When looking at enterprise security, we commonly refer to and consider firewalls, Intrusion Prevention Systems (IPS), Virtual Private Networks (VPN), encryption and authentication. When we think of securing our data, we think of securing critical servers and databases. Rarely do we think of printers. Billions of dollars are spent worldwide on security each year, but how much did your organization spend on securing their printers this last 12 months? If you answered zero, you would be in the vast majority.
Printers have come a long way since their widespread adoption in the late 1970’s and early 1980’s. Back in the day, each printer was connected to an individual system and could only process a single print job at a time. Today, printers have matured into multi-functional devices that bare little resemblance to their distant origins. Printers in the 21st century perform dozens of tasks including, but not limited to, printing, scanning, photocopying, faxing and even emailing documents. What most users, and even system, network and security administrators do not realize is what really goes on inside a printer and what functionality they truly have. Most users still think of the printers of 30 years ago; unintelligent devices that only possess the ability to print documents. This view is far removed from the truth.
When discussing printers in this article, we are not only talking about the behemoths you see in most large enterprises, but also your low-end multifunctional printers you now find common in regular households. Rare is it to find a printer, no matter how small, that only performs the single task of printing. Most, at a very minimum, provide faxing or scanning and with these come increased memory requirements. Scanning a full document in preparation to print, scanning a document to be saved as a PDF or similar file, or scanning a document to allow faxing all require the ability to buffer the data within the device. A buffer is basically a region of memory that allows the storing of temporary data. Printers use this buffer to store a digital version of the document you are printing, scanning or faxing. Depending on the device, this buffer can range from a small piece of Random Access Memory (RAM) to a Hard Disk Drive like the type found in your desktop or laptop computer. In larger enterprise printers, this buffer is not the only memory store found within the printer. A larger, non-volatile memory area is provided to store semi-permanent or permanent information. For example, some printers allow scanning of a document and saving it within the printer as a PDF. The user may then connect to the printer as if it were a network drive, or via a web page, and download their document. best art printers
So where are we going with all this? The leakage or theft of sensitive and confidential corporate information. Large enterprises may have developed and implemented data retention and destruction policies but rarely do these include, or even mention, printers. Companies look at hardcopies of documents, CD’s, DVD’s and workstation, laptop and server hard drives when developing their data destruction policies. While it is clear they identify hard drives as a source of sensitive information, rarely do they consider the hard drives contained within their printers, if they even know of their existence. Printers are also commonly overlooked when security policies, procedures and guidelines are developed and implemented. Little time, if any, is spent looking at printer security or the implications of not securing the corporate printers. All the more disturbing this becomes when you contemplate the common types of documents that pass through printers in a corporate environment. Depending on the industry or the department within the organization, documents can vary from sensitive financial records, personal customer data or detailed network diagrams, to name a few.