With the news media bombarding us with nightly headlines about the leaking of confidential information and massive security breaches of both the physical and digital variety, you would think that the subject of security would be the seminal issue of our day. And while in some ways the issue of security is paramount from a societal perspective, there is an aspect of security related to business information workflow that gets little attention – securing traditional office technology.
Customers continue to ask about the basics related to office technology security: "Does your device provide capabilities to manage ports and provide for basic access control?" "What kind of operating system does your device utilize?" Or my personal favorite, "Do you provide hard disk drive overwrite protection?" While these are all valid security questions in connection with office technology deployments, I have a few questions of my own: "Is this all we're concerned about?" "Haven't we moved past the hard disk drive question?"
Of course, some security is better than nothing; however, when I hear these questions it leads me to the conclusion that not much thought is going into the manner in which a customer will secure office technology once implemented in their environment. Has a customer asking these basic questions really stopped to think about how the technology will be used? Have they considered the type of information flowing through these systems on a daily basis or how integrated these systems will be to daily work processes? Have they considered that's it's relatively easy to overcome the basic protections provided via user authentication, port management and overwriting hard disk drives? Do they realize that most of their security challenges lie within their own organizations, whether driven by ill will or from well-intentioned employees? Have they stopped to consider that their next security issue will likely result from paper that walks out the front door?
Having been around IT for my entire career and having lived in the office technology space for the last 20+ years, I continue to be amazed at the gaping security holes that exist in most customer environments in connection with their use of traditional office technology. Yes, most customers are securing the hard disk drives in their devices – heck, the industry did that for them by making this feature standard – but this action still represents the one, and in some cases, only step that many customers have taken. What is frightening is that only a small percentage of customers have gone beyond this basic measure. I thought, maybe the industry is at fault? Maybe those of us in the industry haven't done enough to educate customers about the risks or the solutions? Guess what? It's not the industry's fault. There is ample information and education available to customers to not only understand the risks, but to also understand the ways the risks can be addressed.
So why is it that many customers continue to leave themselves, and in many cases, their most valuable information exposed? I can only surmise that many customers don't perceive there to be a significant threat or don't rank the securing of office technology as a priority when compared to securing their network infrastructure or facilities. Maybe they just don't care!
Actually, the fact that customers ask questions concerning security is at least an indication that they do care. Maybe, however, the questions being asked and answers being provided are the wrong narrative. What if we started the conversation about security by asking the question, "What would be the impact to your company if your new product plans waltzed out the front door and landed in the hands of your competition? Can you quantify the potential damage? What if it were the social security numbers of your entire patient database?” Actually, quantifying that one is not pretty!
Suffice it to say, the time has come for customers to think differently about the ways in which they secure office technology. User authentication and port management are not enough. Customers need to think in terms of forensics and prevention. Regardless of where you are in securing these assets, I have one simple request – please stop asking if we can overwrite the hard disk drive! It’s covered, I promise – now let’s focus on the things that aren’t.