Guest post by Mike Feldman, President, Large Enterprise Operations, Xerox Services
Just when you think you’re getting control over all the security risks within your enterprise, up pop those darn endpoints. Your network nodes – the PCs, the servers– need protection, but who thinks about the vulnerability of your multifunctional printers (MFPs)? Don’t underestimate what’s at risk.
Large enterprises create millions of impressions of their data each year using printers and copiers, and much of this information is vulnerable. Information security (InfoSec) professionals are paying attention to these critical endpoints.
Consider what this research shows:
- 66% of organizations have re-evaluated their endpoint security policies, processes and tools to create a plan for improving endpoint security.
- 85% plan to spend more on endpoint security.
- 57% have already increased the security budget earmarked for endpoint security, analytics and incident response.
While 56 percent of those surveyed believe they can now effectively and efficiently secure endpoints, 41 percent express concern with their ability to do so, and another 23 percent of organizations cited monitoring endpoint status as their biggest security weakness.
Some Enterprises Outsource Security
Sometimes organizations will outsource services where they lack adequate skills or coverage, and this is true of security services as well. Citing benefits like improved incident detection and response, and cost reduction, other research reveals that more than half of enterprise organizations use a managed security service in some capacity to protect their endpoints.
If you already outsource print and document services to a Managed Print Services (MPS) provider, you may be closer to an endpoint security solution than you realize. Because of their closeness to endpoint technology as it relates to documents, MPS providers can be a natural choice for endpoint security, too.
Information Security and MPS
Managing device security requires specific capabilities and technology that not all MPS providers may have. If you plan to discuss endpoint security measures with an MPS provider, make sure these topics get on the agenda.
Security Analysis
Does the vendor work with you to assess security needs, identify where your information lives, how it’s transferred and greatest areas of risk?
Recommendations for Devices, Placement and Optimization
Will the vendor help you select the best devices for security purposes? There are many things to consider. Sometimes the most secure device is a locally connected one. Are any devices hidden from view, such as systems in copy rooms? This increases opportunities for security breaches, and a qualified vendor would note this in their security assessment and recommendations.
Commitment to Security Innovation
How does the vendor stack up regarding ongoing investment in security research, development and engineering? Xerox, for example, has five research centers worldwide and devotes a percentage of revenue to security and other critical research, development and engineering projects.
Digital Alternatives for Digital Transformation
Paper is the least secure way to manage information, yet we still park so much of our business data there. Can the MPS vendor help you find ways to scan and digitally secure information in trackable formats? Do their MFPs use “fax forward to email” to digitize documents for tracking and security? What about digital alternatives to drive paper out of business processes altogether?
Standards-based Technology
Endpoint device security can impact your level of compliance with regulatory and industry demands. Are the vendor’s products designed to support standards like HIPAA, Sarbanes-Oxley, the Gramm-Leach-Bliley Act and FDA 21 CFR Part 11? Does the vendor seek third-party validation of device security by participating in the International Common Criteria for Information Technology and Security Evaluation program for certification? Do they submit the entire device for evaluation, not just a security kit? This matters to high-security enterprises like government agencies purchasing MFPs with hard drives. It ensures extra protection is built into the device.
Integration with Minimal Disruption
How invasive are the provider’s security measures? When enterprises aren’t required to install third-party applications or software on their workstations, they avoid needless complications and disruption. Automated approaches supported by skilled service teams ensure interruptions for security measures are kept to a minimum.
Next week, Part 2 in this series takes a look at specific capabilities that ensure the security of your MFP endpoints.