Technology

Buyers’ guide to: secure printing

By Alice Kok | 23 October 2008

We review the latest generation of MFPs to see how government offices can manage sensitive data without sacrificing productivity.

View photos

Related Articles

• The rise and rise of green printing

Related Categories

• TECHNOLOGY

From this Section

• FEATURE

There is a proven information security risk sitting in the corner of your office. It is your humble multifunction printer (MFP) - according to research, 53 per cent of employees have found details not belonging to them on shared printers. And that is just the tip of the iceberg.

According to Paul Curlander, CEO of US-based Lexmark. MFPs are amongst the most networked devices in the office – but unlike your typical workstation, they serve multiple users – and if you’re not careful, anyone walking by. They are, of course, networked for a reason. Therefore government organisations need to ensure that as they work to maintain the security of their information, they do not sacrifice the productivity benefits that made them network their MFPs in the first place.

Key vulnerabilities. Printer security can be compromised at every stage in the generation of a print document - from the desktop, at the server, between the server and the MFP, on the MFP itself, and lastly, the output tray.

En route from the desktop to server represents the risk of the file being seized midway and used either in its existing form, or manipulated and exploited externally. At the server jobs queuing for print sit unprotected, presenting an opportunity for interception with a malefactor able to pause the print queue, copy the file, and restart the queue without anyone noticing the disruption.

When a document travels between the server and the MFP is yet another potentially unprotected transfer of information – enabling anyone snooping on the network to intercept the data. The MFP is itself is a security threat - as its hard drive can store as much information as a PC hard drive, up to 6000 printed pages for an 80 GB hard drive. All the documents a department has ever printed are stored here, at least for a time. Lastly there is the MFP’s output tray. Picking up co-workers’ materials is as common as it is risky – and I know I am not the only person to have forgotten to collect my printouts.

Today’s solutions. As a result of the above, the MFP vendors now take security as seriously as they do productivity and low power consumption. Some MFPs have functions to automatically encrypt documents before they are sent over the network, allowing documents to be printed only after decryption when the correct password is entered on the MFP. According to Seew Choi Gek, Solutions Consulting Manager of Canon’s Solutions Consulting Department, in order to secure scanned documents sent from the MFP to the PC, users can elect to translate their files into encrypted PDFs as a way of foiling interception: “This protects the document with a password to restrict unauthorised access, editing and printing,” she says.

Dannis Leow Assistant Manager Toshiba tells us that “users should secure their stored documents in their own private password-protected folder and not be shared in the standard public folder located in the MFP. As a measure, the hard disk of the MFP should also be encrypted”.

Another option will be disk sanitisation wherein data is entirely wiped from hard drive. “This method renders the data stored on the MFPs unreadable by most methods,” says Shinji Watanabe Manager of Lexmark Asia Pacific.

“As a basic, an MFP should be password protected and hard disk encrypted,” explains Toshiba’s Leow.

But what can be done about the output tray? Canon’s Seew shares that there are ways in which the output tray can be secured – through mailbox and secure printing. The former allows users to print at a user-specific stored location on the MFP itself, hence print jobs are performed only through password access to the user’s individual mailbox. The secure printing option is when print jobs are held up on the server until appropriate identification method, be it password, smart card or biometrics, is supplied to the MFP.

“This prevents private and confidential printouts from being left in the open for others to pick up,” says Seew.

Looking to the future of MFPs, Honda Masashi Senior General Manager of Fuji Xerox shares that as the hard copy document attributes to majority of the security risks, “features like embedded nano technologies are already under development to prevent information leakage”. The editorial team at FutureGov, armed with feedback from readers, evaluated five leading printers – scroll down to see how the MFPs fared in our FutureGov Secure Printing Buyers’ Guide.

Fuji Xerox ApeosPort-III C3300 — Best of FutureGov!

The ApeosPort-III C3300 comes with a ApeosWare Image Log Service solution that logs an image of any document that went through the MFP. These images are transferred to a core server then indexed and stored according to their job information. In the event of a security leak, the document can be located and the source and time of the leak revealed with keyword searches.

Canon 3380i

Canon 3380i comes with the basic hard disk overwriting, and password authentication. What makes it special is that the authentication comes on three levels: Department ID Mode, Simple Device Log-In (SDL), and Single Sign-On (SSO). SDL and SSO are reputed to be more secure as they run on network-based authentication servers in order to grant access.

Toshiba e-Studio 3520

This printer has a wide array of security features with the most interesting of it being that of hidden characters printed in the background for hardcopy security. This watermark is invisible on the original hardcopy, but when it is photocopied, the hidden character appears on the document. In this manner, illegal copying is prevented.

Konica Bizhub c353

Apart from the basic security features, to prevent unauthorised access, leaks and hacking, this MFP has the option of biometric finger vein and identification card card authentication. But of course, these advanced technology thingamajigs comes with additional options of an authentication unit, interface kit, mount kit and working table.

And doesn’t it look ravishing in black?

Lexmark x646e

Despite being marketed as having “specially designed security features”, the MFP is still user-friendly. The advanced security features only requires users to log-in with their standard network information, hence eliminating troublesome security processes and biometrics authentication. The MFP also has a physical cable-lock protection which is an interesting feature given that most MFP security features ignore physical security aspects.