Untraceable Printing, Copying and Scanning Tonis Haamer CEO, NT-ware GmbH March 24-25, 2011 Arena11 Press Reaction Increased public attention to security breaches Growing number of compliance regulations Security Risk Assessment Frameworks Information Data Loss Prevention solutions Why? • Sarbanes-Oxley (SOX) • Gramm-Leach-Bliley (GLBA) • Health Insurance Portability and Accountability Act (HIPAA) • European Union Data Protection Directive 95/46 • Japanese Personal Information Protection Act (JPIPA) • Public disclosure laws • Payment Card Industry Data Security Standard (PCI DSS) • …
11
Embed
Untraceable Printing, Copying and - canon.no20relatert%20til%20utskrift... · Untraceable Printing, Copying and Tonis HaamerScanning CEO, NT-ware GmbH March 24-25, 2011 Arena11 Press
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Untraceable Printing,
Copying and
ScanningTonis Haamer
CEO, NT-ware GmbH
March 24-25, 2011
Arena11
Press Reaction
Increased public attention to security breaches
Growing number of compliance regulations
Security Risk Assessment Frameworks
Information Data Loss Prevention solutions
Why?
• Sarbanes-Oxley (SOX)
• Gramm-Leach-Bliley (GLBA)
• Health Insurance Portability and Accountability Act (HIPAA)
• European Union Data Protection Directive 95/46
• Japanese Personal Information Protection Act (JPIPA)
• Public disclosure laws
• Payment Card Industry Data Security Standard (PCI DSS)
• …
2008
1.Malware 54%
2.Employees 52%
3.Spyware 48%
4.Application Vulnerability 44%
5.Hackers 41%
6.Misconfiguration 41%
7.Spam 39%
8.Data Stolen by Trusted Party 38%
9.Insider Sabotage 34%
10.Wireless LAN 33%
Top Threats to Enterprise Security
2006
1.
2.
3.
4.Employees
5.
6.
7.
8.
9.
10.
IDC 2008
2008
1.Malware 54%
2.Employees 52%
3.Spyware 48%
4.Appl. Vulnerable 44%
5.Hackers 41%
6.Misconfig. 41%
7.Spam 39%
8.Data Stolen by Trusted Party 38%
9.Insider Sabotage 34%
10.Wireless LAN 33%
Top Threats of Enterprise Security
Most costly
IDC 2008
Most Costly
Structure and Drivers
User Mistakes
External Attackers
Government Regulations
Insider Malicious Intent
Obligations to Customers, Partners,
Contractors
Managers’personal liability and threat of
criminal or civil penalties
My World
Unprotected print
data
Hard Drive
Printing or Scanning Confidential
Documents?
Is that a salary sheet
on the printer tray ?
Not Again – someone
took my prints !
I can scan to any email
– untraced!
Prints are laying on the tray
for all to see
Sometimes for hours
What is the consequence?
Information is compromised
Confidentiality obligations
are not fulfilled
What is the consequence of
that?
Loss of your job
Loss of trust
Legal implications
TRUE FOR YOU
?
TRUE FOR YOU
?
My World
Untraced Scans
Untraced Prints
Untraced Copies
Lost Prints
My World
Data Encryption
MAC address /IP
filtering
Hard Drive Erase
Loss of Confidential Information
Source: NPO Japan Network Security Association 2008
Owners
Loose company reputation + loose customer trust + loose
their job + loose money + cause internal confusion
End Users
Loose productivity + loose morale + susceptible to
mistakes
IT Managers
Incomplete assessment compromises other efforts
Set unnecessary restrictions and cause loss in productivity
Consequences Lacking Security
Controls?
IT Manager
Business Leader
Users
Effort
How uniFLOW Addresses User Level Security
(uncatchable)
Risk Level
Uncontrolled
Access
Device
Access
Control
uniFLOW Login
Manager
PIN or Card
Prevent
unauthorized access. Trace
scans back to an
individual
uniFLOW Secure
Print
Print to
Memory Only
Prevent
unintended exposure of
information
Function
Level Access
Control
uniFLOW ACLs and AMS
Function level access
More control
where needed (eg
selectively
prevent scan to external email)
Users have to authenticate first, and
only then have access to their print-
jobs.
No confidential prints on printer trays
Your prints are NEVER picked up by
someone else
Secure PrintingI Expect:
- Nobody to look at or
take my confidential
documents from the
printer.
Effort
How uniFLOW Addresses User Level Security
(uncatchable)
Risk Level
Uncontrolled
Access
Device
Access
Control
uniFLOW Login
Manager
PIN or Card
Prevent
unauthorized access. Trace
scans back to an
individual
uniFLOW Secure
Print
Print to
Memory Only
Prevent
unintended exposure of
information
Function
Level Access
Control
uniFLOW ACLs and AMS
Function level access
More control
where needed (eg
selectively
prevent scan to external email)
uniFLOW content
monitoring
Monitor Content
Deter information
theft by paper
uniFLOW knows which content was outputted by a
Canon MFD when, by whom, and to where, by storing job
logs and image logs of copies, faxes, prints and scans.
uniFLOW will analyze the image text content and prompt
action.
How it Works
How it Works
Ben prints a document to his
Canon MFD
uniFLOW OM
Server
Job is printed
immediately
How it Works
Stefanie makes
a copy
uniFLOW OM
Server
Job is copied
immediately
How it Works
Helen scans a
confidential
document
uniFLOW OM
Server
How it Works
uniFLOW OM
Server
Document
Management
System
Copies of each
print, copy,
scan and fax
are sent to the
uniFLOW OM
Server
Documents
checked for
restricted
keywords
Manager Frank informed that Helen has
scanned a restricted document
Documents compressed and
stored in the DMS for future
reference
uniFLOW keeps a full log, including the actual
document, of every copy, print, fax or scan
(Highly compressed, full text searchable PDFs)
(Stored in DM system of customers choice)
Gather and monitor logs selectively
Identify the source of leak quickly and accurately
Useful for : Government departments, departments
with highly sensitive information (personal data, pre-