MCPc Blog

Secure Print 101

People take printing for granted. The fact is, however, that printing is complex, and as MFPs move more toward computing devices, ensuring the security of your print environment is critical. Networked printers, when not secured and managed properly, may be vulnerable to hacking attacks, as recent industry headlines warn.

How can you avoid print security risks in your IT environment? Here, we outline standard MFP security options, as well as some examples of highly secure printing capabilities used in regulated industries.

Basic Printing Security

Most printers and MFPs today have built-in PIN security, requiring a user to click “print,” enter a PIN code, walk over to the printer and enter the PIN again to release the job. At the least, we recommend that organizations enable this level of print security.

In addition to helping with security, this functionality is also a great driver (pun intended) for printer consolidation. Users that print confidential documents may otherwise require their own printers, but with PIN security they can print to faster, more cost-effective, shared printers without risking confidentiality.

However, out-of-the box secure print stops there. Going beyond PIN functionality, there are several options to achieve more secure print processes and management.

The Secure Print Hierarchy 

Listed below are a few considerations, ordered from least to most expensive. As is often the case, a higher price typically means the technology is more user friendly.

• Secure-Print Applications: Server software is available to enable a tracking layer on top of PIN security, which lets IT securely track print transactions by user and see who is printing what. This insight can also help to save printing costs by understanding where printers can be consolidated, even across departments, as user tracking can help split costs for one machine if needed. In addition, some settings can require user authentication prior to printing, to ensure that only authorized users have access to printing devices.
• Contact-Based Security: Thumbprint readers and ID badge scanners only release print jobs with physical contact and approval, bringing users to the machine to release and remove print jobs at once. These options are more user friendly than PIN functionality as only one extra step is needed—scan thumbprint or badge—versus having to enter a PIN twice. Contact-based options give employees mobility without needing a mobile device, as they can print to the nearest machine. This also allows for mobility between locations. For example, executives that travel from one office to another can simply scan their employee ID badges to print at any company location without having to log on, identify the proper network, and connect to print drivers. 
• QR Code Reader: Using quick-response (QR) codes is another way to manage and secure print jobs, by which employees scan the printer code using a reader on their mobile devices to release print jobs. Part of the additional cost for this solution is the cost of smart devices for each employee, as well as the QR software and security behind it.

 

Secure Printing in Regulated Industries: Finance & Healthcare

In highly regulated industries, like finance or healthcare, print security is critical to business compliance and success. Following are some examples of what’s possible on the high end of secure print. If your organization needs higher levels of print security, you may be able to take some lessons from these markets.

Finance: Check Printing

Custom printer features and physical security are used to keep check stock safe, and ensure the validity of printed checks. Troy Group’s secure check printers for HP and other industry players offer the following security enablers for check printers:

• Locking paper trays
• Sensors inside a printer that can identify MICR toner
• Watermarking capabilities
• Secured executive signature files

Healthcare: Prescriptions

As abuse of prescription drugs continues to rise, it becomes all the more important for healthcare systems to secure their printers, and for pharmacies to ensure the validity of printed prescriptions. Pre-printed prescriptions have very distict requirements, which are enabled by industry-specific printers.

• Watermarks or pantographs
• Edge borders with text that can be read only under strong magnification
• Instructions for pharmacists on what to look for to ensure prescription validity

Your Thoughts?

How have you achieved secure print in your organization? If not, what challenges have you encountered along the way?

For more secure printing tips, see 7 Ways to Protect Your Printers, from PC World.

 

Jeffrey Goldstein is Senior Consultant at MCPc and is responsible for the delivery of hardcopy and value-added services within the Lifecycle Management Group. Connect with Jeff on LinkedIn.

 

Stay Connected with MCPc: Subscribe to the blog; follow us on Twitter, Facebook or LinkedIn.

 

image credit: fabricedenola

Building Blocks for Mobile Device Management (MDM): Mobile Use Policy

Your organization is going mobile (or likely, it already has). To ensure that you have the right mobile device management (MDM) processes in place, the first step is to review—or develop—your organization’s mobile use policy.

Corporate Mobile Use Policy Considerations

Start with the basics, and think about where your organization and employees are headed.

State and Local Jurisdiction

Do your state or local jurisdictions uphold texting restrictions, or other laws against mobile device usage while driving? If so, your organization may be held liable if an employee on a company device causes an accident or receives a ticket for a traffic infringement.

Know your local laws, incorporate them into your mobile use policy, and go the extra step to educate employees about rules and ramifications.

Industry Regulations

The same industry regulations that apply to current IT processes and data also apply to mobile. Develop mobile-specific policies to keep devices (and the data stored/accessed on them) in line with relevant regulations, such as:

• Family Educational Rights and Privacy Act (FERPA)
• Payment Card Industry Data Security Standards (PCI DSS)
• Health Insurance Portability and Accountability Act (HIPAA)

Consistency Across Corporate Devices

Are mobile policies similar or in conflict with how users leverage other devices in the ecosystem? Often there are more regulations on mobile devices than laptops, and introducing mobile policies can be a good time to introduce other changes in the system's environment, making all device policies tougher. In the end, consistency is the best practice.

When possible, keep applications consistent, even across devices. Some MDM software allows organizations to publish a custom enterprise App Stores with recommended software, giving employees easy access to preferred tools.

BYOD

More employees are bringing their own devices into the workplace, and expecting seamless usage. Be sure to consider the following BYOD-related questions within your mobile use policy:

• Who owns the phone number that goes along with an employee-owned device? Some software allows organizations to place virtual phone numbers on mobile devices, enabling separate environments to avoid such issues.
• What is your organization is willing to pay? Consider the device, data plan, voice plan, software upgrades, device replacements, help desk and more.
• As these devices become mission-critical? Does your organization have a back-up plan in place to restore lost, broken or stolen devices?
• What standards are in place for employee-owned devices, software and applications accessing the corporate network?

Set Standards, But Be Ready to Adapt

Identify smartphone, tablet and laptop standards across your organization, including apps and operating systems.

Continual technology and device updates make it more important than ever to continually revisit your mobile use policy. The space changes quickly—it's not like Windows where you can set policies then forget them.

OS Updates

Your IT department needs to understand not only the capabilities and limitations of each OS, but also differences introduced in new versions. Updates for Android and iOS seem to be introduced every six months or so, and with them, so must your use policy be revised.

For example, when Apple introduced iOS5, it introduced the capability to backup to iCloud. Did your team react with an updated mobile use policy to keep corporate data secure?

Enlist a committee dedicated to keeping pace with the quickly changing mobile environment, and any changes that will impact your organization’s mobile use policy. Group IT managers with leaders from HR, legal and the executive team for a holistic perspective.

Help Desk Support

With your mobile use policy, clearly define what your help desk is willing to support and trained to support, including devices, connectivity, applications and more. You don't want to run a free-for-all support model with 250 different applications for your team to support and maintain.

Your Thoughts?

What challenges have you run into when updating your organization’s mobile use policy? What changes have you made recently, and how have employees responded?

Ira Grossman, VP, Personal Systems Group, has more than 15 years of technology project management experience and is an expert in lifecycle management and mobile device management for the enterprise. Connect with Ira on LinkedIn.

 

Stay Connected with MCPc: Subscribe to the blog; follow us on Twitter, Facebook or LinkedIn.

 

image credit: mauritsonline

I Cheated on My iPad

I love my iPad. It goes everywhere with me. Sees me through everything. Client presentations, email, calendar, client proposals, movies, music, photos, virtual desktop, functions as my phone—you name it. In fact, as my previous blog posts have outlined, my iPad replaced my laptop. But I just felt that there was something else out there. And boy was I right!

The Tension Builds…

It started innocently enough.

An email or text here and there announcing her presence to me. Some with a flirtatious undertone, just teasing me of what was to come. I had seen her once or twice at demos, and man, was she sexy.

Then it happened: We met in person.

She was sleek and new. Smaller than my iPad. Enchanting. Pure enterprise grade. The Cisco Cius!

Yes, I have been cheating on my iPad with the Cius.

Cisco Cius: Background and Basics

The Cius was announced in June 2010, and recently hit the market. I’ve had mine for about four weeks now.

Has it fully replaced my iPad? No. But it has become an amazing secondary device, and  there are several features that have the potential to make it a serious competitor to the iPad:

• Seamless integration to the Cisco Collaboration suite—Jabber, video, presence, WebE, and Quad.
• A docking station that contains USB and HDMI ports.
• A micro SD card slot.
• Built-in micro USB and micro HDMI ports.
• The ability to connect a mouse and keyboard.
• Cisco Telepresence and endpoint interoperability.
• Cisco Communications Manager serves as the Mobile Device Management (MDM) platform.

The Bottom Line: iPad vs. Cius 

For the first generation of the device, the Cius isn’t bad. I love the Cisco Telepresence integration, USB ports, and ability to use Communications Manager as the MDM.

If your organization has invested heavily in the Cisco ecosystem (voice, collaboration, video) and you’re considering a thin client for VDI deployment, then the Cius warrants a look. Or, if you’re considering purchasing the Cisco 9971 video phone, I would strongly consider the Cius instead.

However, do not kid yourself that the Cius is the iPad. In my opinion, Android is inferior to IOS as a mobile operating system.

In terms of pure tablet functionality in the post-PC world, the iPad trumps the Cius. Cisco is quick to point out, however, that the Cius is not intended to compete directly with the iPad. The Cius is a pure enterprise play, not a consumer play. It’s a video endpoint that also brings the benefits of enhanced security and VDI to the table.

So where will I end up? I believe that I will find a way to have the iPad and Cius coexist. Because at this point, I can’t live without either of them!

Do you have any questions about the Cius, and how it compares to the iPad? Fire away in the comments below.

 

Darin Haines is Group President of MCPc's Advanced Technology Group, focusing on solution delivery, and has over 16 years of experience in leading the technology function in mid-sized and enterprise-level organizations. Connect with Darin on LinkedIn.

 

Stay Connected with MCPc: Subscribe to the blog; follow us on Twitter, Facebook or LinkedIn.

How To: Plan for Cloud Security

Whether choosing a public cloud provider or setting up your own private cloud on premise, cloud technology will be as safe and secure as it’s designed to be. When outsourcing to a public cloud offering, ask yourself: “Will my provider give my data, security, access and overall environment the same due diligence that we would onsite?”

This post outlines considerations when planning your secure, cloud-based IT environment.

Stepping Stones toward a Secure Cloud

Chief security officers (CSOs) and organizations should not accept that policy alone will govern the security of their data—the only possible way to guarantee the security of your data is to practice defense in depth security yourself. Inspect what you expect.

How well secured will your moving and at-rest data be in the cloud? Multifactor authentication and a recurring review process for data access, security and penetration testing are good practices to follow for the most secure IT environment, regardless of whether the data is in the cloud or not.

Whether private or public, the following are three recommendations to consider to ensure your cloud is secure, including steps before and after cloud implementation.

Pre-Cloud:

Start planning by positioning yourself as your organization’s ‘legal team.’

Ensure that your organization and its providers have clearly defined contracts in place for existing and moving data. When hosting in a shared environment, know in writing:

• How will data be replicated? Destroyed?
• Where data will be stored? Do global locations fall outside jurisdiction or within the lines of politically unstable countries?
• How will the data be encrypted at rest? In motion?
• Who has access to your cloud and data? Who should have access?
• How frequently is the list of authorized cloud users being revised, and how frequently are requirements tested?
• What sort of penetration testing is in place, and how frequent is testing performed?
• What are the SLA’s for uptime, data loss, data theft?

Once you’ve gathered this information, review with your organization’s legal team to make sure the contract and service-level agreements (SLAs) are complete and in accordance with compliance requirements.

I strongly advise clients to consider what SLAs should look like in case of a breach, and what actions should be in place. Let’s look at the case where your organization’s master customer database is stored within a cloud solution: If, due to an error by the cloud provider, the data becomes available to competitors, does the SLA cover the leak? What if the situation is due to a flaw in the underlying operating system and is not the result of cloud provider negligence?

The security conversation you’ll need to have with potential providers is not as much about availability and whether you can access data, but more about the impact and action plans in place for potential theft or data loss. Availability is assumed… the SLA’s to govern that are readily available.

Remember that until any legislation is updated to specifically address the cloud, meeting industry compliance requirements like HIPPA, SOX and PCI is your responsibility—not your provider’s.

Post-Cloud:

• Re-analyze your security posture—both as it relates to your organization alone and now, with a cloud provider. Does the provider amplify security assets, or are there holes in security planning?
• Conduct your own internal security audits and penetration testing. Try to hack your cloud, or pay experts to do it.

There’s much more you can do to ensure your organization is securely moving to the cloud. Read on for information on the MCPc approach—Walk your way into the cloud.

Your Thoughts?

What challenges have you faced with finding security in the cloud? How have you overcome the more common obstacles?

 

Andy Jones is Senior Vice President of Sales. He has more than 15 years of IT industry experience, and is an expert on cloud, virtualization and managed services solutions. Connect with Andy on LinkedIn.

 

Stay Connected with MCPc: Subscribe to the blog; follow us on Twitter, Facebook or LinkedIn. 

Image credit: febelix

December Roundup: Top IT Industry Articles

Each month our team sifts through tons of technology-related articles to compile highlights into a monthly recap for our readers. December’s top stories include a range of hot topics, such as: consumerization and the cloud, IT staffing, BYOD, and application security.

Consumerization and the Cloud

Was 2011 the year that cloud computing shook your data center? Eric Knorr (@EricKnorr) argues that it was in his InfoWorld article (requires registration).

"We're at the beginning of a very long ascent skyward, with many convoluted twists and turns along the way … Ultimately, IT's mission is to deliver applications -- either bought or built for the business.”

Gartner follows the move to the cloud in its 2012 IT predictions, and Jon Stokes’ (@jonstokes) Wired article, Gartner: 2012 Will Be the Year of Apocalyptic Reckoning for CIOs, lays out just how the move to the cloud and more consumerized IT affects business operations, processes and overall IT spending.

Speaking of consumerization, InfoWorld’s Galen Gruman (@MobileGalen) lists technology consumers have (or should have) a handle on in his article, Hands Off, IT: 5 Key Technologies Users Must Own. He argues that for IT to provide the best support to its environment, it must understand and accommodate employee control of more personal, accessible, front-end technologies, such as:

• Mobile devices
• Cloud computing services
• Social technology
• Exploratory analytics
• Specialty applications

To let end users take advantage of the above technologies, says Gruman, Forrester suggests IT shifts focus to overarching, back-end technologies, like collaboration software, file syncing, technology as a service, mobile device management (MDM) and more.

Organization Update: IT Staffing in 2012

Can You Keep Your IT Staff in 2012? According to the Network World article by Carolyn Duffy Marsan (@techoptimist), IT staff retention is poised to be a top CIO challenge in 2012, fueled by the following.

• Corporate IT hiring is on the rise, tempting current IT staff with new opportunities.
• Younger IT professionals change jobs more frequently, often with less than two years in the same position.
• Retiring baby boomers, a trend that will continue over the next couple decades.

Bill Snyder (@BSnyderSF) brings up another potential cause for the staffing challenge: while IT employment is on the rise, certified IT jobs are paying less—they’ve reached a 12-year low.

BYOD

As employees increasingly use personal devices for business purposes, the need for complete organizational network and endpoint security becomes more evident.

Ellen Messmer’s (@ellenmessmer) Network World article, Security Minefield: BYOD Will Bedevil IT Security in 2012, calls 2012 the year when IT managers “will be forced to come to grips with the security consequences of their own decisions to virtualize their networks.” Messmer lists data-loss prevention, encryption, and continual security vendor assessment as security controls to consider when assessing IT security.

For additional solutions to manage mobile devices and back-end BYOD technology in your environment, check out the following Information Week articles:

• What Virtualization Can Do for Your Smartphone
• Citrix Receiver: One Answer to BYOD

BYOD food for thought: Many consider mobile device management (MDM) and BYOD to be interchangeable, but in his Tech Target article, Jack Madden (@jackmadden) differentiates MDM and BYOD with the equation “MDM + employees paying for their own phones ≠ BYOD.” While some of the argument may be semantics, it’s still a good point that fuels discussion around BYOD policies, and should be clarified for staff and management.

Security Spotlight: Applications

Wired’s Threat Level reports: 8 out of 10 software applications fail to meet a security assessment, according to a State of Software Security report by Veracode. Enterprise desktop, web and mobile applications with loopholes and flaws are a hacker’s haven in gaining access to your corporate environment. Ensure flaws like cross-site scripting or SQL injection are tested for, and not present on enterprise apps before they’re white-listed for your end users.

Your Turn

What were some of your favorite IT reads from December? What topics are top-of-mind that you’d like to see featured in future monthly roundups? Please share your thoughts in the comments below.

 

This post is an MCPc blogging team collaboration.

Stay Connected with MCPc: Subscribe to the blog; follow us on Twitter, Facebook or LinkedIn.