HP Inc. Ups the Stakes When It Comes to Printer Security

by Amy Weiss | 3/7/16

Once upon a time, printers were printers and very little more. They sat on people’s desks, they connected to a computer, and they printed. Those days, however, are for the most part long gone. While standalone printers exist, forces such as print and document management programs, the smart MFP and the Internet of Things have combined to ensure that today’s workplace print devices are connected, networked, and accessible to workers in various areas inside and outside the office, from both desktop and mobile devices.

 For the most part, this is a good thing. It’s efficient and reduces costs. It also allows for the enhanced workflows increasingly desired and required by today’s businesses — a networked MFP can serve as both an output and an input device, allowing documents to be scanned and routed through ECM systems, making it a critical part of an organization’s workflow. However, as any good network engineer will tell you, the network is only as secure as its weakest device, and smart printers and MFPs have indeed become network devices. We saw this vulnerability come to the forefront in 2014 when the Heartbleed bug exposed a vulnerability in the Open SSL software and several MFPs appeared on the list of affected devices.

On March 8, among a slew of new hardware and product offerings, HP Inc. rolled out something that addresses this new world of hardware: Secure Managed Print Services. The service recognizes that, for the most part, today’s printers look a lot like PCs — they have hard drives, software and firmware, and are network- and Internet-connected. In other words, they’re just as vulnerable to security breaches as that laptop on your desk.

Secure Managed Print services, says HP, will help customers close the gap on security, with protection that includes security software to detect threats; protect, monitor and manage the printer fleet; data encryption to better protect confidential data; reporting for regulatory and compliance audits; security expertise to co-develop a comprehensive print security plan; and printers with self-healing capabilities.

That last item is particularly interesting. We first saw it mentioned back in September 2015 when HP launched enterprise-class LaserJets with a focus on security (see HP Targets Security Breaches With Latest Enterprise-Class Machines). The firm’s Sure Start solution extends the same BIOS security that is used to protect its Elite line of PCs to its LaserJet enterprise printers and MFPs, electronically isolating a portion of flash during the boot-up process to detect malicious BIOS attacks. If an attack is detected, the technology can revert back to the original state by flushing the memory and reloading the previous BIOS (because yes, printers have BIOS too).

Together, these features make up a service that, according to HP Inc., “reflects HP’s defense-in-depth approach to delivering the most comprehensive device, data and document security available today. HP Secure MPS provides security experts with the ability to help customers secure their print environment with the strongest protections available in the industry and then maintain security over time to address evolving threats and compliance requirements.”

Is such in-depth security really needed? Well, judge for yourself. In announcing the Secure MPS services, HP Inc. included a number of interesting facts regarding security and print, including these scary tidbits:

  • A Ponemon Institute survey, “Insecurity of Network-Connected Printers,” from October 2015, reported 60 percent of companies surveyed have had a data breach involving printers.
  • Another survey by the Ponemon Institute reported that 64 percent of IT managers state their printers are likely infected with malware.
  • That same study showed only 53 percent of IT managers realize printers are vulnerable to cyber crime.

Those numbers are pretty disturbing. Sixty-four percent of IT managers in the survey believe they have malware-infected printers. Sixty-four percent! That’s a lot of malware. And only half of the IT managers realized printers are vulnerable? And then what about the printers not under the auspices of IT departments? Because as we know, there has long been a reluctance by IT to take ownership of printers.

We have seen most major OEMs show an increased focus on security over the last couple of years, with a number of features introduced to help secure what was once a device no one would have thought about in terms of needing security. But the times have changed, and HP Inc., like so many of its brethren, is working to get ahead of the curve when it comes to securing all network devices — including the lowly printer.

Amy Weiss is editor-in-chief of BPO Media’s publications Workflow and The Imaging Channel, and senior analyst for BPO Research. She has more than 20 years’ professional writing and editing experience and has specialized in the office technology industry for the last 14 years, focusing on areas including print and imaging hardware and supplies, workflow automation, managed print, document management solutions and software, business solutions and more. Contact her at amy@bpomedia.com.