Issue #0609/2 - Data security vulnerability between PC and printer is plugged by printer driver toolkit specialist, Software Imaging.
While few users would ever think of the transmission of data across a network from a PC to a printer as being a vulnerability in the data security sense, Software Imaging has released a secure printing solution, PrintSec, that is designed to plug the potential leak point in the system.
TCPglobal has tackled the security issue from a number of angles, most recently focusing on the apparently appalling standard of paper security at the printer itself (Issue #0603 - "Document security – where is the document most vulnerable?"). Software Imaging highlights the fact that 50 million Americans have had their personal information exposed and in Europe, tens of thousands of individuals have had their identities stolen from insecure corporate systems. In the UK, personal information of every one of the 30,000 employees working for one of the country’s major corporations was compromised by data insecurity.
Vulnerabilities of this nature can cost organisations dearly if hit by an information theft on this scale. The problem/danger cannot be swept under the carpet.
For their part, printer manufacturers have long attempted to provide a secure printing environment through the implementation of secure printing features that either involve the user entering a PIN at the print device or swiping a magnetic or vicinity card in order to actually receive their prints. This has even led to the development of the Follow-Me solution that allows users to receive their print job in person, at any device in the organisation, simply by presenting their identity credentials to the device closest to them at the time. This solution not only offers a degree of security but also injects a degree of mobility into the system.
But Software Imaging claims that while these solutions are valuable in themselves, providing security from several kinds of threat and from the general negligence of leaving prints on the printer, they are not provide ultimate security. What they have not succeeded in addressing are the security issues involved in transmitting clear, unprotected data from PC to printer across a network that may be exposed to attack, resulting in interception of sensitive data.
PrintSec solves the problem by securing the data on its way to the printer using Private/Public key encryption, Secure Socket Layer (SSL) and HyperText Transfer Protocol (HTTPS). This is an element of the printing process that is very well-known to Software Imaging, formerly Software 2000. The company is responsible for developing the printer driver development toolkits used by most of the major printer manufacturers for the preparation of the printer drivers that we, as users, are familiar with. Software Imaging knows the printing data stream very well.
As such, Software Imaging is not a company that is necessarily well-know even to the IT professional, let alone the end user. However, Software Imaging is known to every printer manufacturer and, in this instance, it is the manufactures that comprise the customer base.
Using PrintSec, the printer driver itself secures the data within the PC even before it is presented to the network interface. The industry standard SSL and HTTPS technologies used with private and public key encryption is essentially the same as the systems used by online banking and shopping systems that we have come to rely on so much – and frankly, to trust!
It is particularly in these high-security areas that clear data transmitted from workstation to printer might be most vulnerable to interception, giving hackers access to personal and financial data. Military establishments could also be expected to be primary targets.
As well as simply protecting the data stream, PrintSec offers a high degree of flexibility to both printer manufacturer and corporate customer. While printer manufacturers are able to determine which security technologies to implement, user corporations can implement and control their own sets of keys, which can be changed as frequently as desired. Allowing corporate customers to control security to this degree will offer a high comfort factor.
Implementation can be handled in three ways to suit the needs of different customers and enterprise systems/hardware fleets. Where existing equipment needs protecting, a secure client port monitor can be distributed centrally within the enterprise, without disrupting the enterprise workflow. New printer hardware would be protected by PrintSec technology being incorporated into the new drivers. Proprietary systems can be protected by licensing PrintSec independently from the driver toolkit.
Just as Software Imaging claims that security is compromised by the lack of secure data transmission, a PrintSec secured system can be just as severely compromised by lack of security measures to protect the hard copy output itself from theft or misuse. Security has to be tackled as an end-to-end project. The cost to the organisation of not doing so could be incalculable as data theft becomes more sophisticated.
Used in conjunction with the PIN-based secure printing feature common to many workgroup printers and MFPs, PrintSec will help ensure a total-security environment for companies handling sensitive information.
~End~
