HP seeks to secure the printer

HP seeks to secure the printer

Company looks to leverage financial security into printing

Hewlett Packard is releasing a new system to secure the process of printing documents.

Most enterprises don't consider the printer to pose any sort of security threat. Discounting the risks of having a printer on the network is an invitation to disaster, claims HP.

The company contends that groups ranging from US weapon design facilities to primary schools have experienced data breaches as the result of compromised printers.

"Hackers are looking for the weakest link," Gary Lekowits, director of HP's secure advantage program said at a meeting with reporters in San Francisco.

"And if you look at a printer, it has an embedded OS, it has storage, and very few controls."

Because the printer is atteched to the network, it can be just as vulnerable as other connected devices, and can allow both internal and external attackers to steal data.

In order to secure the process of printing sensitive data, HP looked to an unlikely source: the automated teller machine (ATM).

HP's Atalla division has been providing security modules for ATM transactions for more than 30 years. The modules are responsible for encrypting and decrypting data before it is sent between financial institutions. The company estimates that it secures roughly 80 per cent of transactions in the US.

HP's solution for securing printing operates along similar lines. The new Secure Print Advantage system features a series of devices that encrypt and decrypt data traveling between the workstation and the printer with government-grade FIPS 140-2 Level 4 encryption.

The first step of the process is a module installed in the user's desktop or notebook computer which encrypts the outgoing data and sends it to the Secure Document Server. The server then scans the document for malware and, if clean, the document is either re-encrypted and delivered to the printer or held for another user to access.

From the Secure Document Server, the document is then passed along to a Secure Printing Module, which decrypts the information and transfers it to the printer.

The printing module can also be equipped with a keypad or card-reader to ensure that documents print only when an authorized user is present rather than sitting in a printer tray out in the open.

The company did not release any pricing information, but HP admits that the system initially will be expensive. It is therefore expected to appeal mostly to high security government agencies and lawfirms or regulated industries such as or financial and medical institutions.

However, the company hopes that the technology will eventually make its way into smaller operations, similar to how other security systems transitioned from high-security networks to small and medium business and consumers.

"As little as fifteen years ago, none of us knew what a firewall was, and we thought a virus was something that people caught," said Michael Howard, manager of security solutions for HP's imaging and printing group.

"It took some time before people realized the importance of that, and that's where we are today with [printing]."

HP plans to make the Secure Print Advantage system available to the general public by February of 2008.