The next security worry - the photocopier

Multi-function devices have grown into security risks, or so vendors claim.

Name the previously ignored network device that is now at the forefront of information security? The usual suspects would be PCs, laptops, portable storage, servers, and perhaps critical pieces of infrastructure such as firewalls and email gateways, but they aren't exactly ignored. The security industry has built its fortune securing those.

For a small but growing number of large UK organisations, the new device to fear is, believe it or not, the photocopier, and its close relative, the networked printer.

These usually reviled machines sit in every single organisation across the land, churning out documents like mini-printing presses gone haywire, with few security managers worrying much about precisely what they are printing.

Indeed, the contemporary photocopier and printer are now in some cases the same device, multi-function 'document processing hubs', to quote the jargon, the one bit of hardware no business can live without but would prefer to ignore as far as possible.

But where does all this A4 go once it hits the print tray, and does any of it contain sensitive data? Nobody has a clue. And can organisations control who prints certain documents and hold them accountable in any way? Highly unlikely.

Multi-function photocopier/printers generate other security problems beyond the documents they print and scan. Many of them will contain hard disks, which cache print jobs and documents on their way to the outputting bin, and some even allow users to email straight from the photocopier flatbed to email addresses outside the organisation. Paper documents can be sent straight from the devices, in other words, while their caches can be full of unencrypted information. Given that the devices themselves can be accessed remotely, the risks, however small, are real.

Worrying about such issues might look like eccentric paranoia, but the photocopier, in particular, has some previous on the information security front. In the dying days of the Soviet-backed Communist regime of Poland's General Jaruzelski, using photocopiers was a rationed exercise, so terrified were the authorities of 'samizdat' clandestine magazines being run off on them. As late as themed-1980s, university photocopiers had armed guards, with access strictly controlled.

What the few companies specialising in securing photocopiers and printers like to promote is the digital equivalent of the armed guard.

By interesting coincidence, one of the few UK organisations willing to own up to using a the new generation of photocopier/printer security systems turned out to be in education, Thames Valley University (TVU), which bought 'MFP' (multi-function product) technology from photocopier stalwart Ricoh, a champion of the concept.

The university's use of the technology, however, has been fairly specific in its scope - it wanted a convenient way of managing and tracking student and employee use of printers and copiers. Fault-reporting had turned into a hassle and the Ricoh offered a way of making students top up swipe cards for printing use while being able to back up this credit and use data in case the card was lost. The bottom line? Saving money more than security per se.

Page Break

The risks - in plain English

Ricoh's MFP security system is less a single product than a web of individual proprietary and industry standard technologies that can be added on a case-by-case basis. These include:

  • Encryption. Comes in a number of forms to cover various bases, including secure deletion of hard disk data once it has been processed (the Data Overwrite Security Unit); encrypting print data using SSL via Internet Printing Protocol (IPP) between PC and printer.

  • Securing documents from random printing insecurity using Locked Print system; secure Document Release system deletes documents if not collected after a pre-defined time period.

  • Secure scanning - restrict document emailing from machine by allowing only authorised email addresses.

  • Authentication of users - using PIN code, swipe card, of digital authentication via, for instance, LDAP.

  • Copy protection - a system that can grey out documents embedded with patterns that restrict this function.

  • Logging - track printing, scanning, emailing, faxing against a list of users to monitor activity.

"In most companies, paperwork will always be signed. There will always be a copy," says Bernard Cassidy, Ricoh's security product manager. The idea that the digital enterprise has somehow abandoned paper, and the security issues that go with it, is part of the paperless office myth. He estimates that 35 per cent of copiers are now networked, a trend that has accelerated without the realisation that security risks have also increased. "The problem is huge because only a small percentage would be using authentication."

In his view, the first line of security should be that all data sitting on the device, whether printer, scanner, copied or just cached, should always be encrypted. Access to the storage and network interface of the device should always be carefully assessed and protected. Every document sent to a printer, or placed on a copier, should be tied to a real ID to maintain accountability. Add in the fact that many enterprises now routinely give external consultants and partners access to these devices and these security concepts should be looked at even more carefully.

According to Cassidy, the company has recently received a lot of interest in the UK from public sector organisations such as law enforcement, universities (including Thames Valley University) and healthcare, all sectors you'd imagine would be worried about documents going astray.

The private sector is less well represented so far, though he indicated that financial services companies were a likely target - none of those organisations traditionally like to talk about security in any context, let alone admit to having a problem with paper documents and printer/scanners. For now, case studies from which to assess project objectives remain very thin on the ground.

It's not at all clear that enterprises are listening to the sales pitch, however much companies such as Ricoh claim interest is growing. MFD security is still a niche that most admins would consider 'nice to have' rather than 'essential'. Few have even heard of the worries never mind the claimed solution.

Page Break

The Enron Shredder

Making paper secure in the digital age will never be a watertight business, even if every security measure imaginable is rolled out to plug the problem. Sometimes this theme hits home in unexpected ways. An important influence on the compliance overhauls of the last half decade was the Enron fraud, in which the defining device wasn't a printer, a scanner or even a copier - it was the infamous papers shredders used to attempt to destroy an accounting trail that could have indicated fraud. Remarkably, some shredded documents only existed in paper form.

No technology can defend against this type of complex information scam, the manipulation of paper trails, and it's one reason why companies spend large sums backing up every conceivable document.

But companies could just be at the start of a world where nothing makes it into a physical form without that piece of paper being tied to an individual, possibly with the information being embedded into the printed matter itself. The employee has for some time being what they create, what the email, and what they browse. They should also be what they print.