In the 21st century, and with information as the key asset of every organization today, security is essential to the office — for documents and for any devices connected to the network. When it comes to networked multifunction devices, or MFPs, many vulnerabilities can be present because these devices can print, copy, scan to network destinations, send email attachments and handle incoming and outgoing fax transmissions. Thus, an MFP’s entire system, along with any device management software on the network, must be evaluated and certified in order for IT and all the workers of an organization to be certain that their documents and network are safe from information predators — or even from internal security breaches.
In this respect, not all MFPs are equal.
According to “Plugging the MFP Security Gap” by Mason Olds, IT World Canada (www.itworldcanada.com), there are five areas where documents generated by MFPs are most at risk:
- From the desktop: A file can be seized en route from the desktop to the server and used either in its existing form or modified and even exploited externally.
- At the server: Jobs sent to the MFP for printing typically sit unprotected on the server queue. At this stage, an internal hacker can pause the printing queue, copy a file, and restart the queue without noticeably disrupting the system.
- Between the server and the MFP: This is another point where documents are traveling unprotected — while on the way to the MFP device, information is fully exposed to anyone who can tap into the network.
- On the MFP: All information sent to the MFP is stored in the device’s hard drive. MFP hard drives can typically store about as much information as a PC hard drive.
- Left in the output tray or on the glass: In most office environments, it is common to pick up printed materials or leftover originals that belong to a co-worker.
Xerox reduces the risk for connected MFPs
MFPs evolved from copiers almost ten years ago. The guts of an MFP are essentially computer components — complete with a hard drive and memory — so that it can capture and manipulate image data and convert it into bits and bytes. Every time someone prints, scans, copies or faxes a document, the MFP is potentially vulnerable to attack by unauthorized users. That’s why it’s so essential for any MFP to be tested extensively for security vulnerabilities in its software before it goes to market.
Xerox provides more security for potential entry points to its MFPs than any of its competitors. It also continues to update those security functions on a regular basis. IT managers will find that Xerox offers the broadest range of multifunction systems that meet the internationally recognized standard for security, which is why they’ve earned Common Criteria full system certification.
“Unlike other document services vendors, Xerox has the entire multifunction system evaluated, rather than just a security kit or an individual security feature.” Recharger Magazine, 4/27/07
The following security functions have been included in Xerox Common Criteria certifications:
- Encryption with Secure Protocols
- Authentication
- Internal Audit Log
- Firewall
- Image Overwrite
- Embedded Fax
- Secure Print
To receive a free security whitepaper, “Why MFPs Matter to IT: Ensuring Security on the Network”, send an email to Deanna at multitec@tekstar.com with Security in the subject line.
Here’s a link to the list of Xerox MFPs that are Common Criteria certified on the entire system: http://www.xerox.com/information-security/common-criteria-certified/enus.html.
With the proliferation of networked multifunction devices in today’s offices, and the amount of information that is sent, stored and shared viat those MFPs, the security of those devices should be among the top concerns of IT managers.
Deanna Sinclair, Realtor at ERA Northland Realty 