Quocirca Ties Printer Security to IoT Security

Added to IoTplaybook or last updated on: 07/19/2018
Quocirca Ties Printer Security to IoT Security

Now that the Internet of Things is trending up up up, the IoT label gets attached to areas not normally considered IoT. Look no further for evidence than analyst firm Quocirca’s Print 2025 study, which recommends securing printers like IoT devices. We asked the study’s author, Research Director Louella Fernandes, to help clarify what makes printers part of the IoT. Her lightly edited responses, sent via email from her office in the U.K., follow.

Quocirca Ties Printer Security to IoT Security
Quocirca Research Director
Louella Fernandes

IoT Playbook: Printers have been around for decades—why this shift in category?

Fernandes: Hardware is becoming commoditized, margins are pressurized, and the need for differentiation is now focused on services and software solutions. Print volumes are flat to declining in most areas, although according to our Print 2025 research there will continue to be a reliance on print for business-critical processes.

IoT Playbook: What do integrators and MSPs gain by regarding printers as IoT devices?

Fernandes: Printers should be treated as any other network endpoint. They have hard disks, memory, connectivity, and embedded software platforms. They are no longer peripheral to the IT infrastructure and are a key element for many business processes today.

IoT Playbook: Are there different attack surfaces on printers today than 10 years ago?

Fernandes: Print security has always been high on the agenda for manufacturers given the vulnerabilities around hard disks and paper documents that may be left in output trays. In addition to these vulnerabilities there are other risks around devices being a target for DDoS to access the network, or malware on devices. In today’s IoT landscape, external access to the device is more of a concern, particularly when it is used as an access point to the network.

IoT Playbook: Which printer vendors are doing the best job of securing their printers?

Fernandes: All print devices generally conform to a range of security certifications. HP has certainly taken the lead in terms of messaging and pushing its embedded security features (e.g., run-time intrusion detection), but most manufacturers today have robust security measures on their devices, and many now offer security assessment services to analyze the complete fleet for vulnerabilities.

IoT Playbook: Are there common problems with every printer today?

Fernandes: Probably the most common cause of a data breach is documents being left in the output tray (and being collected accidentally or intentionally by an unauthorized user). This can be mitigated through user authentication. Hard disks store information and data can be retrieved if Hard Disk Overwrite is not implemented within the device; for instance, at end of life.

It’s not only about printing—documents can also be scanned and emailed to the outside world. Auditing tools can track usage to address this if user authentication is employed.

IoT Playbook: How can MSPs and integrators better secure printers for their clients?

Fernandes: Work with print suppliers to offer assessment services. Most managed print service providers offer some form of audit. Some offer more sophisticated security assessment services.

While IT decision makers are typically more aware of print security risks, employees/end users may be less aware, and this requires print policies to be implemented. These can be designed and enforced through appropriate print management tools.