Jon Collins, Infosecurity Adviser
Whoever invented the term ‘the paperless office’, they should be shot. The world is getting through more paper than it ever has, much of it being printed off laser printers, scanned back into another system and no doubt printed off again at some other point. Its not just a problem with IT itself of course – anyone with a shred of environmental goodwill will no doubt be forlorn at the amount of printouts that sit, gathering static-laden dust in print rooms around the globe. Equally however, there is a fundamental issue with security. So should we just lock away the printers, or is there a better way?
If security is about managing risk, it is worth considering exactly what might go wrong. The starting point is that every printed page may be a source of confidential information – and the time between hitting “print” in an application and actually retrieveing a printout may be just long enough for the information to fall into the wrong hands. For the avoidance of fear, uncertainty and doubt of course, it could be argued that this is a small risk – but then, so is the risk of being hacked. It may not even be ‘bad’ hands, just people who should not see the information for whatever reason.
It would all be so simple if only it wasn’t always so difficut to lay hands on a printout. How many times have you printed something off, walked down the corridor and gone to pick it up, only to find its not there for whatever reason? It could be that there are a number of other jobs in the queue, or indeed, that somebody has walked off with it by accident. Perhaps the maintenance engineer has the whole thing in bits in front of your eyes – but of course, he’ll turn his eyes away when he comes to switch the thing on again…
Local printers have solved the problem to an extent, but they can cause problems of their own. Government establishments have long been tussling with the issue of where a printout might go – if you happen to have several printers set up on your computer, it becomes easier to accidentally print something to a printer far away on the network, where it might never be seen again (or worse, it just might). As it happens, we are seeing organisations move back towards the more centralised model, for operational efficiency reasons – but that brings with it the potential data leakage problems we have seen before.
So, what to do? Perhaps the surprise is that it should be 2008 and printing has pretty much stayed the same for as many decades as I’ve been in this industry – surely such problems should be solved by now? As with many things, the answer is, “It’s not as simple as that.” Companies like Ricoh may be able to offer printers (I think they call the multifunctional devices these days) which require a PIN code or an ID card before they will ‘release’ a printout into the wild, but there has to be the will to integrate such technologies with back-end authentication mechanisms.
Of course once this is done, the rest of the process becomes more straightforward – no PIN, not printout. The advantage is not just with security – it might also spell an end to those recycling bins overflowing with unwanted print jobs. Which might bring us one step closer to the paperless office, after all.