post

ZONE SE7EN > Blog > Data & Information Management > Does your MPS Provider Bring a Security Mindset?

Does your MPS Provider Bring a Security Mindset?

Guest article by Darren Cassidy, Managing Director of Xerox UK

Endpoints have a habit of popping up unexpectedly, usually just when you think you’re getting control over the security risks within your enterprise.  Your network nodes – the PCs, the servers – need protection but who thinks about the vulnerability of your multifunctional printers (MFPs)?  It’s a dangerous game underestimating what’s at risk here.

Large enterprises create millions of impressions of their data each year using printers and copiers, and much of this information is vulnerable.  Information security (InfoSec) professionals are paying particular attention to these critical endpoints.

Key finds from the ESG Research Endpoint Security Survey reveal that 66% of organisations have re-evaluated their endpoint security policies and processes in order to create a plan for improving endpoint security.

In addition, 85% plan to spend more on endpoint security moving forwards and 57% have already increased the security budget earmarked for endpoint security.

While 56% of those surveyed believed they can now effectively and efficiently secure endpoints, 41% express concern with their ability to do so, and a further 23% of organisations cited monitoring endpoint status as their biggest security weakness.

To deal with the issues of endpoint security policies, sometimes organisations will outsource services where they lack adequate skills or coverage and this is true of security services as well.  Citing benefits like improved incident detection and response, and cost reduction, research from ESG TechTruth reveals that more than half of enterprise organisations use a managed security service in some capacity to protect their endpoints.

If you are already outsourcing print and document services to a Managed Print Services (MPS) provider, you may be closer to an endpoint security solution than you realise.  Because of their closeness to endpoint technology as it relates to documents, MPS providers can be a natural choice for endpoint security, too.

If you plan to discuss endpoint security measures with an MPS provider, make sure these five topics are on the agenda, after facing the initial question of whether the vendor will work with you to assess security needs.

1. Recommendations for Devices, Placement and Optimisation

Be sure to question whether the vendor will help you select the best devices for security purposes as there are many things to consider here.  Sometimes the most secure device is a locally connected one.  Are any devices hidden from view, such as systems in copy rooms?  This increases opportunities for security breaches and a qualified vendor would note this in their security assessment and recommendations.

2. Commitment to Security Innovation

Another aspect to consider; how does the vendor stack up regarding ongoing investment in security research, development and engineering?  Xerox, for example, has five research centres worldwide and devotes a percentage of revenue to security and other critical research, development and engineering projects.  Do your research!

3. Digital Alternatives for Digital Transformation

Paper is the least secure way to manage information, yet we still park so much of our business data there.  Can the MPS vendor help you find ways to scan and digitally secure information in trackable formats?  Do their MFPs use ‘fax forward to email’ to digitise documents for tracking and security?  What about digital alternatives to drive paper out of business processes altogether?

4. Standards-based Technology

Endpoint device security can impact your level of compliance with regulatory and industry demands.  Are the vendor’s products designed to support standards like HIPAA, Sarbanes-Oxley, the Gramm-Leach-Bliley Act (GLBA) and the FDA 21 CFR Part 11?  Does the vendor seek third party validation of device security by participating in the International Common Criteria for Information Technology and Security Evaluation program for certification?  Do they submit the entire device for evaluation, not just a security kit?  This matters to high security enterprises like government agencies purchasing MFPs with hard drives.  It ensures extra protection is built into the device.

5. Integration with Minimal Disruption

How invasive are the provider’s security measures?  When enterprises aren’t required to install third party applications or software on their workstations, they avoid needless complications and disruption.  Automated approaches supported by skilled service teams ensure interruptions for security measures are kept to a minimum.

Managing device security requires specific capabilities and technology that not all MPS providers may have.  This is why it’s important to address these five points before turning to your MPS provider to manage your endpoint security solutions.  Outsourcing security is an effective way for enterprises to take control of security risks – putting their organisations at much lower risk of attack.

——————————————————————————————————————

Darren Cassidy - Xerox

About the author:

Darren Cassidy is managing director for Xerox UK, overseeing the performance of Xerox’s UK arm and directing the strategy for building long-term growth.

Since joining Xerox 23 years ago, Darren has held a variety of senior sales and channel management roles in the UK and across Xerox Europe. He managed Xerox’s UK channel and sales teams for two years in 2006 before becoming VP of Large Accounts across Europe. Prior to his appointment as MD, Darren was VP of Global Managed Print Services Offer and Business Development.

Outside of work, Darren is a keen sports enthusiast.  He played National League rugby in the UK and has represented and captained his county at all levels. He has also played semi-professional football and enjoys cricket and golf.

Subscribe to our mailing list

* indicates required Email Address * First Name * Last Name *