’s economy
“Average cost per incident in 2008 was $6.65 million last year, up from $6.3 million in 2007.”
—Ponemon Institute
Fourth Annual US Cost of Data Breach Study January 2009
“In normal times, Gartner suggests that enterprises spend 3% to 6% of their IT budgets on security. In 2009, spending may actually rise to 8% of reduced IT budgets”
— Gartner, March 2009
2009 Update: What Organizations Are Spending on IT Security
“Deliberate actions of current and former employees are a primary threat to proprietary information.”
—American Society for Industrial Security
Trends in Proprietary Information Loss Survey 2007
6
![Page 7: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/7.jpg)
7 04/22/23 HP Confidential
We know you’re concerned about security• Multi-function printers (MFPs) are intelligent devices—
much like connecting a server or computer to the network• Confidential information can be “hijacked”– In printer output trays– On the network– Inside printers and MFPs
• Financial loss can be significant– Compliance violations– Theft of proprietary information– Damage to company image– Legal fees
Imaging and printing security needs to be a partof your overall IT security and compliance strategy
![Page 8: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/8.jpg)
8 04/22/23 HP Confidential
![Page 9: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/9.jpg)
9 04/22/23 HP Confidential
Output privacy
![Page 10: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/10.jpg)
10 04/22/23 HP Confidential
Output privacy•Problem: uncollected documents–Confidential information accessible
• George Clooney’s medical records (HIPAA)• Major financial institution: upcoming IPO information; $7M profit
– “Print and sprint:” leaving without picking up a printed document
–Documents accidentally/deliberately taken: reprinting–Waste: customers are seeing 10-15% cost savings by
using HP Pull Printing solutions
![Page 11: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/11.jpg)
11 04/22/23 HP Confidential
Unauthorized access
![Page 12: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/12.jpg)
12 04/22/23 HP Confidential
Unauthorized access•Problem: walkup access– Impersonation: digital sending and faxing–Device configuration changes–No audit trail for compliance
•Problem: network access–Device configuration changes
• Print 100 copies instead of 1• Send messages to front panel display: K–12 school kids• Unauthorized firmware upgrades
![Page 13: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/13.jpg)
13 04/22/23 HP Confidential
Network security
![Page 14: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/14.jpg)
14 04/22/23 HP Confidential
Network security•Fact: most companies do not encrypt the traffic on their internal networks
•Problem: network traffic is susceptible to sniffing and/or redirection– Print spool files are sent “in the clear”–Digital send/scan files are sent “in the clear”–Network sniffers (e.g. Ethereal) can be readily downloaded
from the WWW (Google search)•Man-in-the-middle attacks: data can be easily re-routed to another device–University: students re-routed documents to their PCs
![Page 15: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/15.jpg)
15 04/22/23 HP Confidential
Data at rest
![Page 16: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/16.jpg)
16 04/22/23 HP Confidential
Data at rest: retained information•Fact: data is stored on the hard drive and memoryof all printers and MFPs– Stored jobs– Address books – Temporary spool files– Fonts
•Problem: how to protect this data at rest from–Hardware theft: drive or entire device– Refurbishment/redeployment–Network access
![Page 17: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/17.jpg)
17 04/22/23 HP Confidential
Proactive system management
![Page 18: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/18.jpg)
18 04/22/23 HP Confidential
Core Printing and Imaging Management Requirements
Security• ability to secure devices at various
levels
Proactive Management• reduce end user downtime with real
time status updates of printers
Fleet Deployment• remote installation & configuration of
unlike devices
Problem Resolution• provide helpdesk with ability to
remotely manage & monitor
Reporting & Optimization
• trend asset utilization over time by users
Central Office
Remote Office
![Page 19: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/19.jpg)
How to secure your imaging and printing environment
![Page 20: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/20.jpg)
20 04/22/23 HP Confidential
The 7 steps
1. Get control of the fleet2. Secure the devices3. Authentication4. Pull Printing5. Encryption6. Job-level Tracking7. Document Security
![Page 21: Imaging and printing security best practices](https://reader035.fdocuments.net/reader035/viewer/2022062521/5681684b550346895dde3f43/html5/thumbnails/21.jpg)
21 04/22/23 HP Confidential
Summary• Security is everyone’s concern• Your technical solutions are only as strong as the policies
they support and the procedures built around them• To successfully implement security strategies you need
to get management to drive them, IT and HR to implement them and staff to understand and respect them.
• Security is a value add and a business enabler
Imaging and printing security must be part of your overall IT security & compliance strategy