HP Tightens Security on Printers, Document Management

By Pedro Hernandez
printer security

Once a lowly office workhorse, the printer is fast becoming a hacker's best friend. To close that often-overlooked gap in network security, HP has revamped its approach to enterprise printing and document management.

Like PCs and servers, printers make a tempting target for hackers, according to Michael Howard, worldwide security practice lead for HP LaserJet and Enterprise Solutions. Outfitted with network connectivity, on-board storage and built-in software, multi-function printers (MFPs) can act as a trove of sensitive information for hackers as well as a launch pad for attacks on other devices on a network.

"These are not your parent's printers," said Howard during a Sept. 4 press event in New York. And that's a problem for IT managers whose hands are already full securing databases, application servers and end-user devices.

For a handle on the scope of the challenge, Edmund Wingate, vice president and general manager of JetAdvantage, HP's new secure document and workflow printing brand, revealed that businesses have deployed 200 million of his company's LaserJet printers to date. As to why printer security has become a priority for his group, "it's increasingly where our clients are telling us where we need to focus," he said.

HP has already taken steps to lock down its enterprise MFPs. Current products ship with encrypted drives, said Howard. And the company is selling kits that extend the same protection to older printers.

To complement the secure drives, the company has released a new suite of secure printing solutions, including version 2.1 of its Imaging and Printing Security Center (IPSC) platform. The software "allows IT managers to really actively and proactively manage the security posture of their printing environment," said Wingate.

The product provides automated identity certificate deployment and updating to ensure that only authorized users are allowed access to HP printers. A policy editor enables administrators to fine-tune their print environments and ensure compliance. Allowing that printer security is a "relatively new space" for the company's customers, according to Wingate, HP also launched a suite of Printing Security Advisory Services to help them get up to speed on safeguarding their document management and workflow systems.

Stressing that printers "need to be secured in the same way as PCs," Wingate announced that ArcSight, HP's enterprise security management platform, now features integrated support for the company's FutureSmart printers and multifunction devices.

To boost business and regulatory compliance efforts, HP is leveraging its Autonomy Information Governance tools for the company's new Secure Content Management and Monitoring product. The offering monitors and audits print jobs, scans, faxes and copies to ensure that sensitive documents and records are being safely traded and handled. Serving as an early detection system, administrators are alerted if sensitive data, like patient records or personally identifiable customer information, is being improperly managed, reducing the risk of document-based security breaches.

New JetAdvantage Pull Print functionality stores print jobs on the cloud using AES 256-bit encryption. Only authorized users can fetch printouts once they authenticate and claim that job at the printer, avoiding the possibility that unattended documents are misplaced or stolen.

The company also announced the LaserJet M630 series of office printers, built from the start to integrate with the secure JetAdvantage printing and document management ecosystem. M630 printers offer 200 embedded security features and support HP's Trusted Platform Module, a tamper-proof hardware accessory that protects security keys, passwords and certificates.

This article was originally published on 2014-09-04