Arguing that printers pose a threat to enterprises, McAfee plans to integrate its security software to Xerox's printers. For its part, Xerox will protect the proprietary data.
Concerned that employees are not taking IT security policies
seriously, McAfee and Xerox are teaming up to protect sensitive data stored on
Yet another survey found that employees are either not aware
of their company's security policies or not bothering to follow them. More than
half of employees didn't always follow their organization's IT security
policies and 21 percent weren't aware of what they were, according to a survey
jointly commissioned by Xerox and McAfee released Feb. 14.
These finding are consistent with previous surveys where
employees admitted to ignoring
policies that weren't convenient,
restricted them from doing their jobs or weren't
Pointing to the survey results as a sign that some of the
biggest threats to corporate data come from inside the organization, McAfee
announced plans to integrate its security software inside Xerox products to
protect proprietary company data. The new security system would rely on a
whitelisting method that would allow only approved files to run on the device
instead of trying to maintain a blacklist of malicious programs that could try
to extract the data or take control of the device.
With more than
50,000 new security threats emerging each day, protecting sensitive company
information can be intimidating for IT managers especially when you consider
that any device sitting on the network, from a PC to a fax machine, can be
exposed to those threats, said Rick Dastin, president of the enterprise
business group at Xerox.
Despite the fact that most modern printers, copiers and other
multi-function machines store images of documents in their embedded hard
drives, only 6 percent of the respondents considered these devices to pose a
serious threat to the company's network.
In a recent study of European and U.S. enterprises by
research firm Quocirca, only 15 percent of the respondents were concerned about
losing data with these devices.
"Given the legal and financial ramifications of a data
leak, as well as potential brand damage, businesses need to wake up to the
print security threat," Louella Fernandes, a principal analyst at Quocirca
wrote in a research note.
Printers, scanners and similar devices were not considered a
security threat when they were first designed. However, the threat landscape
has changed, and organizations are concerned about securing years of
confidential and proprietary data from data loss or theft. These devices are on
the network or are connected to the Internet, have hard disk drives containing
data, and have embedded software, making them more than just peripherals, said Fernandes.
Although multi-function printers (MFPs) are an
"intrinsic part" of the IT infrastructure, organizations "remain
oblivious" to the security risks, Fernandes wrote.
In the McAfee and Xerox survey, 39 percent of employees who
copy, scan or print confidential information at work said they were worried
whether the information being stored on these devices would remain secure. Of
that group, 86 percent said they were somewhat worried about personal
information that was being stored.
Organizations need to take a layered approach to secure
printers, said Fernandes, who advocates using hard-disk encryption and
disabling network ports on these devices. It departments should also issue ass codes
to release jobs sent to the printer so that unauthorized employees cannot just
walk away with the information.
Only 13 percent of employees said their company requires
them to enter a password or pass code to access the device, according to
The McAfee partnership will make printer security much
easier for IT teams as the technology will be available "out of the
box" for Xerox products, said Fernandes.