Sharp Electronics should be proud this week. They are the first printer manufacturer to be awarded certificates for full compliance with the broad range of print security evaluations, common criteria pulled together in version 1.0 of the "Protection Profile for Hardcopy Devices."
The ranges of machine to receive this certificate are the MX-2630N, MX-3050N/3550N/4050N/5050N/6050N, and the MX-3070N/3570N/4070N/5070N/6070N. To fully conform to the definitions in the standard, a firmware update may be required.
Other manufacturers have been rightly praised in consultancy reports for bringing very secure machines to market, and many of them are working to certify compliance with the same common criteria as Sharp has. Several laboratories are authorized to award these certificates, notably the USA's National Information Assurance Partnership (NIAP) and Japan's International Technology Promotion Agency (IPA). There are seven levels to attain, and Ricoh, Konica Minolta, Kyocera, HP Inc., Toshiba and Canon all have certified machines and others in testing for Evaluation Assurance Level 3+ and higher.
DataMaster Lab will shortly be releasing our own analyses of MFP security.
As usual, we take a cold look at what the technical specifications can actually deliver in the real world - and interpret these for you who are actively involved in explaining what this stuff actually means.
So you can actually tell the difference between machines - and which features will be important in which business environments.
We divide print security into three areas:
Making a user authenticate themselves at the machine means they know they are tracked. Most print-related crime will stop as a result. Requiring someone to pull their print job down at the machine will stop the theft of sensitive documents left in the output tray. Other abuses such as printing for personal use, and scanning or copying sensitive materials will not happen is the print user knows they are being tracked.
Slightly more active, more complicated and more expensive: the range of soft- and hardware measures which protect and encrypt data held on a copier and its connexions, and which actually prevent copying or printing of specified sensitive materials.
Doomsday hack scenarios: this is where the brands are competing right now. This is the high end, technically speaking - but not necessarily super expensive. Specific hardware, firmware and software on the device, coupled with alerting systems and monitoring is particularly important for printers which are isolated and/or connected to mobile users.
Just saying this again: DO NOT open up wifi on your printer And connect it to the same cabled network that your accounts department is connected to, just in case James Bond - or Christian Slater - is in the car park with his tablet.
The Protection Profile for Hardcopy Devices includes testing procedures for anti-tampering as regards firmware, but not for BIOS nor for any systems to detect intrusions in runtime environments. There is simply no way a serious standards organization can keep up with the pace of technical developments in areas such as these.
So, whilst certificates are important, realistic and recent reviews are more important.
Watch this space!
DataMaster Labs Security Evaluations are coming soon!