Copiers_are_also_a_compliance_issue

Document Sample
Copiers_are_also_a_compliance_issue Powered By Docstoc
					Copiers are also a compliance issue
Chris Bilello, director, business development for Konica, Minolta Business Solutions U.S.A., Inc
July 18, 2007

To properly discuss security issues related to multi-function peripheral (MFPs) - devices that copy, print, scan and fax –
it’s helpful to first have some background on the underlying technology in the machines that have raised so much
concern as a possible data security risk.

Just 10 years ago, copiers used analog systems and were stand-alone devices that did one thing – made copies on paper.
The "new generation of copiers," including all those manufactured today, uses digital technology, similar to that found
in laser printers.

The older analog copiers produced a copy by scanning an image to an electrostatically charged photoconductive drum
that transferred the toner to paper to make a print. Each time a new copy was made, the drum was cleaned and the
previous image was erased.

However, in a digital copier, the scanned document is converted to a digital file and is temporarily stored in the copier
until a copy is made. The image of the document may reside in the copier until it is overwritten or deleted from the
copier memory or hard drive. Most digital copiers use a hard disk drive to store these scanned document images, the
same kind of data storage device found in a PC.

It wasn't a giant technological leap to add printing capability to a digital copier. In addition, since users have the ability
to connect a printer or copier to a PC, why not connect it to a network so everyone can share the device? Rapidly
following on the heels of printing, the ability to scan a document, store it on a copier hard drive, and send it via email
or to a file server was added. At about the same time, the ability to send and receive faxes was added and the true MFP
was born.

With millions of documents being printed, copied, scanned and faxed on MFPs, it is natural to wonder just how secure
is the data captured on the device's embedded hard drive. Adding to that possible security risk is the concern that
machines connected to an internet-accessible network are even more vulnerable to an outside attack.

With the dramatic increase in electronic transfer of sensitive and confidential information, various government-
sponsored security regulations have called into question the link between security and the integrity of technological
systems. Security technology has become critically important as various organizations and businesses use their
electronic systems to comply with government regulations. Recent laws and initiatives on this front include:

HIPAA;

Sarbanes-Oxley Act;

Gramm-Leach-Bliley Act;

Federal Information Security Management Act of 2002 (FISMA) and FDA 21;
CFR Part 11;

ISO 15408, also known as, Common Criteria Certification

In response to the increased awareness of security issues and to address such regulations, manufacturers are
recognizing the need to develop and implement security-based information technologies in MFP devices.

The Need for a Common Standard

To date, the only official security-based certification for digital office products is an international standard generally
known as the Common Criteria (CC). The official international designation for this security standard is ISO 15408.

What is ISO 15408 or "Common Criteria"

The International Common Criteria for Information Technology Security Evaluation establishes an internationally
agreed upon language for specifying security functionality, as well as an evaluation methodology to assess the strength
of security implementations embedded in various types of technology located on the network. The Common Criteria
initiative has evolved into an international standard known as ISO 15408. In the United States it is managed by the
National Information Assurance Partnership (NIAP), which is run by the National Security Agency and the National
Institute of Standards and Technology (NIST).

Common Criteria standards applicable to digital MFPs

HDD Security

The biggest concern in MFP security is that data is accessible and can be stolen from the MFP's hard disk drive (HDD),
either by accessing the MFP remotely or removing the HDD and extracting the data.

Most manufacturers now offer some form of hard drive overwrite security function that erases data stored on the
device's HDD or memory by overwriting it with a series of characters. These kits are available as options or in some
cases, come as a standard feature with most MFP models. Hard drive overwrite is performed immediately upon
completion of all copy, print, scan and fax jobs and some offer an extra level of security by providing hard drive
encryption using 128-bit Advanced Encryption Standard (AES). Another layer of security that can be added involves
the ability to lock the host MFP to HDDs using a passcode of alphanumeric characters; this means that the data is
protected, even if the drive is removed from the machine.

At the time of decommissioning, relocation or replacement of an MFP, the entire HDD can be overwritten so that all of
the data is completely removed. Any leftover image data can be overwritten up to seven times to military specifications
[such as U.S. Navy (NAVSO P-5239-26), Department of Defense (DoD 5220.22M), and Army Regulations (AR380-
19)].

RAM Security

Another major concern regarding memory is the potential vulnerability of the machine's random access memory
(RAM). The three types of RAM typically used in a digital MFP are: volatile RAM, non-volatile RAM, and flash
memory.

Volatile RAM

Volatile RAM consists of:

File memory – electronic sorting

Work memory – storing program parameters, temporary data and image conversion of controller

Fax memory – working RAM for fax
Information that is written to Volatile RAM can be temporarily held in memory while the power is on. The data held in
this type of RAM is overwritten by the next page or job being printed. Once the job is printed, the document is deleted
from RAM. If the power is turned off. The image in Volatile RAM is deleted as well. Volatile RAM is secure; if RAM
is removed after an engine is powered off all the data on that RAM chip would have already been deleted. It would be
impossible to remove the RAM while the engine power is on. The only other way to possibly extract image data would
be an indirect route or via a security hole.

Non-Volatile RAM (NV-RAM)

Typically Non-Volatile RAM would be:

Machine Counter Data

Job Settings

Utility Settings

The data written to non-volatile RAM is normally not image or document related, meaning the data is not confidential
or private. This information is not cleared when the power is turned off unlike volatile RAM. It is important to note that
when the HDD is formatted the user or account information in NV-RAM, will be deleted and set back to factory
default.

Flash Memory Stores

Typically Flash memory is used with:

Machine Firmware

Control Panel Data

Printer Resident Fonts

Copy Protect Watermarks

Flash memory is embedded on an MFP circuit board and cannot be erased. The data stored in flash memory is not
critical, confidential or private

Network Security

Any MFP connected to a network may be vulnerable to unauthorized access. Some MFPs include the following
features to prevent this:

User authentication – Requires User ID and Password.

Virus protection – Manufacturers such as Konica Minolta include an embedded, non-commercial operating system that
is not susceptible to attacks by viruses and worms.

Allow or prohibit functions by user – An advanced level of security allows or prohibits use and availability of specific
features, such as scanning, user box, copying, faxing and printing as a remote function.

Network vulnerabilities – Open ports and protocols can be opened/closed or enabled/disabled at the machine or
remotely by an administrator.
As a further safeguard against unauthorized access Konica Minolta introduced the industry's first biometric
authentication unit, in which the vein patterns of a finger are scanned, encrypted and stored and are used to distinguish
individuals.

File transmission security

Since MFPs perform various functions including network printing, scanning and fax, special steps have to be taken to
prevent unauthorized use or access. The following features may be included in MFPs on the market today:

Confidential print – A Secure Print function holds the job until released with the proper encrypted password.

Secure mailbox print stores a print job in a user box where a user ID and password must be entered for that job to be
accessed for printing, faxing or forwarding by email.

Scan/PDF encryption – Scanned files can be encrypted as a PDF file and requires the receiver to have the decryption
code to open the file.

Copy protection – A security watermark is placed on the original document as it is printed. If it is copied on any other
MFP the secure watermark will appear.

Advanced email security

Advanced fax line security

Access history

Account tracking

Audit and job logs

HIPPA and MFP Security

With the dramatic increase in the volume of protected health information in electronic form, HIPAA privacy
requirements tie together the security and integrity of technological systems and processes. Technology security has
become critically important as covered entities use their electronic systems to comply with HIPAA regulations. With
the growing popularity of connected office machines, people in the health care industry will increasingly look to MFPs
as an efficient and cost effective method of distributing, storing and receiving ePHI (electronic Patient Health
Information). Any discussion of HIPPA merits its own article, however, security measures described above for MFPs
can easily be adopted for use in the health care industry and will grow more relevant as the trend towards electronic
storage and maintenance of protected health care information continues.

For the record, the following are the HIPPA sections regarding access control and technical safeguards that apply to the
MFP:

HIPAA Security Specification, Access Control Section Technical Safeguards (Section 164.312):

(a)(1) Standard: Access control. Implement technical policies and procedures for electronic information systems that
maintain electronic protected health information to allow access only to those persons or software program that have
been granted access rights as specified in Sec. 164.308(a)(4).

(2) Implementation specifications:

( i ) Unique user identification (Required). Assign a unique name and/or number for identifying and tracking user
identity.
All MFP manufacturers do business with health care organizations and should have a statement of compliance with
HIPPA for their devices. Just ask for a copy.

Questions you should ask your dealer

Without a doubt security of information flowing through MFPs is a serious and growing issue and the potential for
identity theft is real. MFP manufacturers continue to invest a tremendous amount of engineering resources in
developing security-related features and use independent security consultants to evaluate the technology. Whether the
issue is network intrusion, data theft or compliance, manufacturers are offering security technology demanded by
internal clients and federal legislation.

You should review your entire MFP fleet to evaluate potential security holes. Ask your manufacturer to provide a
comprehensive list of security features on each machine. Older models should provide some basic security measures,
i.e. password protection, secure printing. As a minimum, newer models should have some kind of hard drive overwrite
capability. If you plan to purchase a new MFP ask for a list of security features. There is a growing trend in the industry
to certify the entire MFP system as ISO 15408, or CC, compliant. MFPs with the proper security features listed above
can be used with confidence in any application requiring the highest levels of data security.

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:4
posted:5/14/2010
language:English
pages:5