TITEL

Security versus usability

SPREKER

Dennis Rijbroek, systeemarchitect, Océ

TAAL

Nederlands, sheets Engels

ABSTRACT

It is becoming evident that print devices can be a security leak in a working environment if they are not properly configured. Confidential business information could become public by the (remote) accessibility of these devices. With inefficient security features present, print jobs that are send to printers can be viewed, printed and/or exported by anyone, remote access is sometimes not protected by a user login and with some more effort print jobs that are transported over the network can be monitored.

To counter this, printer manufacturers are implementing a lot of security features in order to ensure the integrity and security of the print jobs. Also, legislation (government), regulation and security standards (IEEE P2600) are formed to which print devices must adhere. Having a ‘security-certified’ printer is even becoming mandatory for selling print devices to certain markets, e.g. governments.

However, there is a fine line between a print device that is secure enough for its environment and a print device that is easy enough to be usable by the day-to-day operators. Putting all print jobs behind a user login with an automatic login after a few minutes of disuse, may be perfect from a security point of view, but the printer operator who has to log in 100 times a day finds this solution completely unacceptable. Additionally, if security becomes too cumbersome for the users, they will circumvent it.

The impact of this fine line is directly visible in the architecture (e.g. due to certification requirements), system behaviour and usability of the print device. In this presentation I want to show how Océ is dealing with this problem.