Buyers Laboratory
 
 
 
 
BLI Press Releases
News & Publications
  Recent News
  Recent Test Reports
  Test Reports In Progress
  Pick of the Year Awards
  Production PRO Awards
  BLI Editor's Desk
  Company News
  Product News
  Software
  People
  Industry News
  Investor News
  Press Releases
Change Country:  United States  Germany  France
bliQ Mobile
Solutions Center
Sign Up for LabLines Free

News Article

Back to Index

Security Plays a Leading Role in A3 Product Evolution

 

By George Mikolay, Senior Product Editor, A3/Copier MFPs, April 5, 2011

 

Because the security of information stored on document imaging devices is of concern to the IT professional CIOs who buy them, manufacturers have been focusing on security for years. Last year’s discovery of thousands of used copy machines—many containing sensitive information in violation of privacy regulations—in a New Jersey warehouse has upped the ante. Add to that proposed legislation in New Jersey to protect MFP users from data theft by requiring the hard drives of digital copy machines to be wiped clean in order to protect sensitive, personal information, and it’s clear that manufacturers need to step up their efforts in security or risk falling short of competitors’ offerings.

 

“I’ll be the first to admit that until recently, I was among the majority of Americans that had no idea that digital copiers store all of this information on their hard drive,” said Senator Bob Smith (D-Middlesex), one of the two officials who have proposed the New Jersey law. “As is the case with so many businesses, copiers are leased and returned at the end of a lease agreement and then sold or re-leased to a new buyer. It's frightening to think about all the information that is potentially at risk unless we require hard drives to be erased before an owner relinquishes it.”

 

So did manufacturers drop the ball as far as making customers aware of the security risks involved with copier hard drives? Ondrej Krehel is the chief security officer at ID Theft 911. According to Krehel, his company can be hired whenever there is a breach that involves technology and conduct a forensic investigation, security consulting and data risk management to provide solutions so it will not happen in the future. While all copiers today typically have hard drive overwriting methods available, Krehel said that many devices being used in the field are not equipped with the capability. “I don’t think vendors have been doing a good job of pushing the security capabilities available on their devices.”

 

While BLI includes comprehensive security specifications in every lab test report and published a series of solutions reports on the OEMs’ hard drive overwrite capabilities as far back as 2006, Ed McLaughlin, president of Sharp Imaging and Information Company of America (SIICA), said that in general, the industry had been failing to inform the general public of the potential risks involved with a copier. In 2008, Sharp commissioned a survey on copier security that found that 60 percent of Americans “didn't know” that copiers store images on a hard drive. “It was falling on deaf ears,” McLaughlin said. “Or people didn’t feel it was important.” In fact, Sharp ran a whole dealer meeting on the topic more than five years ago, according to Mike Marusic, senior vice president of SIICA’s Business Solutions Group. “In addition, we ran TV commercials and print ads on this topic. For much of that time, our competitors were downplaying our efforts,” said Marusic.

 

Summary of OEM Offerings

 

With its latest products, Sharp joins Xerox and Konica Minolta, which have been offering hard drive overwrite as a standard capability on their machines for years. In addition to standard hard drive overwrite and 256-bit encryption, Sharp also offers an “end of lease” mode on their new devices, which will reset the machine and all of the customer information on the hard drive, essentially setting the hard drive back to new condition.

 

“Xerox has recognized this problem for over 10 years and has built features and countermeasures into our devices to help customers safeguard their data,” said Xerox Product Manager Suma Potini. “We educate customers about security risks and the features available to address them and take proactive steps to continuously maintain the security of devices in the field.” Most of the Xerox multifunction devices Xerox ships today that have hard disks include a disk encryption feature which uses 256-bit encryption to encrypt and protect data from unauthorized access. In addition, standard Xerox overwrite methods include automatic overwrite immediately after jobs are completed, scheduled overwrite (daily overwrite of all image data from disk including any pending jobs), as well as overwrite prior to the removal of a device to remove virtually all image data from the disk.

 

“Protecting sensitive electronic data is more critical than ever before, especially when an MFP is ending its lease term and/or has gone End-of-Life (EOL),” said John Dembia, product marketing manager for office and workgroup products, Konica Minolta. “Customers are more aware of it now and we will continue to see requests for security and tools to safeguard information.” Also inherent on Konica Minolta’s machines is end of lease overwrite capabilities. Eight different modes are available, including overwrite to US Air Force standards, which can take up to nine hours to complete, according to Dembia. For environments that do not have the IT infrastructure or know-how to perform an end of lease overwrite, Konica Minolta also offers an EOL HDD Secure Data Disposal Program, a service engagement that buyers can take advantage of when a machine is ready to be disposed of. According to Dembia, three options are available for customers to choose from. With HDD Sanitizing, overwrite will be performed by a Konica Minolta technician on site at the time of disposal. Via HDD Replacement, a Konica Minolta technician will remove the internal hard drive from the MFP and return it to the customer in a sealed container for disposal. With As-Is Disposal, an MFP will be picked up according to the respective terms and conditions of the contract and be disposed of by Konica Minolta. The internal data of the machine will not be altered or modified in any way, though if the machine is then remanufactured, the hard drive will be wiped anyway. Konica Minolta also touts that its entire product is Common Criteria certified to EAL3 standards, versus just a hard drive overwrite kit.

 

In addition to Xerox, Konica Minolta and Sharp, other vendors are now offering hard drive overwrite and in some cases hard drive encryption standard. These include Samsung, whose comprehensive security feature set includes 256-bit encryption and up to nine overwrites, which is tied for the highest number of overwrites. Samsung also offers an end-of-lease-type overwrite, which will manually overwrite the entire hard drive. Samsung products are also Common-Criteria certified and meet the requirements for IEEE 2600, which is an agreed-upon set of criteria for the document security in commercial use. Beginning with the recently introduced MP C400 and MP C300 A4 MFPS, all of Ricoh’s new models will now feature hard drive overwrite and encryption standard.

 

Toshiba also recently added standard data overwrite to the majority of its monochrome line ranging in speeds from 20 to 85 ppm, as well as enabled 128-bit AES encryption to be turned on out of the box. According to Bill Melo, vice president of marketing, services and solutions for Toshiba America Business Solutions, Toshiba’s interest in security predates the CBS news story by several years. “We have been aware of digital processing workflow that leaves latent images of scanned documents on the hard drive, and we’ve taken steps as far as two generations back to address it,” Melo said. “As part of our SecureMFP program, we’re not only looking to make more secure MFPs, but also to educate our resellers and in turn their customers about the safeguards they need to take to enable the technologies we put on devices to protect them. Tying into this is the idea of making once optional security capabilities available as standard, as is the case with the new SE family of products, and this is something we are looking to continue.”

 

Canon says it also educates its dealers and their dealers’ customer bases regarding the security capabilities of its devices. “We provide a variety of tools and white papers, and offer webinars regarding security about every three months with our dealers and their customer bases, all of which are available on Canon’s web site for review,” said Steve Agostini, senior manager of solutions marketing for Canon. “These tools are used to educate our sales people and customers regarding Canon’s comprehensive suite of security tools. Security is not only protecting information on the hard drive, it also includes how confidentiality is protected at every phase including device authentication and access control, document, and network security.

 

Standard on Canon’s A3 devices is hard disk drive format, end of life/end of lease/redeploying technology that can be performed by either end users or administrators within a company. It overwrites a single time the image data and everything on the hard drive, including address books, network settings, address books and anything in the mail boxes. For after every job, both hard drive overwrite (up to three times) that meets DoD standards and 256-AES encryption are available as two separate options for Canon’s devices.

 
©2013 Buyers Laboratory LLC