Check out the Xerox Data Crush on YouTube.
With the recent CBS story about compromised information from a major metropolitan police department and a New York insurance company, end users and I.T. staff are learning they must play an active role in ensuring the security of their office equipment. This involves understaning how document technology being placed in the office interacts with your network as well as developing procedures to ensure information is protected where appropriate. This webinar is inteded for office managers as well as I.T. support staff and will cover:
- Office information that needs to be protected
- Relevant legislation (HIPAA, Gramm-Leach-Bliley)
- Multifunction systems and data interacation
- Multifunction systems and essential design features
- Multifunction systems and independent certification
- Multifunction systems and good security practices for your office
- Multifunction systems at end of useful life
To register for this free webinar, visit: http://www.seeuthere.com/MFPSecurity
Note: The May 26th session filled up quickly and this June 10th session was just added. Don’t delay — register today.
Webinar speakers/hosts include Patti Spicer, Deputy Director at Computer Sciences Corporation’s Security Testing and Certification Laboratories; Larry Kovnat, Product Security, Xerox Office group; Marlon Miller, Xerox Public Sector Marketing.
In the 21st century, and with information as the key asset of every organization today, security is essential to the office — for documents and for any devices connected to the network. When it comes to networked multifunction devices, or MFPs, many vulnerabilities can be present because these devices can print, copy, scan to network destinations, send email attachments and handle incoming and outgoing fax transmissions. Thus, an MFP’s entire system, along with any device management software on the network, must be evaluated and certified in order for IT and all the workers of an organization to be certain that their documents and network are safe from information predators — or even from internal security breaches.
In this respect, not all MFPs are equal.
According to “Plugging the MFP Security Gap” by Mason Olds, IT World Canada (www.itworldcanada.com), there are five areas where documents generated by MFPs are most at risk:
- From the desktop: A file can be seized en route from the desktop to the server and used either in its existing form or modified and even exploited externally.
- At the server: Jobs sent to the MFP for printing typically sit unprotected on the server queue. At this stage, an internal hacker can pause the printing queue, copy a file, and restart the queue without noticeably disrupting the system.
- Between the server and the MFP: This is another point where documents are traveling unprotected — while on the way to the MFP device, information is fully exposed to anyone who can tap into the network.
- On the MFP: All information sent to the MFP is stored in the device’s hard drive. MFP hard drives can typically store about as much information as a PC hard drive.
- Left in the output tray or on the glass: In most office environments, it is common to pick up printed materials or leftover originals that belong to a co-worker.
Xerox reduces the risk for connected MFPs
MFPs evolved from copiers almost ten years ago. The guts of an MFP are essentially computer components — complete with a hard drive and memory — so that it can capture and manipulate image data and convert it into bits and bytes. Every time someone prints, scans, copies or faxes a document, the MFP is potentially vulnerable to attack by unauthorized users. That’s why it’s so essential for any MFP to be tested extensively for security vulnerabilities in its software before it goes to market.
Xerox provides more security for potential entry points to its MFPs than any of its competitors. It also continues to update those security functions on a regular basis. IT managers will find that Xerox offers the broadest range of multifunction systems that meet the internationally recognized standard for security, which is why they’ve earned Common Criteria full system certification.
“Unlike other document services vendors, Xerox has the entire multifunction system evaluated, rather than just a security kit or an individual security feature.” Recharger Magazine, 4/27/07
The following security functions have been included in Xerox Common Criteria certifications:
- Encryption with Secure Protocols
- Internal Audit Log
- Image Overwrite
- Embedded Fax
- Secure Print
To receive a free security whitepaper, “Why MFPs Matter to IT: Ensuring Security on the Network”, send an email to Deanna at firstname.lastname@example.org with Security in the subject line.
Here’s a link to the list of Xerox MFPs that are Common Criteria certified on the entire system: http://www.xerox.com/information-security/common-criteria-certified/enus.html.
With the proliferation of networked multifunction devices in today’s offices, and the amount of information that is sent, stored and shared viat those MFPs, the security of those devices should be among the top concerns of IT managers.