The uninhibited flow of information within today's business environment has become a prerequisite of an organization's success and smooth operation. But within every organization, some of that information will be sensitive, and ensuring its safekeeping involves a comprehensive security policy. Like water coursing through a pressurized system, information has an unnerving habit of 'leaking' out through unchecked weak spots which have been identified and exploited by unscrupulous individuals.
Information Security
Keeping MFDs watertightThe uninhibited flow of information within information which has recently been today's business environment has become scanned, copied or printed, it also houses a prerequisite of an organisation's success operating systems which are capable of and smooth operation. But within every running multiple software applications. organisation, some of that information will be sensitive, and ensuring its safekeeping For example many of the more sophisticated involves a comprehensive security policy. models now incorporate a web interface Like water coursing through a pressurised - useful for administrators to see the status system, information has an unnerving habit of of a device, but this application also provides 'leaking' out through unchecked weak spots a potential means by which the device can which have been identified and exploited by be controlled. In many ways, an MFD is unscrupulous individuals. therefore not dissimilar to a standard PC, and if PCs are security protected, why not MFDs?
And as with a pipeline supply of water, these Happily, the historical problem posed by the leaks can go undetected for some time. The fact that MFDs contained fax cards which consequent damage is at best inconvenient, potentially provided a route via the machine at worst catastrophic. into the network, has been addressed and eliminated by all major manufacturers.So far, so obvious, you may think. But NewField IT has uncovered a significant weak spot in many companies' security how real ispolicy. Although there is an ever greater the risk?emphasis in IT departments on firewalls and PC protection, the multi-functional device - ie the combination copier, printer, fax and The reality of the risk has recently been scanner - is, more often than not, completely evidenced by the fact that the two leading overlooked. NewField IT's review of 41,000 suppliers of MFDs released patches in 2006 hard copy devices, servicing 105,000 users, for some of their devices following the found sketchy or nonexistent policies in place exposure of security vulnerabilities. In both to deal with the potential for information cases, the machines could be controlled 'leakage' by these machines. Yet the risk is following an internally generated attack. not only real, it is growing, with more and more organisations now rationalising the Out in the workplace, there have been number of single hard copy devices, and reports of MFDs being used to run web investing instead in ever more sophisticated servers, whilst elsewhere, the unmanaged MFDs. scan to email function is allowing users to send information anonymously both In order to help manage the risks, this White internally and externally. Recently, one Paper sets out to explain why MFDs might be global company discovered that users were weak points in the system, and examines the sending information externally from an MFD options for a security policy which keeps the only when a user rang the help desk to ask technology watertight. about additional features! For investment banks working on high profile cases and under ever tighter regulatory compliance, Understanding such anonymous leakage can have a hugely the risk damaging economic impact.
Yet another potential risk is posed by the The greatest security risk posed by MFDs possibility that internal hackers could hack stems from the fact that most modern into an MFD in the HR department and gain devices (and some mid to high-end printers) sensitive information that has recently been incorporate a comparatively large hard scanned, copied or printed.disk, many upwards of 40GB. This not only temporarily stores potentially sensitive
2preventingleakage
There are four key areas to security around the use of MFDs which if addressed will ensure the MFD is as safe as any PC within the network. The diagram below gives an anatomy of the weak points of an MFD:
RISK RISK RISKUsers mis-collect or transmit Scanned document sent Modem connection gives confidential documents anonymously opportunity for external access
RISK MULTI-FUNCTIONAL DEVICE RISKHard drive contains latent images Data not encrypted RISKOperating system can be hacked
1 The Document
Personnel picking up a confidential document Print to an electronic mailbox. The MFD from a shared MFD or printer probably printer driver has a number mailboxes a... [download for more]
