Copiers -- the Hidden Network Security Hole
When IT administrators list potential security holes in their networks, they rarely, if ever, think to rank networked copiers as a problem. But analysts say they're holes that need to be buttoned up.
But today's technologically advanced copiers -- also called multifunction printers or multi-function devices -- are commonly connected to companies' computer networks and are capable of scanning documents and sending faxes and e-mails. As a result, they also present a huge security hold, giving hackers one more way to steal corporate information.
And what makes this particular hole that much more dangerous is the fact that nobody thinks of copiers as a threat at all. And that leaves them wide open to attack.
Although a growing number of IT professionals and manufacturers of multi-function devices are starting to take a look at buttoning up this security risk, it's far from being a well-known problem.
But those naive notions are starting to change, say industry analysts.
According to a recent survey by International Data Corp., a major industry research firm based in Framingham, Mass., 78 percent of participating companies identified document security as ''very important''. Also, security placed first as a corporate concern, ahead of document storage.
Document security is currently, and will continue to be, one of the leading concerns for end users, according to Dan Corsetti, an IDC research analyst of hardcopy peripheral solutions and services.
''[Security] is increasingly important as copy machines become more active components of the network,'' agrees Anton Zajac, president and CEO of Eset, a global security software solution company headquartered in San Diego.
Attaching a multi-function device to the computer network gives a company greater flexibility and convenience, but it also allows anyone on the network to access, disrupt or potentially intercept documents sent over the network or stored in hard drives.
''Every time I send a document, it's vulnerable, whether it's on its way, when it's being stored or still on the hard drive,'' Corsetti says.
In recent years, technological advancements have resulted in broader accessibility of electronic documents and network connectivity, which has caused problems that businesses didn't have to worry about a decade ago. Network infiltration, image corruption, output security and end-user abuse are issues that IT administrators should be thinking about, adds Corsetti.
Now, issues like growing digital copier connectivity, wireless connectivity, government and regulatory practices, along with the rising cost of documents have led to an increase in MFP security-related products.
One of the leading trends affecting the printing and imaging industry is a host of new governmental and regulatory compliance acts and standardization requirements, Corsetti also points out. Those regulations may not require that specific actions be taken or even specify how information should be protected, only that certain information must be protected.
Larry Kovnat, Xerox's product security manager, says the new privacy and regulatory requirements have caused the healthcare and legal industries, as well as many government agencies and contractors, to insist that their multi-function devices be impenetrable.
''Hardcopy peripheral vendors are thus being asked to provide the necessary security software and services to enable end-user compliance,'' says Corsetti.
The analyst differentiates between two areas of multi-function copier security.
First, he notes that physical security measures are those that happen at the device itself. Administrators need to make sure that printed documents aren't left lying around on top of an unsecured printer where they could fall into the wrong hands.
On the vendor side, they have been providing security measures, such as removable hard drives, hard drive overwrite and password print/secure print, for some time. However, making sure people use those security features is another matter.
Network security regarding multi-function devices is newer.
The first multi-function devices were available around 1996, according to Xerox's Kovnat. Security attempts in the years that followed simply included machines with removable hard drives.
One example is Eset's recently developed NOD32 anti-virus software, which was adopted by Canon's Color imageRUNNER Workplace Gateway. In addition to traditional virus detection files, NOD32 uses a unique heuristic engine that identifies worms and viruses based on their behavioral patterns, rather than pre-assigned signatures.
Other network security solutions include audit controls, digital rights management, digital signature solutions, encryption, and lightweight directory access patrol, Corsetti notes.
Kovnat also points out that there is no ''common'' way for hackers to get into a networked copier and that all network components are susceptible to a break in.
Adds Kovnat, ''We have to find [potential breaches] before the bad guys do.''