Inside Track: Print Services
11 May 2018 | 0
When you think of the places your organisation stores its data, the odds are print devices are not top of the list. But modern multi-function printers are equipped with hard disks and flash memory and routinely store data as they go about doing their print jobs.
As a result they are just as much a part of your data storage estate as anything stored in the cloud or attached to servers in a data centre. But with the recent laser focus on data protection and regulation, how have print services evolved within the context of data management to offer value in enterprise?
“When you’re sending a print job from your device and it hits the print device, it has a version sitting on the printer and that device has a hard disk in it so there is a security risk around that and a data protection implication,” said Chas Moloney, marketing director for Ricoh UK and Ireland.
“If you’re in a hospital and you’re sending patient records to a printer then that’s confidential data and it’s regulated. You have to insure that the data is encrypted and when the job is complete, you have to scrub that hard drive.”
Print services providers have to be able to minimise the risk down to almost zero of that data ever being misused or reproduced.
“If you don’t do this, then you run the risk of that device one day being thrown out into a skip with a hard disk in it that could have data on it. But data protection and the need to be compliant with regulations are a big concern for our customers.” said Moloney.
“There isn’t a client in the world now that doesn’t list security in their top three areas of concern when they’re looking to procure print services. From that perspective, it’s bigger than just data protection, it’s about making sure we fully understand the client’s business needs around the area of security.”
Moloney sees five key pillars underpinning how Ricoh engages with its clients —people, workplace, processes, technology and covering the other four, security.
“We have to be able to build not just secure technology but more critically, secure processes.”
Ricoh offers a service in which it scrubs hard disks at the end of a print device’s lifespan so that any data on them is unrecoverable. This is offered whenever print devices are being refreshed and replaced.
“Each company has a different set of needs. For example, we encrypt data anyway so for some operations that’s enough. However, sometimes hard drives need to be scrubbed and sometimes they need to be taken out of the machines and stored separately,” said Moloney.
“In the UK, we’ve worked with the Ministry of Defence for example, which insists on removing hard drives and physically destroying them. Each company is different, so we work with that.”
According to Moloney, it is important to make the point that enterprises need to think not just in terms of organisational responsibility, but also individual responsibility.
“Organisations are made up of people, and we all have to take responsibility at an individual level in order to be fully secure and compliant,” he said.
Meanwhile, it is not possible to be fully compliant with regulations without taking print services into account, according to Louella Fernandes, associate director for print services and solutions with Quocirca.
“The key area here is protecting information that resides on paper. That’s often overlooked as part of GDPR and data privacy because it’s presumed that it’s all located on hard disks but actually a lot of sensitive and confidential information resides on paper,” she said.
“With print devices, it’s also the case that sensitive information can be stored on hard disks locally or in memory and potentially accessed from the network that way. Really effective managed print services will look at protecting information throughout its lifecycle, from paper to digital bits and back again.”
Fernandes pointed out that as print devices have increased in complexity, so too has the possibility of them falling victim to security risks.
“There are a lot of security vulnerabilities on print devices today because they’ve become very sophisticated devices in their own right. Anyone concerned with data protection has to look at these as well — multi-function devices can be the weak point in an otherwise strong system,” she said.
“Print is just one element in the flow of data through an organisation, so when data starts out as an electronic document before it’s printed, it’s probably digitally protected. But when it’s printed, the organisation may not have systems in place to store it securely.”
Documents may be watermarked or encrypted before they are printed and there are tools that can mark documents as confidential and stop them being printed in the first place. But there is still a general lack of awareness of the importance of securing print.
“It is easy to overlook print services. A lot of the GDPR focus has related to general information protection and print has always been the poor relation in terms of IT infrastructure. Even though people are printing less than they were before there’s still a lot of printing going on,” said Fernandes.
“Many business critical documents are produced on print, and while it can be looked after well in large companies, often smaller companies haven’t given it the attention that perhaps they should.
Many of the technical solutions to print security — things like follow-me printing and print on demand — are expensive to implement and so not really within the reach of smaller companies. Larger enterprises tend to be more security conscious in general.
“GDPR and also the directive on security of network and information systems (NIS Directive) are having a big effect on the print services market,” said Quentyn Taylor, European director of security for Canon.
“Suddenly people are realising that those printers sitting in the corner of the office are actually processing, accumulating and holding large amounts of sensitive data. It’s also important to remember that typically, people tend not to print information that is unimportant to them.”
Taylor has a dual role as both advisor to Canon’s customers and also internal head of security for Canon. He gets to practice what he preaches as he is responsible for securing the company’s print assets at the same time as recommending what others should do.
“People are starting to realise that ignoring print security could mean being hit with significant costs. Real world attacks on print security are not uncommon — they do happen. People dispose of printers without making sure the hard disks are encrypted or removed before they go off site and from a GDPR perspective, companies are having to list their print network as a place where sensitive data is processed,” he said.
“The current generation of multifunction devices are increasingly sophisticated. They have hard disks and they store data and they need to have access controls. You can’t have a situation where you just press print and a document comes out — there needs to be accountability and traceability.”
Many companies have lots of printers scattered around their building and have introduced systems whereby a person can send a document to print on any printer on any floor of their building. That is pull printing and it brings with it convenience, but also complexity. Where there is complexity there can also be an increased risk of security weaknesses.
“I can press print on whatever device I’m using and then walk up to any printer and use my access badge, the same one I use to access the building and pay for my lunch, to have that printer dispense the document. That has a big advantage, because the system then knows that it was me standing in front of that printer when that print job was carried out,” said Taylor.
According to Taylor, awareness of the need for vigilance in print services with regard to regulation and data privacy is growing, and the most obvious catalyst is GDPR.
“Companies are starting to be more aware of these issues and increasingly they want this hassle taken off their hands. Of course, not every company is the same and they all want slightly different services but as part of our managed print service, companies want to be confident that the standard set of controls are in place and their data is secure,” he said.
“That has a commercial value to these companies. Staying fully on top of all aspects of a company’s security needs is increasingly a tall order. Many companies are choosing to outsource this rather than get involved in the virtual arms race of staying fully protected using in-house resources.”
|“Most organisations benefited from the cost reduction on average of 20%, achieved by the rationalisation of fleet and the utilisation of more modern technology, coupled with the removal of costly legacy devices”||
Ergo Matthew McCann is MPS sales director
|For organisations today, the value of print is recognised more by the need for compliance and regulation than in a genuine requirement to print. This means print can carry more value than it possibly should in today’s technology driven office environments.When managed print was introduced to the market place over 20 years ago, to which Ergo was a pioneer, printers were unmanaged and uncontrolled costs. With the introduction of Managed Print Services (MPS), this is now the exception rather than the norm. It is unusual to meet with an organisation who has not implemented at least some form of control through a level of Managed Print Services. Most organisations benefited from the cost reduction on average of 20%, achieved by the rationalisation of fleet and the utilisation of more modern technology, coupled with the removal of costly legacy devices.
Companies are becoming more aware that the savings to be achieved by implementing an MPS solution are not limited to just output and cost reductions. The leading MPS and IT providers in the market place such as Ergo are engaging with their customers to outline the additional savings that can be achieved by fully utilising the customer’s investment in technology. This in turn will increase efficiencies, compliance and productivity whilst reducing actual hardcopy output. This is becoming even more prevalent with the mandatory GDPR requirements coming into effect in one month’s time.
We believe to achieve true innovation and significant savings, it is fundamental for organisations to develop a true partnership with their provider. This should start at contract phase and, as well as ensuring that all the key requirements of a managed print solution are captured such as all-inclusive cost per copy and service performance, the contract should also contain KPI’s that ensure continuous optimisation and innovation is brought through the full term of the contract and beyond. This in turn delivers a true partnership agreement, where both parties benefit from the maximisation of investment and true value-added services.
|“Paper is inescapable. The most enthusiastic technology adopter cannot put tablets in packages for customers to read delivery slips. Hospitals still need records that can be transported between endless different environments. In many tasks the printed page is still simply the most effective answer.”||
IPS Ltd Fiona Harrison, enterprise team sales manager
|Rumblings of ‘the paperless office’ have been making the rounds for years but are, more often than not, followed by comments on the ever-increasing volume of paper. In truth, all of the rhetoric around print reduction has not been supported by market conditions to drive change. Until now.Suddenly there has been a dramatic shift in perspective. The explosion of ‘cloud’ solutions from main line providers, the late awakening to GDPR and the acceleration of business leaving many businesses at a loss as to how to integrate and leverage paper in this fast-evolving landscape.
The problem? Paper is inescapable. The most enthusiastic technology adopter cannot put tablets in packages for customers to read delivery slips. Hospitals still need records that can be transported between endless different environments. In many tasks the printed page is still simply the most effective answer.
The problem is one of diet. Just like fast food, high availability and low cost MPS has allowed organisations to gorge at the cost of their health. Decreasing costs of print and MPS have allowed businesses to flood themselves with, suddenly risky, pages.
MPS providers can now blur the lines between document creation and print. Offering customers ways to keep proven processes by switching output from pages to screens where appropriate.
At IPS focus has been on the adoption of technology so customers can control their print ‘diet’. Enabling smarter choices about when data becomes pages. Resulting benefits around reduced stored paper and the more efficient data entry bringing increased value.
Print, for the foreseeable, remains unavoidable. Modern technology and service make print a stronger proposition than ever before. What is avoidable is its misuse and the resulting risk and cost.