Secure Documents for an Insecure World

If “Knowledge is power,” as Francis Bacon opined, institutions would do well to protect it. Yet hardly a week goes by without reports of a major security breach. From Watergate to Wikileaks, such cases often involve military or government secrets. But due to new laws protecting sensitive consumer and financial information, private businesses are scrambling to address their security shortfalls as well.

Take the banking industry. In 2007, a junior investment banker was arrested for leaking insider information to associates who subsequently made over $7 million in illegal profits. The real news was the simplicity of his tactics. According to an article in the May 4th, 2007 edition of the New York Times, the banker had easy access to the information he passed on to his co-conspirators. His desk “…was near a printer that turned out documents with information about potential deals for both his group and for others, investigators said.” Could this embarrassing situation have been prevented?

Get Serious

According to a recent study by IT analysis firm Quocirca, only 15 percent of organizations believe their printing infrastructure to be very secure. This same report states that “70% of respondents indicated that they have suffered one or more accidental printing-related data breaches.”

Document privacy concerns are real, and failure to protect confidential information can result in severe penalties. Gramm-Leach-Bliley and HIPAA regulations command the full attention of U.S. banks and hospitals, respectively. Likewise, Sarbanes-Oxley, Basel II/III, and other rules are forcing organizations everywhere to reexamine their document security measures.

Document Security: Threats and Responses

When it comes to information security, many organizations focus first on the external threat. By encrypting print streams before sending and then decrypting at the target device, even sensitive documents can be printed across the Internet and other non-secure networks. Though print encryption/decryption solutions have been available for more than a decade, such systems are not enough.

Creating a secure printing environment starts with access control. A recent Gartner news report cautioned organizations to “Treat printers as smart devices capable of inflicting damage on business systems…” and “Ensure that your printers and multifunction products are behind your corporate firewall.”

But even the most secure fortress has internal security threats. Printers and queues should be configured to prevent unauthorized users from viewing queued print jobs. Enterprise output management software simplifies configuration tasks while providing administrators powerful audit tools to detect and deter unauthorized document access.

The easiest document to protect is one never printed in the first place. Instead of distributing a print job to a user’s nearest printer, a company can distribute access to a protected electronic copy via an email link. By requiring users to “view first then print” or “view instead of print,” IT organizations can electronically track document access while reducing the cost of paper and other consumables.

The Case for “Pull Printing”

When physical hardcopy is required, pull printing is one way to protect against unauthorized document access. In a pull printing environment, user-submitted print jobs are not routed directly to a printer. Instead, the documents are stored on a central print server until the user physically arrives at the MFD or other output device. After swiping an ID card, entering a PIN code, or otherwise authenticating, the user selects one or more of the queued documents for printing.

The advantages of pull printing are many. By holding print jobs until the intended user is at the device, such systems eliminate the risk of private data sitting unclaimed in the output tray (à la our insider trading example). Each successful print job is logged, creating an audit trail to aid in security compliance efforts. And according to Gartner, “With as many as one in 10 documents sent to the printer and uncollected or sent again before collection to correct user errors, enterprises could reduce ad hoc print costs by up to 10% by implementing a PIN authentication system.”

Reaping the Benefits

Though numerous vendors sell output management software, few offer so many protection methods in a comprehensive, centralized output solution. As outlined in a previous issue, LRS continues to enhance the capabilities of our Enterprise Output Server by partnering with best-of-breed document security solution providers. Our new Innovate/MFPsecure™ product brings enhanced integration between Hewlett-Packard MFDs and the full LRS® suite. For more information, please refer to the “Solution Spotlight” article later in this issue.

Secure printing is no longer a luxury, but a necessity. By leveraging the secure printing capabilities of their existing LRS software, customers can save money while protecting sensitive information.