HP J2383B HP Jetdirect Print Servers - Philosophy of Security - Page 13

• In many businesses, there is a good distinction between super secret documents and documents that are not confidential. Unfortunately, most documents fall into the grey area in between. In fact, without proper identification, there may be a debate between two peers on whether a document is confidential or not. • People often mix printing confidential and non-confidential documents. For instance, printing the latest Dilbert cartoon to post at your cubical or banners for the holiday party. This intermingling of business confidential documents and non-confidential documents often result in the business confidential documents being mistakenly treated as non-confidential. • In fact, usually the due diligence that a business would like to see performed for its business confidential documents is often performed for an employee's personal data instead. For instance, the activity known as Print & Sprint is more likely performed when an employee is printing their stock share plan performance summary than with a confidential internal reference specification. • Many individuals with a variety of different levels of access to confidential documents often use the same printers to print them out. An intern from college doing research and printing out publicly available documents as compared to a chief technology officer printing out the latest prototype design of a new product. • Many companies encourage environmentally conscious behavior - often placing recycle bins directly next to printers. Often, partial documents that were part of a paper jam are often placed in the recycle bin. Sometimes, documents that haven't been picked up and are taking up space are placed there. If these aren't recycling bins, they are usually trash bins. The confidential bins are usually further down the hall. No wonder people would rather talk about technology solutions - people solutions are hard! There is only one problem: the technology solution of requiring domain credentials to digital send doesn't actually solve anything. First, let's argue with the technology focused solution on its own terms: • It is never a good idea to supply your domain credentials to a computer that isn't a member of your domain (remember our Ockham's Razor example). In fact, it isn't a good idea to use your domain credentials on any computer that isn't the one you work with on a daily basis. Unfortunately, domain credentials have become the new "Driver's License" of identity in the workplace, often being used in places where they shouldn't be used. • Many domain credentials are long, full of special characters, and are difficult to type in on the Mini-Me style of keyboards in use by most digital senders. As a result, expect a jump in fax machine usage over digital send - in short, employees finding ways of bypassing your security. Now, let's cut to the chase: • Problem Statement: There is an unauthorized person in physical possession of confidential documents. They can simply take them, copy them and take the copy, fax them, throw them away in a specially marked trash bag for pick up later. Requiring domain credentials to digitally send doesn't address the issue anymore than having an encrypted hard disk would. Imposing rules on employees, posting signs to pick up your documents, automatically shredding documents after 6pm and so on will not really solve the problem either. People tend to go back to their old ways pretty quickly. A reasonably simple approach is to place printers and digital sending devices in an employee badge accessible room, with a glass door, and with a confidential bin. We can come to this conclusion not because of what we know about technology, but because of what we know about people. What are the benefits of such a solution? • It keeps employees productive. A badge accessible room is a minor inconvenience to employees. There are no special ways to print, logins, or rules to follow (or rules to try and 13