Canon Stresses Security with Latest PlotWave Printers

Increased awareness of risks will spur administrators of wide-format printing environments to secure vulnerable components, the company hopes.

Security is a concern — or it should be — for everyone who stores and transmits important data in digital format. In the CAD community, we often hear about concerns related to cloud-based data storage, for example. But how many CAD users look at the trusty wide-format printer in their office and see a security risk?

Canon Solutions America, a subsidiary of Canon U.S.A., is looking to change perceptions on the subject. The company is pressing everyone who creates technical documents to adopt a stricter security strategy in their wide-format printing environments, and is making changes in its product lineup that support this push. Canon’s Océ PlotWave 345, 365, 450, and 550 large-format printing systems, released this year, feature increased security features that the company “will be making available across the board over time,” said Dan Zemaitis, product marketing manager at Canon Solutions America.

“Security means many things in the wide-format printing world,” Zemaitis noted. There are multiple points of vulnerability in a wide-format printing environment, but the most crucial is the controller — an onboard computer that serves as the communication point between the user’s computer(s) and the printer. “It’s the heart of the system,” said Zemaitis. An unsecured controller is exposed to both simple errors — such as an employee accidentally changing settings and sending print jobs elsewhere — and intentional attacks, including attempts to infiltrate the network.

Getting Better Control over Controllers

Because the controller is the most vulnerable part of the system, Canon is building in additional safeguards, said Bob Honn, marketing director at Canon Solutions America. For example, USB access to the controller can be turned off, preventing anyone from using a keyboard or mouse to control the system.

The security-hardened controller is also designed as a closed system, Zemaitis explained; users can only access features for printing, copying, and scanning, and cannot access the graphical user interface (GUI) or the operating system. In addition, the most vulnerable modules on the controller’s embedded Windows operating system are disabled, along with any unused components, and the Windows firewall is configured to limit the number of open ports.

Once data is transferred to the controller, it can be encrypted to prevent unauthorized users from accessing it, and “e-shredding” — analogous to shredding sensitive paper documents — overwrites data after the print, scan, or copy job is complete. None of these features interfere with normal printer operation, or are even visible to users. “It’s not up-front and hands-on — it’s all happening behind the scenes,” confirmed Zemaitis.

In addition to safeguarding the system architecture of the controller, Canon stresses the importance of preventing access by unauthorized users. With the company’s access management system, the system administrator can require that all users authenticate themselves before printing, scanning, or copying by using a smart card or a lightweight directory access protocol (LDAP) password. “We’re seeing increasing requirements for user authentication, through software or the control panel,” noted Honn.

IP Matters in Every Industry

Concern over the security of proprietary designs is widespread in manufacturing industries such as heavy equipment, shipbuilding, automotive, and aerospace. The need for precautionary measures isn’t limited to manufacturing-focused firms, however. “Even those that might not be as vulnerable, they still don’t want to be put in a compromising position,” Honn observed. He used the example of someone taking architecture design information to a competing firm, and using it to win a project. “It’s still intellectual property [IP] that could be used to gain business and harm the competition.”

The greatest level of concern is evident in those companies involved in high-security projects where lives are on the line, including government, defense, national security, and nuclear power projects. “The more sensitive the data, the more important security is going to be to that enterprise,” Zemaitis said. The new PlotWave models are compliant with the Federal Information Processing Standard (FIPS) Publication 140-2 federal security standard, he noted.

Adapting to Threats

Like anti-virus software, measures to mitigate printing security threats must continually evolve. Canon Solutions America releases updates and patches on an ongoing basis as new vulnerabilities arise, Zemaitis noted.

Not everyone is currently using a printer with security capabilities, of course, or is in the position to invest in one. Honn advises those professionals to check with their vendor; depending on the age of their equipment, there may be firmware upgrades available that can improve security.

Taking a Holistic Approach

Canon notes that there are risks in the wide-format printing environment beyond the printer itself. Administrators should reinforce network security to prevent unauthorized access and hacking of print files and infection of the controller, and use encryption mechanisms and security protocols to preserve data confidentiality during communication between the controller and other devices, the company advises.

Comments