–  Larry Kovnat, product security manager, Xerox Corporation

This weekend the doors open at the seventh annual ShmooCon, a hacker convention in Washington, D.C. that promotes open discussion of information security. Media is reporting in advance of the event that a big focus will be on the security of data flowing through your printers and MFPs.  We’re glad this issue is continuing to get attention.

At Xerox, we recognize the critical importance of securing information not just on our equipment but on the network as well, and have been educating customers about this for years. Our products have appropriate security measures built-in for optimum network and hardware protection:

  • · Xerox devices include a network firewall to prevent unauthorized access to a customer’s system through the network connection. As unprotected fax connections in MFPs can be an open back door into the network, our devices provide complete separation of the telephone line and network fax connection.
  • · All data in motion in and out of the device, as well as data stored within the device, is secured with state-of-the-art encryption.
  • Access to scan, e-mail and fax features can be restricted by verifying network user names and passwords in network directories prior to use of these functions. Additionally, access permissions can be controlled on a per-user and per-service basis, all centrally managed at the network domain controller.
  • On MFPs with hard drives, Xerox offers options for removal of the hard drive before the MFP is disposed of or turned in after a lease. We work with customers to ensure they understand the risks associated with data when returning machines, along with providing recommendations on the most effective way to rid the hard drive of data.

We perform various levels of network and hardware security testing, including penetration testing, prior to launch, along with Common Criteria testing and certification on many of our MFPs. Our website gives  customers up-to-the-minute information on network and security features, vulnerabilities, patches and policy recommendations: www.xerox.com/security.

But it’s more than technology we’re concerned with. Everyday Xerox works directly with its customers to assess their security needs. We help identify where their information resides, how it is transferred and detect the greatest areas of risk. Only by working together to create a data security plan that combines technology and policy can we protect our customers.

Events like SchmooCon are good reminders about how important it is to carefully evaluate the security measures built into the MFPs you are currently using or consider purchasing and to choose a vendor partner who will collaborate with you on a data protection strategy.

We’ll be following the discussion from the convention and look forward to sharing our viewpoint. In the meantime, I encourage you to have a look at some of our previous posts on this topic and look forward to discussion in the comments.

Related Stories on this Blog:

Printer Industry Called to Action – CBS Follows Up on Copier Security Investigation

CBS Copier Security Investigation & What You Need to Know