Printer Security Risks Loom As Silent Threat To Networks

So few customers recognize the network security risks posed by unsecured printers that solution providers have a big opportunity to win new business by opening their eyes, said channel executives from several printer vendors.

"Less than 20 percent of CIOs surveyed recognized that printers as an endpoint were a threat," said Dan McDonnell, vice president of U.S. Print Channel at Palo Alto, Calif.-based HP Inc. "Ninety percent of them understand that PCs have some serious challenges, but they don't see printers as an issue."

Not only do most CIOs not consider the printer a danger point, according to a 2017 Spiceworks Survey commissioned by HP, most had no security in place on the devices. While 83 percent of respondents had secured their PCs, and 55 percent their mobile devices, only 41 percent had either network security, access control, data protection or end point security on their printers.

[Related: Vendors: If You’re Ignoring Managed Print Services, You're Leaving Cash On The Table]

id
unit-1659132512259
type
Sponsored post

HP, which touts its devices as "the world's most secure printers," recently launched an aggressive security program to help boost awareness of its security features, offering a $10,000 bug bounty for anyone who could hack into their devices. HP's security features are helping solution providers win business, McDonnell said. "It's helped to close deals. It's a tiebreaker," McDonnell said. "If you get to that level with a CIO, security is a big factor. It depends where you're having the conversation, but it certainly is on a lot of people's radar as more and more people lose data and understand the repercussions of breaches."

During a Printer Roundtable at XChange 2018, CRN gathered channel executives from three print vendors to talk about the security challenges facing the market. Greg Chavers, vice president of North American Channel Sales at Lexmark, Lexington, Ky.; John Reilly, vice president of U.S. channel sales at Xerox, Norwalk, Conn.; and McDonnell also discussed ways each company has reinforced the security features of their product lines.

"Breaches, I'm sure, happen much more frequently than we all know," McDonnell said. "They're just not publicized. The company that is breached is not willing to go out and create a testimonial around it, so awareness remains a lot lower than we'd like."

Chavers seconded McDonnell's rallying cry around printer security, saying the topic needs more attention.

"If you look at the security breaches, over 50 percent of those happen at an endpoint device on the network, and guess where most of our printers and MFP's are located? On the network as an endpoint device," Chavers said. "So it's definitely a big concern."

Jeff Bryant, vice president of operations at Dallas-based Cesco, a solution provider and Lexmark partner, said while SMB customers may not bring up security, many of his high-end clients are concerned enough about it that they will test the device themselves, putting it on their network and trying to penetrate it using their own IT personnel.

"I've had really good luck with that with Lexmark," he said. "It's always stood up to the test, and that gives us a lot of confidence. [Customers] feel like the security is solid. They don't feel like they're at risk with the product. That is a great selling point. The disc encryption, the disc wipe features, all those things are selling points today. You're going to get asked."

Chavers said Lexmark offers what it calls full-spectrum security that is designed to reinforce device security around a customer's needs.

"There is no specific security offering that's going to meet every particular customer need," he said. "So, what we'd like to do is we like to be really good across the gamut, so whether it's, hardening the device and being able to protect the device, being able to protect and secure the information that's on that device and also being able to secure access and make that very secure for the particular end users that you want to have access to those devices. So, we want to be good at all of those."

Reilly said to keep Xerox devices safe, the company partners with McAffee and Cisco to build configurable security into the printers whether the customer is an SMB or enterprise client. He said the company won Federal Risk and Authorization Management Program (FedRAMP) status for its managed print services (MPS).

"It is an extremely secure device and an extremely secure process within MPS backed up by the data and the certification," he said. "So, we feel very good about where we're at … this is one that we can do a better job at getting that message out and helping the channel understand the flexibility and the capabilities of our security."

Josh Justice, president of Just Tech, a La Plata, M.D.-based Xerox solution provider, said the FedRAMP certification is a strong selling point for customers.

"Service providers who are authorized through FedRAMP are included on a list accessible by federal agencies," he said. "Many resellers, including JustTech, focus more on SMB clients but for those who work with federal agencies, it is great to reference."