Managing Security and Compliance in the Open Workplace

1214XeroxArtIn today’s evolving and increasingly mobile workplace, laptops, tablets and smartphones are present at meetings, at the airport, in the car and in a home office, ready to respond to a text, email or call instantly. Technology has not only impacted the way we do business, but has also changed where we do business.

In the past, the workplace was a fixed location. Today, it is much different — telecommuting is extremely common, travel is more frequent, people have home offices and work in coffee shops and cafes. And how work gets done is changing just as rapidly — driven by cloud access, social media, virtual collaboration, technology and communication means. So, with the constant expectation to be connected and communicating with staff, work gets done on the go. Be it at home, in a client meeting, or at an airport, an on-the-go workplace creates unlimited opportunity for the sophisticated hacker or even the casual eavesdropper to become a corporate security risk.

With this risk in play, it’s no surprise that securing information is top-of-mind for CIOs as it scales across paper, digital, the cloud and social networks. Enterprises all face similar challenges around information — whether it’s digitizing that information, securing it, automating and simplifying it, reducing costs associated with it or most importantly, using it effectively.

In many ways information is the currency of business — it can be worth more than cash on the books, and getting the right information to the right people at the right time is the only way for a business to operate successfully. Organizations recognize this truth, and are looking for ways to simplify how work gets done while being more productive, mobile and secure.

So, how can organizations tackle the challenge to access, protect and capitalize their intellectual assets? It’s no easy task. With an always-connected workforce and this deluge of new information being created, security threats have become increasingly sophisticated and prevalent.

Securing personal property, documents and multifunction devices

When speaking with CIOs, I’ve found that their concern is growing as it relates to managing the vast amount of devices used within their company and protecting their company data from cyber-attacks.

You see, it’s not just smartphones and iPads they are concerned with — it’s any embedded device. In fact, businesses today are well aware of the risks associated with PCs, servers and computer networks, but what about securing printers, multifunction printers (MFPs) and the intellectual property that flows through them every day? Printers may not be top of mind for some, but if proper security isn’t in place, these devices can compromise an entire infrastructure from the ground up.

Some of the biggest security risks in a company are insider threats, which can be caused by employee carelessness, lack of knowledge and information about security procedures or inadequately managed printers and multifunction devices.

In 2012, a Xerox and McAfee study found that 87 percent of employees work at a company that has an IT security policy. However, one in 10 rarely or never followed the policy and two in 10 weren’t even aware that the policy existed. The security risks associated with these devices range from the disgruntled employee who uses scan-to-email to distribute sensitive company documents to a personnel file sitting in an output tray.

Managing and securing documents and important information must be part of a company’s core business process and should be fully integrated into the IT infrastructure. However, this may not be as easy as you think. Some companies don’t even know how many devices they have, how they are being used and if they are even the correct and most efficient solutions for their business. Therefore, they have no visibility into whether printers are presenting a security threat due to misuse.

Luckily, the measures being taken to protect original ideas, documents and research continue to grow and become more effective. Now, companies can confidently close the security gap.

Managed service providers promoting security measures

According to a report conducted by the Ponemon Institute, a staggering 43 percent of companies have experienced a data breach in the past year. It’s necessary for employees and companies to oblige by security policies and compliance regulations so a security breach doesn’t happen. Managed service providers (MSPs) can ensure companies achieve a level of security and compliance as information travels between employees through the infrastructure. As trusted advisors of the company, MSPs can help raise awareness about the risks related to printers and documents.

Let’s examine a number of printer security tools and techniques within managed print services (MPS) that organizations can utilize to seamlessly ramp up security and safeguard against potential threats:

  • Access controls — There is a large amount of sensitive and personal documents that sit unattended in output trays. Now, networked MFPs and printers can hold the print job until the user enters their own security code and stands ready to retrieve.
  • Encryption technology — This standard security capability scrambles data stored on the hard drives of printers and MFPs as an extra safeguard to ensure critical information doesn’t become accessible to unauthorized users.
  • Usage policies — Additional security is enabled by limiting scan-to-email and other settings on MFPs that prevent the devices from becoming conduits for distributing sensitive data.
  • Auditing software — MSPs can create reports about device usage and provide audit trails in case of alarming or suspicious activities.
  • Easy-to-use interface — Tools and dashboards can make security processes effortless — enabling employees to be more productive, collaborative and innovative.

Finding a way to meld personal ethics and technology becomes the final piece of managing this problem. The capability to use a mobile device for both personal and business purposes relies not only on passwords and network access, but also on personal responsibility. Organizations that trust their employees can enable their workforce with both technical access and personal freedom if they state the rules clearly, police fairly and treat abusers with appropriate consequences.

In the past, stealing an office pen or borrowing paper clips was viewed as a cost of doing business. Today, the costs of doing business are much higher. So, when digital access is compromised organizations cannot risk being complacent.

Push the envelope

Companies need to give their employees access to information when and where they need it, which leads to efficiency and productivity, but they need to find a balance between this collaboration and security. Managing the openness that workers want and expect, while controlling the access and use of multiple devices gets tougher every day. So, finding a middle ground is critical.

The most innovative organizations that are pushing the envelope are those that are taking proactive measures to implement systems so that their workers have the same capabilities and access to information combined with security. However, the challenge for organizations is that it’s requiring new layers of technology and processes.

MSPs have a great opportunity to help their customers develop and maintain a security policy that is not only understood, but also maintained. Smart devices require smart corporate policies and smart users to prevent and protect security breaches.

Communicating the risks, enforcing the rules and being proactive will build trust, protect digital assets and enable productivity at the same time. When, where and how employees use their devices and if they understand the risks and rewards from both necessary and appropriate access will separate the effective and profitable corporate organizations from those who fail.

MSPs can be the first line of defense for a company, protecting customers from the evolving security threat landscape. By identifying red flags, detecting vulnerabilities and providing the correct information on how to be compliant with regulations, MSPs can protect themselves and their customers.

Sidebar: America’s Largest University System Moves Forward With Secure Mobile Solutions

Parents and students put their trust in colleges and universities to ensure a student’s personal information is properly protected and used only for legitimate purposes. It’s a difficult balancing act for institutions, especially because data is shared and accessed by multiple departments and personnel such as professors, health staff and the students themselves, across many locations.

“Digital first” is one of the five technology strategies that the Division of Information Technology at California State University (CSU) at Fullerton has adopted. Fullerton is one of the 23 campuses in the CSU system, the largest university system in the U.S. with over 400,000 students. At CSU, improved collaboration was essential to managing modern information and communication strategies. In order to streamline communication and increase collaboration — all with security at the helm — the team embarked on a digital transformation of more than 3,700 faculty and staff members transitioning to a high tech innovative iPad solution.

By 2009, the university had developed iFullerton, a mobile app offering everything from campus maps to Titan radio. CSU Fullerton began exploring other ways mobile technology could simplify how work gets done all while maintaining a secure academic environment. Secure mobile print was the natural next step.

Providing printing freedom

CSU Fullerton rolled out a mobile print solution that’s simplifying work and garnering praise. Less paper equals more savings and faculty members are equally enthralled. “We deployed Apple iPad tablets to our faculty, management and some staff,” says Amir Dabirian, Chief Information Officer and VP of IT for CSU Fullerton. “Now we’re rolling out a Xerox solution that will let us print directly from our iPads and smartphones to devices across campus. We’re also scanning documents and distributing them digitally. As a result, we’re reducing our paper costs by $250,000 and using a portion of those savings to buy more iPads.”

A secure foundation

Student data, including grades, test results, transcripts, personally identifiable information and classified research is being stored by more universities than ever before. Successfully securing this data starts the instant it is entered into the system – and this vast amount of information is typically collected through document scanning and other electronic means. In order for information at this stage to stay protected, data transmission should be encrypted from start to finish.

With that said, security was critical to the iPad project, as the university’s online threats can top 32 million a month. Fortunately, Xerox mobile printing offers built-in safeguards, such as the user’s ability to control when a document releases to print. Secure printing on demand is available on campus as well as hard copy scanning into a digital format for easier sharing, distribution and printing. These initiatives have enabled student education through innovative mobile technologies without the need to worry about security breaches.

“Technology infrastructure and mobile computing all play an important role in the day-to-day life of our students,” explains Dabirian. “Students expect to have high-quality technology available in their education. We have to meet those expectations.” And indeed they have. The results from the partnership speak for themselves. In addition to savings on paper consumption, the university has greater sustainability due to decreased printing and paper usage.

Safeguarding student information will continue to be a key factor for building trust with parents and students. Institutions are meeting the challenge to keep data secure and close gaps that expose student data to theft.

“We want partnerships that move us to the next level of digital services,” concludes Dabirian. “Xerox has enabled us to put a lot of major projects together. The more innovations our partners provide, the less I do internally and the more we do for our students.”

This article originally appeared in the December 2014 issue of Workflow.

Kirk Pothos is Vice President of Global Development, Xerox.