Name the previously ignored network device that is now at the forefront of information security? The usual suspects would be PCs, laptops, portable storage, servers, and perhaps critical pieces of infrastructure such as firewalls and email gateways, but they aren’t exactly ignored. The security industry has built its fortune securing those.
For a small but growing number of large UK organisations, the new device to fear is, believe it or not, the photocopier, and its close relative, the networked printer.
These usually reviled machines sit in every single organisation across the land, churning out documents like mini-printing presses gone haywire, with few security managers worrying much about precisely what they are printing.
Indeed, the contemporary photocopier and printer are now in some cases the same device, multi-function ‘document processing hubs’, to quote the jargon, the one bit of hardware no business can live without but would prefer to ignore as far as possible.
But where does all this A4 go once it hits the print tray, and does any of it contain sensitive data? Nobody has a clue. And can organisations control who prints certain documents and hold them accountable in any way? Highly unlikely.
Multi-function photocopier/printers generate other security problems beyond the documents they print and scan. Many of them will contain hard disks, which cache print jobs and documents on their way to the outputting bin, and some even allow users to email straight from the photocopier flatbed to email addresses outside the organisation. Paper documents can be sent straight from the devices, in other words, while their caches can be full of unencrypted information. Given that the devices themselves can be accessed remotely, the risks, however small, are real.
Worrying about such issues might look like eccentric paranoia, but the photocopier, in particular, has some previous on the information security front. In the dying days of the Soviet-backed Communist regime of Poland’s General Jaruzelski, using photocopiers was a rationed exercise, so terrified were the authorities of ‘samizdat’ clandestine magazines being run off on them. As late as themed-1980s, university photocopiers had armed guards, with access strictly controlled.
What the few companies specialising in securing photocopiers and printers like to promote is the digital equivalent of the armed guard.