My Thoughts On HP Print Security

This is Part IV in a 4-part series on print security, HP printers, and how the HP Print Security Team is trying to protect your printer from both the bad actors out there, and inadvertent ineptitude within your organization. (My choice of words, not theirs. J )

In the concluding article, Part IV, I am going to give you my thoughts on HP’s offerings, particularly highlighting where I think HP is excelling, and where they are failing.

Our world today is a highly-connected one.

Everything we do is in some form connected to the ethereal cloud somewhere in order to deliver immediacy, connectedness, and community.

Printers get hacked all the time.

This isn’t new.

In fact, first known printer hack occurred in 1962 when a Xerox printer was modified with a camera to snoop on the Soviets during the Cold War.

Today, printer hacking is much more sophisticated.

And as with personal computers, the ultimate goal of break-ins now is financial. Yes, don’t be fooled: be it for IP, or direct financial misappropriation, these are thefts. For monetary gain.

Oh and yes: for your monetary loss!

[Your] Printers As a Malware Entry Endpoint

In Part I, Part II, and Part III of this document, I believe I touched on the many ways a printer, being an endpoint on your network, could be surreptitiously repurposed as a malware entrepôt into your network/computing environment.

This is NOT an academic exercise. It is happening. Now.

And getting more sophisticated daily.

For example, see that drone buzzing your high-rise office building?

So, what is HP doing?

(1) HP has identified the threat

The first step in conquering – or, at least, ‘managing’ – a threat, is identifying that there is a problem.

Thankfully, HP has done this.

Not only have they ID’s a threat, but they have put together a printer and print security team tasked with mitigating the problem from the root – design, to the branches – end users.

(2) HP is creating printers that are secure by design

HP makes sure that security is now part of printer DNA.

HP business printers now have the following:

HP Sure Start, which secures printer BIOS
Firmware Whitelisting, which secures printer firmware
HP Printer Run-Time Intrusion Detection , which keeps printer memory safe, and
HP JetAdvantage Security Manager, which keeps an enterprise’s HP printer assets safe

(3) HP has a printer security consulting arm to help enterprises

Not every enterprise had modern printers in their inventory.

However, most of those printers are networked, and may not be patched on schedule, or regularly, or ever, even.

Having a security consulting SWAT team, so to speak, allows HP to help enterprises with several generations of HP printers not only bring them up to date, from a security standpoint, it also presents a sales/upgrade opportunity.

Once companies are faced with the fact that some of their printers can no longer be upgraded to meet their current compliance requirements, then a new printer (or printers) is needed.

Excellent double-dippin’.

(4) HP is adding a cloud-based printer security schema

No official word on this.

But, I'm sure it does. It has to.

The wealth of information it can use from such a cloud-based scheme would be invaluable

Is HP doing enough?

From a technological, and product standpoint, yes.

HP is providing locked-down printers, and the ability for companies to not only inventory their printers, but to leverage enterprise authentication products such as Microsoft Active Directory to create and apply policies that help define printer security.

However, it is not enough.

Why not?

Because of the weakest link in the chain, namely, humans.

As long as there are humans in the chain, there are bound to be some lazy, or incompetent users.

And while HP has rather reduced the ability of lazy nincompoops to fubar a computing environment using HP printers, I see the following two issues as needing to get implemented to further reduce the likelihood of future breaches.

They are:

(a) Make Printers locked down to local network only

I’m not a hardware or networking maestro, however, the first thing I want to see HP do, is make sure all HP printers, not just the pro/business printers, are set, by default to ONLY connect to the local network or LAN.

All this stuff where printer HAVE to be connected outside the LAN to be properly set up, or to download software, or unpleasantly, to sell more ink.

Make end users explicitly unlock the printer to access the Internet, or externally.

(b) Make sure Printers DON’T automagically become Wi-Fi hotspots

Imagine my surprise when an HP business printer an acquaintance installed in their business this very month was set up as a Wi-Fi hotspot?

Are you kidding me?

Why is this even a thing?

This development alone has the potential to eviscerate all advances HP is making to print security.

Finally…
Apart from the little blips above, which I will be escalating to the HP print security team for more information, I think HP is being smart here.

The HP printer operation, at nearly $20 billion in revenue, is large enough to be a Fortune 500 firm.

For a business like that, a major breach has the potential to damage the brand beyond repair in that space.

As a result, it is refreshing to see that HP realizes this, and is doing a lot to make sure they secure the printers, and by proxy, the computing infrastructures that HP printers are connected to.

That gives me confidence in HP printers.

As it should for you as well.

Moreover, for our MSP operations, it is another way of looking out for them.

We can help them inventory and identify their printer assets.

We can help them patch and secure those printers.

We can help them remove the printers that don’t conform to company policies.

And finally, we can help them replace those outdated printers with new devices that are complaint with stated company policies, and industrywide security best practices.

This can, and should be the case for you as well.

You must secure your printing environment.

If you utilize HP printers, avail yourself of their products, and security products.

If you have standardized on non-HP printers, make sure your printer OEM has similar products.

If they don’t, perform an ROI on what a breach would do to your firm, both monetarily, and in terms of brand damage.

From Horologigrafica's Instagram

Featured posts: