At most agencies, security is everything. Hours and hours of manpower go into ensuring that systems are not vulnerable to internal or external breaches. Systems security has had to evolve quickly but some agencies have more seamlessly adapted to this evolution than others. At DoD, security is an integral part of the mission, and it has been a shining example for other agencies in implementing systems security protocols.
However, despite DoD’s ability to lock down data through in house techniques, the department isn’t an expert at everything. As a result, areas that do not outwardly appear to be a critical part of security infrastructure are at risk of falling through the cracks. One example is printing. In an era of increased cyberattacks, printers are becoming more vulnerable to security breaches. Because of the few security controls in place, attackers view printers as the weak link in an agency’s security. As a result, DoD and other agencies need to address the fact that their printers have become a very open and unsecure data source that must be protected more stringently. They must treat printers like other devices in their network.
To better understand how to protect the printers in your organization, GovLoop spoke with Joe Wagle, Worldwide Director for Solution Consulting HP, an information technology company that specializes in securing printers and PCs.
Wagle explained the issue with a simple comparison: “Imagine a house where all the doors are locked with certainty, but there is one kitchen window in the back that has been left wide open and there is a great big flashing sign around it saying, ‘Burglars enter here.’” Unsecure printers are the open window to an agency’s systems and must be addressed.
But there are challenges to closing that window. DoD’s security policies and procedures are much more complex than other agencies’ because of the inherently sensitive materials they work with on a daily basis. Additionally, the department is so large that it has an astronomical range of printing devices and people who use them. Both of these elements make it difficult to implement standardized security measures. This is where HP comes in.
“The idea of printing as a threat or as a risk is relatively new, even to very sophisticated DoD security departments,” Wagle said. Outsourcing printer security to an organization such as HP allows agencies to rely on someone who knows best practices and standards regarding printer security to lock down their devices.
HP follows a three-pronged method to ensure that security. Security requires implementing technology, but also policies and procedures. First, printer security starts with understanding your risk. HP offers Printing Security Advisory Services, thorough assessment of the security status and risk profiles. HP uses a team of security experts to engage with agencies to assess the level of risk in the print environment. This effort renders a roadmap and policy document with tactics to make the environment secure.
Additionally, part of the services prong includes training. This training entails educating Chief Information Security Officers, the people who administer the printers, plus end users on the risks of unsecure printers.
Second, HP must ensure that the software on the devices stays secure. Tools such as HP Security Management are a great example of software that keeps devices secure and compliant with the print policies that are implemented after the security assessments. Control user access and authorization are also necessary. This means using software that ensures only authenticated users are operating the device. “So if there is a data breach related to printing, we will have the forensic information to easily trace it back to a specific time, place, and device,” Wagle said.
Finally, Wagle explained that the devices themselves have to exhibit the utmost security. This is particularly important in a sensitive environment like DoD where documents that may be printed are often more classified than documents at other agencies.
Ultimately, securing every door and window into your data systems allows agencies to work efficiently without worrying about who might be creeping in through their printers.