Another Brick from the Wall - Leadership thoughts
Jericho Forum
Subscribe to this blog
About Author
The Jericho Forum is an international group of organisations working together to define and promote the solutions surrounding the issue of de-perimeterisation. Members include top IT security officers from multi-national Fortune 500s & entrepreneurial user companies, major security vendors, government, & academics. Working together, members drive approaches and standards for a secure, collaborative online business world.
Contact Author
Email JerichoThe perils of cloud printing
Paper - the data leak for a new decade?
Published 15:11, 10 January 11
There is a lot of hype about the latest application to make it into the cloud, namely printing.
While it is true that printers have been tied to corporate networks, and in the past have been notoriously neglected by recent mobile devices - is the cloud really the answer?
There are promises of public printers and direct connections to customer/client printers to print contracts, all of which are, on the face of it, a good thing. But let’s just take a quick step back and think about some of the potential security issues.
Anyone who has ever tried to connect to a corporate network printer in an office which you don’t normally use will know the pitfalls already. Firstly, the printer is not where you thought it was, or it doesn’t work, or someone has accidently picked up your printout before you could get there and find it. Even if you have used it before, it can have moved, or been renamed or you accidently picked the wrong one...
Now, let’s move forwards to 2011, a new decade has begun and we can use the cloud to print and public printers. These are great if you can find and use the one you want and happen to be sitting next to it... and the name hasn’t changed... and... the list that troubles cloud printing is the same as that which with corporate network printers, but the consequences can be significantly worse.
Imagine connecting to the wrong client printer (on the other side of the world) and sending the latest contract... or even if you get the right printer, but the wrong person gets the information. What about if you were printing an application form which contained your own bank details and sent it to the wrong coffee shop public printer by mistake... how would you get it back?
What if someone was intercepting the print stream, or if the printer kept a copy on its hard disk which was then accessed by a cyber-criminal?
Most data leaks are down to poor policies and procedures and user mistakes, but that is not an excuse. If you are considering using the cloud for printing, then start by putting in place some policies, and train staff on them and the potential consequences of getting it wrong.
At least once a year there is a data loss incident that includes papers being left on a train, or in a restaurant, or a skip. Cloud printing could create a whole new genre of data loss stories.
Guy Bunker, Jericho Forum board member
While it is true that printers have been tied to corporate networks, and in the past have been notoriously neglected by recent mobile devices - is the cloud really the answer?
There are promises of public printers and direct connections to customer/client printers to print contracts, all of which are, on the face of it, a good thing. But let’s just take a quick step back and think about some of the potential security issues.
Anyone who has ever tried to connect to a corporate network printer in an office which you don’t normally use will know the pitfalls already. Firstly, the printer is not where you thought it was, or it doesn’t work, or someone has accidently picked up your printout before you could get there and find it. Even if you have used it before, it can have moved, or been renamed or you accidently picked the wrong one...
Now, let’s move forwards to 2011, a new decade has begun and we can use the cloud to print and public printers. These are great if you can find and use the one you want and happen to be sitting next to it... and the name hasn’t changed... and... the list that troubles cloud printing is the same as that which with corporate network printers, but the consequences can be significantly worse.
Imagine connecting to the wrong client printer (on the other side of the world) and sending the latest contract... or even if you get the right printer, but the wrong person gets the information. What about if you were printing an application form which contained your own bank details and sent it to the wrong coffee shop public printer by mistake... how would you get it back?
What if someone was intercepting the print stream, or if the printer kept a copy on its hard disk which was then accessed by a cyber-criminal?
Most data leaks are down to poor policies and procedures and user mistakes, but that is not an excuse. If you are considering using the cloud for printing, then start by putting in place some policies, and train staff on them and the potential consequences of getting it wrong.
At least once a year there is a data loss incident that includes papers being left on a train, or in a restaurant, or a skip. Cloud printing could create a whole new genre of data loss stories.
Guy Bunker, Jericho Forum board member
Print
Email
