This interview is an excerpt from our recent guide, 30 Government Innovations That Mattered in 2015 which examines 30 government case studies that explore innovation at all levels of government. Innovations that spanned the government job spectrum from human resources to cybersecurity and back again.
For more than 30 years laser and ink jet printers have populated the office supply room. These document-producing devices have withstood countless technological evolutions to become the multifaceted printers we have today. However, the biggest threat to the longevity of the printed word might come from an invisible foe – hackers.
Looking at a printer, you might not view it as a possible launch point for a hacker looking to breach your network. But you would be wrong. The truth is a printer just like any other device connected to the network is vulnerable. GovLoop sat down with Shivaun Albright, Distinguished Technologist, HP, to discuss how government can address this security need.
“Printers are essentially an endpoint on a network,” Albright explained. “Customers invest in endpoint security for their PCs, and their routers, etc. But the printing side of it is often overlooked. We’re trying to educate customers that every endpoint should be an equal citizen on the network.”
However, HP has a long way to go to ensure all of the public sector is taking printer security seriously. A 2015 Ponemon Study asked how many IT managers realize their printers might be vulnerable to cybercrime. Only 53 percent of IT managers recognized that printers could be just as vulnerable to cybercrime as any other endpoint. But Albright isn’t discouraged, “That number is actually a good sign, because it means that more than half of IT professionals are paying attention to printer security. Now we just need to convert the other half.”
The printer security conversation couldn’t come fast enough because cybercrime is evolving rapidly and the threats are increasing daily. “We don’t want printers to be that weak link in the network,” explained Albright. “In the past you could be assured that your network was secured by the perimeter with firewalls, but the reality has changed. We want to ensure that customers recognize that these printers need to be secured.”
For example, an average printer has 100’s of possible security setting s. And as with all manufacturers, whether it’s PCs, desktops or printers, the device comes to a customer not configured and potentially vulnerable. So it’s important that administrators set security policies to bring those devices into compliance with their organization’s endpoint policies and make sure that their printers are locked down in a similar way to their PCs. “The public sector needs to understand that these printing and imaging devices are part of their computing ecosystem. There needs to be an increased awareness around data protection,” explained Albright.
In the printer world, data security can come in different forms. The data is stored in a disk drive, is in motion over the network and is physically printed. “We’ve seen examples where confidential or sensitive information was exposed because someone printed a document that was just left in the output tray and prying eyes were able to see,” said Albright. “The first step for organizations is to look for the potential weaknesses in the system. Then you can look for ways to secure your data end to end.”
In order to help create that holistic view of security HP has committed to improving the printer security process. “We provide the tools, solutions and device hardening solutions to protect our customer’s environment and their data. We have added layers of security onto our devices to provide this intense, in depth mechanism that recognizes which devices are at risk in the system,” said Albright.
Customers can now also take the security advantage one step further. HP now offers a printing security advisory service. Albright explained how the service works, “We provide the customer with education on security threats and analysis of the current printing security posture,” Albright explained. “We do an assessment of their devices using a tool called JetAdvantage Security Manager that assesses a customer’s fleet of devices, and identifies where a printer has potential issues or vulnerabilities because they’re not configured properly.”
HP developed the JetAdvantage Security Manager tool with default/recommended printing security policies based on industry best practices and internal expertise. The service provided by HP features an assessment of the customer’s fleet security posture. Once HP completes the fleet assessment, the security advisor helps the client build a comprehensive printing security policy that meets their business needs as well as their best practices.
The printer security evolution isn’t stopping with the Security Manager tool. Albright previewed plans for 2016. “We’d like to see more awareness of the risks of printing and imaging devices, as well as an increased focus on device security. Looking forward, we’d like to see a better integration of print device security with cloud services. That area is growing significantly.”