01732 759725 44 VOX POP continued... certified almost without exception in accordance with the Common Criteria ISO 15408 framework. These are the only internationally recognised standards for IT security testing for digital office products. Printers, copiers, and software compliant with Common Criteria certification have all passed a strict security evaluation and are able to satisfy and deliver the kind of security levels that a prudent business operation seeks. Independent validation is vital in proving our print solutions deliver the full security they promise and is certainly a key differentiator in the market. If a business or organisation has invested in securing its systems, it must be able to rely upon, trust, and prove this throughout the process, and therefore cannot risk buying a print solution which does not maintain these standards. Not only is this essential for compliance and quality, but also for its own peace of mind that it won’t fall foul of data leaks or thefts, which can have serious financial implications, not to mention causing significant reputational damage. Whilst manufacturers are ensuring security is built into hardware and software there is also a growing requirement to further prove this from the most risk averse and security conscious of customers. Full penetration testing is a growing requirement for a small number of customers, but this number is growing (particularly in the public sector) and print manufacturers must be able to offer these services, delivered by third-party security firms, when the need arises. Richard Hall: We believe it is integral to acquire independent validation as a benchmark for other organisations to be able to recognise our commitment to security. At the device level, our devices conform to industry-recognised standards from EAL-2 Common Criteria [15408], SIEM, S/MIME, SCEP, TPM and more. Under the California IoT Security Act SB 327 the default admin credentials for our products have been modified to use the device’s serial number as the password; this reduces the risk of anyone accessing the device should they penetrate the customer’s network. Our cloud-based solutions, such as cloud print and scan, and our document management solution are certified to ISO 27001 level. Arjan Paulussen: Lexmark is ISO / IEC 27001 validated for its Information Security Management System. Thirdparty validations are essential to us at Lexmark as it assures customers that security capabilities protect the device as claimed. In addition, thirdparty validation certainly provides customers with confidence that Lexmark devices and networks comply with the highest standards to ensure their print environment is as secure as possible. PrintIT Reseller: How have you adapted your security risk and assessment services offering to help customers keep on top of the print security challenge in a world where BYOD and home printer usage is the norm rather than the exception, and zero trust is fast becoming the de facto standard? Jon Palin: When auditing clients’ needs, and recommending solutions, we now include discussing the security of their printing infrastructure and network as a priority. This helps us find out more about their network and IT support, enabling us to see if this is another service that we can provide for them, via the IT division of our company. This regularly involves discussing all network security aspects from security of devices on the network, to awareness of spoof/fraudulent emails as a way of accessing the network and company data. We are very aware of ensuring we are in line with GDPR so we evaluate the appropriate level of security we need to put in place and the basic technical controls we can use, such as those within the framework of Cyber Essentials +. Mark Bailey: In the SME marketplace, BYOD hasn’t yet caught on hugely either that or it isn’t that popular. In fact, most businesses prefer employees to use the company equipment, where it’s securely locked down. If an employee offboards the process it’s often so much simpler. Where businesses are interested in BYOD we have used Microsoft Azure services such as Intune and EndPoint Manager to achieve and implement a BYOD policy. In an educational environment I can see how BYOD is beneficial. However, for the vast majority of SMEs we are yet to see real BYOD benefits against deploying the company hardware. Andy Ratcliffe: Where we have developed and implemented print security policies into our customers' sites, we have also performed user awareness training so that users understand why policies are in place. By operating this way, users feel supported and will not be inclined to work around data security while still remaining productive. Martin Randall: In recent years we have seen exponential growth in clients adopting a cloud first strategy. This has challenged our industry to rethink the products and services we offer, the traditional on-premise solutions of past decades are quite often no longer fit for purpose. To that end, Vision has built a portfolio of products from market leading vendors that align with our clients’ cloud and security strategies. By embracing a cloud first approach ourselves, we can provide the traditional on-premise security functions and services of output, capture and workflow automation to a growing dynamic workforce, whether that be a zero trust network architecture or indeed someone working from their home office. Kerry Rush: Sharp has always offered print security assessments for our customers however our professional services team now also consider working environments outside of the traditional office landscape. We have the in-house knowledge and expertise to provide our customers with the advice and services that meet the needs of an ever-changing working environment. Full penetration testing is a growing requirement for a small number of customers, but this number is growing (particularly in the public sector) Richard Hall
RkJQdWJsaXNoZXIy NDUxNDM=