As organizations increasingly look to batten down the hatches when it comes to securing their laptops, smartphones and tablets, an area often overlooked is printer security.
Yet, over 70% of organizations have experienced a print-related data breach and over 75% indicated that print is critical or important to their business activities, according to print research and advisory firm Quocirca.
More and more frequently, organizations are transitioning to using multifunction products (MFPs) because of convenience and improved productivity, but if left unmanaged, MFPs also create a security risk, said Louella Fernandes, associate director, Print Services and Solutions at Quocirca.
"The top concern around print security is the need to control confidential or sensitive information printed to shared printers,'' Fernandes said. "Notably, organizations using a managed print service [MPS] are most concerned, rating this on average 4.1 out of 5 compared to 3.1 for non-MPS users."
Cost remains a primary driver for adopting a managed print service, but organizations say security is an important factor, too, according to Quocirca's 2016 "Managed Print Services Landscape" report. Eighty-one percent of respondents indicated that security was an important or very important driver, an increase from 75% in 2015. "The need for secure print solutions and services is heightened given the fact that 61% of organizations reported at least a single print-related data breach in the past year," the report noted.
Understanding printer security threats
Brendan Morsesenior research analyst, InfoTrends
There are a variety of risks associated with unsecured multifunction products and printers. "While printed pages retrieved by the wrong person or forgotten at the device is a very serious security issue found in many businesses, there are many threats many businesses do not give anywhere enough attention to," said Brendan Morse, a senior research analyst specializing in managed services and document software at InfoTrends, a market research firm for the digital imaging and document technology industry.
MFPs and regular printers are end points on the network that frequently handle and store significant amounts of sensitive business content, Morse said. These devices frequently have access to the internet, apps, email, enterprise content management systems and cloud-based document repositories. "Thus, any internal and intrusion risk applies to [MFPs] and printers. Given today's landscape, this means the threats are constant and wide-ranging."
Printers are a vulnerable network endpoint, like any network-connected endpoint, concurred Cindy Dwyer, worldwide print security marketing, at HP Inc. "With the perimeter weakening, devices behind the firewall are becoming at risk for cybercrime. IT managers inherently know this but perceive that a printer hack would be fairly benign or simply malicious -- such as being able to push a print-out without authorization or 'take a printer down.'" In reality, she said, printers can be a source to exfiltrate company and customer data or acquire user credentials to gain further access to the network.
With the exception of the financial industry, most businesses do not fully appreciate the magnitude of the threats they face from their print environment, Morse said. "For example, InfoTrends research indicates that 95% of financial services firms say security is an important buying factor for MFPs and printers. But this number drops significantly in other industries and in smaller organizations."
How MPS providers can help
Keeping up with the threat landscape is a headache for many organizations, but Morse said the good news is there is a relatively mature set of software and services offerings that are sufficient for most businesses. Managed print services providers are renewing their focus in this area because of these advantages, he said.
A managed security services offering would be a differentiator for a channel partner, he said. "Today, security services around MPS, especially in the channel, come in the form of professional services. … This sort of offering would help channels better compete with the OEM (original equipment manufacturer) direct MPS providers, as well."
OEMs regularly release patches for newly-discovered printer security threats, which is something MPS providers stay on top of, said Joshua Justice, president of Southern Solutions, a solution provider and Xerox partner based in La Plata, Md. "Customers who do not update the firmware in their devices do not have the protection against these threats, thereby exposing their network to intrusion and harm,'' he said.
Providing printer security updates is part of the reason Southern Solutions developed an app called Firmware Connect, which provides automatic firmware updates for Xerox multifunction copiers and printers. "Customers have embraced this app and the idea of always having the latest security updates in the products connected to their network,'' he said. Some 162 Xerox partners in the U.S. have begun installing the app for their customers, he added.
Among the security services that HP offers are malware and virus protection and printer configuration and access. "Authentication management and password theft are some of the biggest IT security issues and often overlooked on printers,'' Dwyer said.
The MPS market is fairly mature and price-based competition is going to be especially hard on margins for channel partners, Morse said. However, providers that focus on security "can shift the conversation from that of price to that of solving a real customer problem."
Read tips for building out your MPS business
Report: SMBs look to digitize paper-driven processes
Learn about offering security awareness training