Canon imageRUNNER Security Kit Broschüre
Most of today’s enterprises have built a strong perimeter of
firewalls, intrusion prevention systems, and anti-virus
software to protect their digital assets. Attention is given to
servers, network equipment, and user workstations, but
networked printers and multifunctional digital copier
devices have been largely ignored when it comes to
security. With the advent of the MultiFunctional Printer
(MFP), more and more functionalities have been integrated
into one system, including scanning, copying, faxing,
printing, and even Web access. These devices have become
new targets for attackers, as they act as “information
hubs,” where data from various business units,
departments, and users is processed, stored, and
produced.
firewalls, intrusion prevention systems, and anti-virus
software to protect their digital assets. Attention is given to
servers, network equipment, and user workstations, but
networked printers and multifunctional digital copier
devices have been largely ignored when it comes to
security. With the advent of the MultiFunctional Printer
(MFP), more and more functionalities have been integrated
into one system, including scanning, copying, faxing,
printing, and even Web access. These devices have become
new targets for attackers, as they act as “information
hubs,” where data from various business units,
departments, and users is processed, stored, and
produced.
As networked printers and multifunctional systems
complete the transformation from output terminal to true
network node, businesses and IT professionals need to be
just as concerned with data residing on – and passing
through – MFP hard drives as they are with PC and network
security.
complete the transformation from output terminal to true
network node, businesses and IT professionals need to be
just as concerned with data residing on – and passing
through – MFP hard drives as they are with PC and network
security.
Thus, corporate IT and security departments must include
MFP devices as critical assets that require protection from
internal and external threats. However, the knowledge
needed to protect an MFP is much different than that
needed to secure other types of network devices, such as
file servers, databases, or routers. Many MFP devices run
operating systems and offer hard disk drives to temporarily
or permanently store data.
MFP devices as critical assets that require protection from
internal and external threats. However, the knowledge
needed to protect an MFP is much different than that
needed to secure other types of network devices, such as
file servers, databases, or routers. Many MFP devices run
operating systems and offer hard disk drives to temporarily
or permanently store data.
If information theft or virus insertion is the goal, it may be
easier and faster to penetrate a single MFP shared by an
entire department than to target scores of individual
computers. Internal security breaches of intellectual
property and confidential information can be as damaging
to your business as the theft of hard goods from the
warehouse.
easier and faster to penetrate a single MFP shared by an
entire department than to target scores of individual
computers. Internal security breaches of intellectual
property and confidential information can be as damaging
to your business as the theft of hard goods from the
warehouse.
Once perceived as necessary only for government and
military applications, security is now a growing
requirement in the private sector as well. Consider the
volumes of customer data and revenue forecasts that could
be stolen from a company’s sales/marketing database or
the evidentiary information gathered by the legal
department for a pending lawsuit or patent application.
Imagine the impact on individual futures and careers
should educational records be compromised or the
financial impact of a competitor intercepting engineering
designs and confidential product launch strategies.
military applications, security is now a growing
requirement in the private sector as well. Consider the
volumes of customer data and revenue forecasts that could
be stolen from a company’s sales/marketing database or
the evidentiary information gathered by the legal
department for a pending lawsuit or patent application.
Imagine the impact on individual futures and careers
should educational records be compromised or the
financial impact of a competitor intercepting engineering
designs and confidential product launch strategies.
The government has enacted several pieces of legislation –
such as Gramm-Leach-Bliley, HIPAA, Sarbanes-Oxley, and
the Patriot Act – which are intended to protect certain
sensitive information. These regulations require
organizations to constantly examine their networks and
information workflows to make certain that they remain in
compliance for records retention/destruction and threats
against fraud. In addition, the organization must maintain
the privacy of personal, financial, medical, and insurance
data
such as Gramm-Leach-Bliley, HIPAA, Sarbanes-Oxley, and
the Patriot Act – which are intended to protect certain
sensitive information. These regulations require
organizations to constantly examine their networks and
information workflows to make certain that they remain in
compliance for records retention/destruction and threats
against fraud. In addition, the organization must maintain
the privacy of personal, financial, medical, and insurance
data
.
Your business produces, analyzes and processes information daily. Information is a company’s most
valuable asset and also the most vulnerable one. Information can be shaped into multiple forms: bits
and bytes for network transfer and storage, printed documents, or materials for presentation. Because
information can be presented in multiple ways and is found in various locations, it is extremely
vulnerable to attacks including data corruption, theft, piracy and destruction.
valuable asset and also the most vulnerable one. Information can be shaped into multiple forms: bits
and bytes for network transfer and storage, printed documents, or materials for presentation. Because
information can be presented in multiple ways and is found in various locations, it is extremely
vulnerable to attacks including data corruption, theft, piracy and destruction.
Security
Goals
Ava
ilability
Co
nf
id
e
n
ti
a
li
ty
In
te
g
rit
y
Canon Goals for Information Security
To better understand the security features offered on Canon’s image
RUNNER
®
Series devices,
it is first useful to review the goals of information security: to keep data confidential, to
maintain data integrity, and to make data available to legitimate users. Any product that
hopes to provide security must achieve these three goals.
maintain data integrity, and to make data available to legitimate users. Any product that
hopes to provide security must achieve these three goals.
Confidentiality
Corporate data may contain information about the organization that should be kept
confidential. The goal of confidentiality is to prevent the unauthorized disclosure of information.
Integrity
In addition to keeping data confidential, it must be kept accurate. Integrity assures that data is not altered, either
accidentally or with malicious intent.
Availability
Confidentiality and integrity must be achieved while still making data accessible to legitimate users. Controls should
be in place to prevent attackers from denying legitimate users access to data and resources.
3