Guest post by Mike Feldman, President, Large Enterprise Operations, Xerox Services
Want to make sure the multifunction (MFPs) and single function printers on your network are as secure as they can be? Incalculable amounts of confidential business information pass through these endpoints every year. Use this checklist to make sure your Managed Print Services (MPS) partner keeps the data on your MFPs as safe as possible.
1. Security Patch Program and Communications
Does the MPS provider offer an active security patch program? This means they monitor for new vulnerabilities on devices, just as OS software developers track new viruses that target software. Can you sign up for a feed and immediate alerts when a new bulletin and patch are posted?
2. Hard Drive Removal
Does the vender offer options for hard drive removal before a system is disposed of or turned in after a lease? Does the vendor offer a hard drive removal service that returns the drive to you for disposal? Do they make recommendations on the most effective way to rid hard drives of data? Are trade-ins and returns that will be remanufactured overwritten or reformatted? How are trade-in hard drives disposed of and “shredded”? What is the process regarding hard drives on competitive devices?
3. Fax/Network Separation
Unprotected fax connections create a potential open back door into your network. Is there complete separation between phone line and network fax connections? Do devices include a network firewall to prevent unauthorized access to your systems through a network connection?
4. Image Overwrite
Does the manufacturer clearly explain what steps are taken to wipe the machine? Vendors such as Xerox offer an image overwrite capability as a free and highly configurable option on most systems. This means the device electronically and securely “shreds” information stored on its hard disk as part of routine job processing. This step can be performed automatically when each print job is complete, scheduled to occur at a predefined time to satisfy your security policy, or started manually.
5. Data Encryption
As data moves in and out of multifunction devices, is it secured with state-of-the-art encryption? What about data stored within the device on the hard drive? Extensive encryption on a device hard disk and wire protect sensitive data at rest and in motion.
6. Network Authentication and Authorization
Network authentication lets administrators limit access to certain users. Can authorized users simply log in with an ID card for secure access to device functions? Can these authentication and authorization sessions be tracked?
7. Secure Access Through Unified ID System
User access to scan, email and fax features can be restricted by verifying user names and passwords in network directories prior to allowing these functions. Can access permission be controlled per user and per service? Some businesses may need this flexibility. Are these security measures managed centrally at a network domain controller? Is all activity monitored and recorded in a security audit log for accounting or regulatory requirements?
8. Secure Print
Are jobs stored safely at the device until the document owner releases them by entering a PIN, logging into the device or swiping an ID badge to release them? This capability controls unauthorized viewing of documents sent to printers and reduces the possibility of data loss or breach.
9. Secure Document Mobility
Keeping information secure for remote or mobile workers can be tricky. Does the manufacturer offer solutions to authenticate user access? For example, when a remote session is requested, an SSL-encrypted secure session sets up a secure tunnel from the device to the client. This method of connection opens a variable network port for the duration of the session. The port assignments are randomized and closed when the session is terminated. This avoids having a static – and risky – open port always available on the device.
10. MPS Security Software
Does your MPS partner provide software tools to send and receive information from devices using a secure protocol? Can the MPS software be configured to only send the device information the client allows, such as “Restrict IP address information from being transmitted”? Is the MPS provider’s back office certified by ISO 27001 as a secure facility? Can the provider’s software interrogate the MFP or printer fleet for device firmware levels and determine if they align with your security policies?
The requirements for keeping device endpoints secure can be overwhelming, and the landscape changes constantly. That’s why it makes sense to turn to your Managed Print Services partner for help. The best providers are on top of information security and constantly improve their strategies and resources to keep your document information secure.