The risks - in plain English
Ricoh's MFP security system is less a single product than a web of individual proprietary and industry standard technologies that can be added on a case-by-case basis. These include:
- Encryption. Comes in a number of forms to cover various bases, including secure deletion of hard disk data once it has been processed (the Data Overwrite Security Unit); encrypting print data using SSL via Internet Printing Protocol (IPP) between PC and printer.
- Securing documents from random printing insecurity using Locked Print system; secure Document Release system deletes documents if not collected after a pre-defined time period.
- Secure scanning - restrict document emailing from machine by allowing only authorised email addresses.
- Authentication of users - using PIN code, swipe card, of digital authentication via, for instance, LDAP.
- Copy protection - a system that can grey out documents embedded with patterns that restrict this function.
- Logging - track printing, scanning, emailing, faxing against a list of users to monitor activity.
"In most companies, paperwork will always be signed. There will always be a copy," says Bernard Cassidy, Ricoh's security product manager. The idea that the digital enterprise has somehow abandoned paper, and the security issues that go with it, is part of the paperless office myth. He estimates that 35 per cent of copiers are now networked, a trend that has accelerated without the realisation that security risks have also increased. "The problem is huge because only a small percentage would be using authentication."
In his view, the first line of security should be that all data sitting on the device, whether printer, scanner, copied or just cached, should always be encrypted. Access to the storage and network interface of the device should always be carefully assessed and protected. Every document sent to a printer, or placed on a copier, should be tied to a real ID to maintain accountability. Add in the fact that many enterprises now routinely give external consultants and partners access to these devices and these security concepts should be looked at even more carefully.
According to Cassidy, the company has recently received a lot of interest in the UK from public sector organisations such as law enforcement, universities (including Thames Valley University) and healthcare, all sectors you'd imagine would be worried about documents going astray.
The private sector is less well represented so far, though he indicated that financial services companies were a likely target - none of those organisations traditionally like to talk about security in any context, let alone admit to having a problem with paper documents and printer/scanners. For now, case studies from which to assess project objectives remain very thin on the ground.
It's not at all clear that enterprises are listening to the sales pitch, however much companies such as Ricoh claim interest is growing. MFD security is still a niche that most admins would consider 'nice to have' rather than 'essential'. Few have even heard of the worries never mind the claimed solution.