Security: Cutting-Edge MFPs For Maximum Protection
In 2021, 54% of French companies suffered at least one cyberattack, according to the corporate cybersecurity barometer published by Cousin, an association of information systems security managers. The most widespread attack vectors concern phishing and the exploitation of security vulnerabilities (software vulnerability, configuration fault, etc.).
Faced with the resurgence of these cyberattacks, companies need, more than ever, to protect all the elements likely to serve as points of entry. In particular, all the workstation components, including printing systems, are very common in organizations. These are now real computers equipped with an operating system, hard disks, and software (for example, to digitize, store, access networks, control access, manage print flows, etc.).
The security of devices, whatever they are, supposes to take into account:
- The physical security of the equipment to guarantee its availability.
- Logical security (operating system, micro-code, software, etc.).
- Access control to the printer and its functions.
- The security of connections to the information system and networks (cloud).
Any security policy is based on four essential principles: availability, integrity, confidentiality, and traceability. How do these security principles apply to multifunction printers to eliminate vulnerabilities, risks of intrusion, and malicious access?
Encrypt Data, Detect Threats, Control Access
Three elements should be combined to meet the basic security needs (availability, integrity, confidentiality, and traceability): robust encryption mechanisms, malware detection, eradication tools, and rigorous access control management principles. The new generations of multifunction printers offer these essential features to ensure peace of mind for businesses and their print fleet administration teams.
Encryption At The Heart Of The Machines
The security protocol TPM ( Trusted Platform Module ), which equips, in its highest version (2.0), all e-BRIDGE Next 2022 models, protects the data stored in the MFP by encryption and keeps the credentials of users authorized to read/write/modify data.
It should be noted that this protocol and other security measures integrated into MFPs enabled Toshiba to obtain the HCD-PP (Hard Copy Device – Protection Profile) certification, dedicated to devices storing and transferring data and issued by the American and Japanese governments.
Don’t Allow Anything Except
Against cyber-attacks, an anti-malware device blocks any intrusion of malicious software via the multifunction system to protect the network to which it is connected and the data stored in the MFP. Security is enhanced by the White List principle: only programs identified during configuration/installation are authorized.
Even malicious software that has successfully thwarted the vigilance of a firewall would be rejected since it would not be on the allowlist! This principle is much more effective in guaranteeing security than a blocklist approach, where everything is authorized except software identified as malicious. It always takes work to establish an exhaustive inventory.
Segment IP Addresses To Secure Different Uses
This maximum security is essential since multifunction printers are popular with various categories of users. This is particularly the case in companies that use external resources (e.g., consultants, trainees, etc.) or organizations or public authorities that provide self-service multifunction printers.
How can you be sure that security is ensured in a potentially risky context? The solution uses a second IP address: thus, the same MFP can be operational on two distinct and isolated networks (one is private for employees, and the other is public). The advantage of this approach is that it is possible to prohibit, on the second network, the use of functions such as scanning, document transfers by email, or communications with a cloud solution.
Always keep in mind the five safety assumptions:
- Every system has at least one flaw.
- Every flaw is likely to be discovered.
- If a flaw is likely to be discovered, it will be sooner or later.
- Anyone who has access to this flaw will be tempted to use it.
- If the risks are low, this flaw will be exploited.
The first assumption becomes ineffective by securing MFPs with the proper state-of-the-art security protocols, high-performance anti-malware, and strict IP address segmentation: we bet that hackers will quickly pass their way against robust and impenetrable…