by John Villegas, ELATEC

Information security is more important than ever. Companies need to protect sensitive intellectual property (IP), financials, customer data and personnel data. Stronger data privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR), leave businesses vulnerable to fines and lawsuits if certain kinds of data are exposed. Companies in some industries, such as the healthcare industry, may have additional information security requirements.

In addition to putting data at risk, unsecured printers often create cost control problems. Printer output picked up by the wrong person leads to waste if the original user has to resend the job. And without proper controls in place, individuals and departments may not consider costs and material use when making printing decisions. A print management system can track costs by user and department and designate who is allowed to print, how much they can print, and what types of documents (e.g., color vs. black-and-white) they can print.

Most companies have taken steps to secure electronic data. In this environment, printers may be the weakest link. Printers are usually located in easily accessible areas and designed for convenience rather than security. MFPs can expose data in several ways.

Of these threats, the first is by far the most common. According to an industry survey¹, 59% of companies reported a print-related data loss in 2018, with most of those losses involving accidental or intentional actions of internal users. With more than 90% of businesses still reporting that they rely heavily on paper for daily operations, print security must be taken every bit as seriously as digital information security.

The best solution for secure printing may be one that most corporate employees already have in their pockets: an ID card or badge with Radio-Frequency Identification (RFID).

SELECTING THE RIGHT RFID READER FOR SECURE PRINTING

There are many different RFID reader technologies to choose from. Printer manufacturers and MPS software providers wishing to integrate RFID into their secure printing solutions need to understand the differences and select a reader technology that meets the needs of their clients and end users. In particular, developers should ask:

• Will the reader work with the card technologies already in use by clients and end users?
• Does the reader support the functionality and security requirements needed by my application?
• How easily can the reader be reconfigured or updated as end user requirements or market conditions change?

Challenge: A Highly Diverse RFID Market

There are dozens of RFID card transponder technologies in use around the world, each with their own data formats, communication frequencies and security capabilities. Cards can be broadly separated into high frequency (HF) and low frequency (LF), depending on the radio frequency band range they use to communicate. However, within these categories, cards by different manufacturers have their own unique formats.

Printer manufacturers and software developers intending to sell to a diverse market may need to be able to accommodate 60 or more unique card technologies. End users often do not know what kind of card technology they are using and may have little choice in the matter; if companies lease building space, they generally must use the card technology put in place by the building owner. Fortune 500 companies with multiple locations, or that have expanded through mergers and acquisitions, may end up with multiple card technologies used within a single network. Most organizations are not willing or able to change their existing ID card technology to accommodate user authentication and access control for print management, and do not want to make employees carry multiple cards.

Most RFID readers can only read a few different card technologies, and some are created by card manufacturers to read only their own technologies. This means that manufacturers wishing to expand their market opportunities may have to stock different readers for different customers. This creates both sales and inventory management challenges. Salespeople must discover the card types being used by prospects before placing an order to determine which part to use or whether their card technology can be accommodated at all. For large companies using more than one card technology, there may not be a single reader in inventory that can read all of their card types. Printer manufacturers and MPS developers intending to sell internationally or to multinational customers face additional challenges, since most RFID readers are only certified for use in a few countries or regions.

Challenge: Widely Dispersed Devices or Systems

A large company may have dozens, or hundreds of printers distributed throughout their organization. This makes it extremely difficult to update or reconfigure the RFID readers and ensure that none of them have been missed.

There are several reasons why RFID readers may need to be updated or reconfigured. End users may adopt a new card technology. Emerging security threats may require manufacturers to enable advanced encryption or other security features for identity management. Or software developers may want to add new functionality to their print management solutions.

Field reconfiguration of most RFID readers is time-consuming and expensive. Technicians must physically access each reader, in some cases removing it from the printer in which it has been installed. If the installed reader cannot be configured to meet the new requirements, it must be removed and replaced. For IT managers, this means that every single RFID-enabled printer throughout the building or campus must be tracked down and updated. Missing a reader may result in an unexpected device failure. Printer manufacturers may also face significant expenses if they have unsold inventory in stock that must be replaced or reconfigured.

Changing Market Requirements

The business ecosystem has become increasingly sophisticated and complex with the growth of networked IT solutions and the proliferation of connected printers and other IoT devices. Businesses want to be able to take advantage of the benefits of networked systems and devices while maintaining privacy, confidentiality and security. Some companies are also moving towards emerging identification systems enabled by Bluetooth Low Energy (BLE) or Near Field Communications (NFC) through smartphones or other mobile devices. RFID readers will need to adapt to support these evolving functionality requirements.

Most readers are limited in both their current functionality and potential upgradability. Printer manufacturers and software developers may find themselves “locked-in” to current functionality and security capabilities around user identification, authorization and access control by their RFID reader solution. Addressing emerging market opportunities, in this case, would require physically replacing the RFID readers in their systems. This limits the shelf life of their products and their ability to respond to customer needs.

PRINT SECURITY MATTERS

Convenience and functionality can come with a hidden price. Today’s networked printers are part of an expanding business ecosystem of IoT devices. As an IoT endpoint, MFPs have security vulnerabilities that can create costly headaches for businesses. The RFID reader is important layer. Choose wisely.

¹ Quocirca (2019) Global Print Security Landscape, 2019.

John Villegas is VP of Sales and Business Development – Print Solutions for ELATEC Inc. John and his team provide consultation and support to printer OEMs, integrators and dealers. ELATEC is a designer and manufacturer of user authentication and access control solutions for print management and numerous other applications worldwide. For more information, contact John Villegas at 772-210-2263 or [email protected].