Canon EMEA discusses print security

Jun 24, 2015

The OEM’s Director of Information Security spoke about the need to look “at the big picture”.

Quentyn Taylor, Canon EMEA's Director of Information Security

Quentyn Taylor, Canon EMEA’s Director of Information Security

InformationWeek interviewed Quentyn Taylor about “the role of print security”, with Taylor Canon EMEA’s Director of Information Security. The site spoke to him before he gave a talk at the Interop London event in mid-June, with Taylor stating that “in order for security pros to get out in front” of growing threats, they need to “take a step back and look at the bigger picture”.

Taylor commented that he looks after “a large chunk” of information security “on the product security side”, and added that Canon’s internal security team is “very externally focused”, allowing them to be a “first point of contact” for consumers when it comes to print security. He noted that “what goes through your printer” generally consists of “the most important documents […] that you tend to print, scan, fax”, with this important documentation needing to be protected.

He went on to state that “most large corporates are running a print network” with print management software, and “all of th[e] data that’s flying around” means many security staff “may be unaware of where that data actually resides and how sensitive that data is”. He addressed fines from the UK’s Information Commissioner’s Office of “tens, and tens, and tens of thousands of pounds” for people “picking up what [they] thought was [their] print job”.

These people have sent the documents to customers erroneously, and Taylor pointed out that “that’s enough to get people fired and fined. These are real-world impacts with respect to printer security that need fixing”, with many people having “walked up to a printer and found a big pile of paperwork sitting there with very sensitive documents in it”. However, there are “obvious technological solutions” to solve these issues, such as cloud and secure print, he noted.

Questioned on whether print security is “really a big deal”, he responded that “this is exactly the point”, as people have not heard of printer security, nor do they consider it as important. He used the analogy of herds, with information security people following the masses, but added that “just as herds can be a big advantage, they can also be a problem”, as what everyone else is doing may not be as important to your business as something else.

He added: “It’s too easy to get caught up in the risk of the day and kind of forget why you’re there or why you’re being paid to be there, which is actually to help manage the risk in your organisation. If we’re in a herd, and we’re all using the same controls, and those controls are considered to be best practice, then yes, of course, we gain the whole shoaling benefit of protection – safety in numbers. We’re all doing our patching in the same way, therefore, we should all be safe.

“Challenge commonly held perceptions. Don’t be doing something because everyone else is doing it. There are certain technologies in the InfoSec world where we all do it just because of the fact that it fulfils an easy audit question: ‘Do you have X?’ ‘Yes, I have X.’ That’s perfectly acceptable, but it’s only acceptable if you know why you’ve done it – and that you have done it.”

Search The News Archive