Plugging the MFP security gap

Responding to an IT security breach undoubtedly ranks among a CIO’s worst nightmares. The thought of your company’s lost customer or financial data making the headlines is enough to disturb anyone’s sleep. This is why more organizations are turning to CIOs and CSOs for answers on why these failures occur and, more importantly, how to prevent them.

Industry experts agree that the level and extent of security threats today are on the rise. A report commissioned by McAfee (July 2005) states that cybercrime cost organizations US$400 billion in 2004, with 2,000 new threats emerging each month compared to 300 threats two years prior to that. It’s no surprise to see businesses stepping up their efforts to secure their networks. An ounce of prevention can mean an invaluable amount of cure.

When developing IT security plans, however, many companies can easily overlook one piece of equipment – the multifunction printing (MFP) device. A common fixture in many office environments, MFPs can print, copy, scan and fax documents. While these all-in-one devices increase productivity by being connected to the network, their connectivity is precisely what makes them potentially vulnerable to attack. Nonetheless, securing MFPs is simple once it’s understood where to focus efforts.

Here are the five areas where documents generated by MFPs are most at risk:

1. From the desktop: A file can be seized en route from the desktop to the server and used either in its existing form or modified and even exploited externally.

2. At the server: Jobs sent to the MFP for printing typically sit unprotected on the server queue. At this stage, an internal hacker can pause the printing queue, copy a file, and restart the queue without noticeably disrupting the system.

3. Between the server and the MFP: This is another point where documents are travelling unprotected – while on the way to the MFP device, information is fully exposed to anyone who can tap into the network.

4. On the MFP: All information sent to the MFP is stored in the device’s hard drive. MFP hard drives can typically store about as much information as a PC hard drive.

5. Left in the output tray: In most office environments, it is common to pick up printed materials that belong to a co-worker. There are also cases when printed documents are left or forgotten at the printer, leaving information open and available to anyone with access to the machine.

Based on these potential points of access, it is important to evaluate your current MFP solution to determine how to incorporate these devices into your security strategy. Consider the following when evaluating your current MFP environment:

What security features does the MFP offer? There are several ways to increase security levels at each stage of printing a document. MFPs that include 128bit SSL (Secure Sockets Layer) encryption, for instance, provide added security as encrypted documents cannot easily be deciphered. Some MFPs provide the ability to program the device with Media Access Control (MAC) addresses or IP filtering so that the device will only communicate with recognized computers specified by the IT department. Any other computer attempting to communicate with the MFP would be refused access.

What options are available for securing the hard drive? While all information sent to the MFP is stored in the hard drive, contrary to popular belief, this is actually the most difficult point on the MFP from which to access information. If additional protection is required, some MFPs offer data encryption on the hard drive or a removable hard drive option. Others include a feature that allows users to replace sensitive material on the hard drive with random data, ensuring it cannot be accessed by others.

How can the output tray be secured? Some devices provide secure mailboxes on the MFP hard drive for each employee. With this feature, only authorized users that have a secure password can print material.

It’s clear that cyber-criminals are continually finding new ways to try to penetrate corporate IT systems and expose security flaws. Now, more than ever, businesses need to demonstrate a detailed commitment to ensuring the security and privacy of information related to its customers and employees. The alternative is far too scary.

QuickLink: 066068

–Mason Olds is Vice President and General Manager, Imaging Systems Group, Canon Canada Inc. For more information visit

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Featured Reads