MPS Security is Primarily About Education
Since printers are part of an organization's IT infrastructure, security concerns come into play. In a sea of PCs, servers and routers, printers are probably not high on your clients' security radar. At the same time, it is difficult to get anything installed on a network without proving that it will not jeopardize security.
Nothing you offer as part of a managed print services program needs to put your clients' network security at increased risk. There may be a few items—such as printer hard drives that can contain records of printed documents—that you will need to implement security solutions for, but for the most part, what you need to do is be knowledgeable about the types of security concerns your clients may have. If you intend to—or already do—offer additional managed services, you may eventually want to offer IT security solutions as one of your offerings.
As an MPS provider, there are a few things you can do to be prepared for your clients' security concerns:
1. Make sure your products and services fit within relevant compliance laws.
This is more about understanding the relevant compliance laws than having to make alterations to your offerings. The most important compliance laws deal with privacy (the Health Insurance Portability and Accountability Act for medical records, the Gramm-Leach-Bliley Act for financial information, and the Payment Card Industry Data Security Standard for credit card information), so if you are not capturing or transmitting any of this data you have less to worry about. Printer hard drives might be storing document data by default, so you may need to add some security features to the hardware itself—and printers connected to the network should be treated the same as any other networked hardware to prevent external intrusions (e.g. make sure they are behind the corporate firewall). In terms of any software you are installing at the client site, make sure you are aware of exactly what data it captures and if it could contain any sensitive information; this could be anything from document content to document titles or even user names. Your software vendors should be able to provide you with this information.
2. Be able to articulate to your clients why your products and services are secure.
Once you know how your hardware and software fits into the security landscape, make sure that anyone who interacts with clients is capable of relaying relevant security information. Your hardware and software vendors should be able to provide you with security documentation. If you are going to create it yourself, at least get help and approval from your vendors, if not a lawyer. Virtually any software can be hacked, so you don't want to making too many guarantees; you just want to provide the facts about how it works. Depending on the types of customers you target, you may want separate documentation that deals with compliance laws for specific vertical markets, for example, HIPAA for health-care organizations.
3. Offer solutions that help them meet their compliance obligations.
If you are looking to expand your business beyond MPS to include other managed services, security solutions are something you may want to look into. Almost every business requires some type of security measures to be taken to protect their data. While some can manage this on their own, many need or welcome outside help. Many managed print providers already offer document management solutions, many of which are already helping clients to keep their data organized and secure. I don't mean to imply getting into the IT security business is easy; you will need some experts on staff.
WikiLeaks has shown us that the biggest security risks are often internal. It makes sense that one of the most popular printer-related security solutions is the ability to enter a PIN at the machine before a document is printed. Simple measures like this can go a long way toward improving a client's document security.
Our July 2011 issue of The Imaging Channel magazine will be taking a closer look at security issues faced by solution providers. If you would like to share some of the security issues you have faced with clients, leave a comment below or feel free to contact me directly.
Posted by Emily Offshack on 04/12/2011