The General Data Protection Regulation (GDPR) is enforceable as of May 25, 2018. One of the lesser known requirements of GDPR is that it requires TLS (Transport Layer Security) encryption protocol on any network device that communicates with another system. As a Managed Print provider, we get asked about GDPR quite a bit as it relates to network printers.
While this is not a new protocol, we've discovered that many organizations haven’t accounted for networked multifunction printers (MFPs). There are lots of models in the field still on Secure Socket Layer (SSL) or early versions of TLS, which are seriously vulnerable. If your company is subject to PCI compliance, you likely already know that TLS 1.1 is required (TLS 1.2 is preferred) effective June 30, 2018.
Even if you’ve already taken steps to upgrade your print/scan devices to TLS 1.1, there’s a “gotcha” that could cause workflow disruption for end users and a burden on your IT or your budget if you’re using scan to email with Office365: After October 31, 2018, Microsoft will not support anything less than TLS 1.2 for O365.
This means if you’re using anything less than TLS 1.2 for scan to email with O365, your scan workflows may fail and cause a significant impact on business processes throughout your company.
What Are Your Options?
In some cases, the fix may be as easy as a firmware update. However, manufacturers may not offer a firmware update depending on the age MFP model. In that case, you’ll be faced with some decisions:
- You can decommission the device and require users to utilize another MFP if there’s a newer, compliant model in the area
- As a side note: We generally recommend MFP placements within a range of 25-30 paces or 50 square feet when site planning and right-sizing an organization’s print environment. There are, of course, times when exceptions to this rule apply
- If you don’t have a newer model in the area with TLS 1.2 functionality, then you may need to find room in your budget to purchase or lease a new MFP
How to Get Ahead of the Curve – GDPR and Beyond
Companies are getting pressured from every direction; they’re being forced to reduce costs and simultaneously do more with less, keep up with the evolution of compliance and IT complexity, and empower productivity. Data is exploding rapidly and how companies utilize technology to protect, access, and connect structured and unstructured data to ease those pressures will be a catalyst for gaining a competitive advantage in the marketplace.
An organization’s print environment isn’t always the first thing that comes to mind when developing a strategic plan for data management. Yet every document in an organization is tied to a business process related to making money or meeting financial obligations – think sales, marketing, HR, A/P, A/R, Legal/Contracts, R&D, etc. – and there’s business-critical data embedded in all of it. A Gartner study found that only 10% of organizations have a grasp of their print landscape or how much they spend. The 2017 Verizon Data Breach Investigation Report stated that 25% of data breaches occur internally and that while attackers are using new tactics, the overall strategies are the same.
88% of breaches fall into the same 9 patterns identified in 2014, one of which is theft and loss.
Infographs from Verizon’s 2017 Data Breach Investigation Report (p.2, p.5)
“Managed Print,” an often-overused buzzword with various meanings depending on your perspective, should take on more than just a break/fix and supply model for your organization. It should be a proactive roadmap that:
- Drives efficiency for end users and IT so they can focus on business-revenue-supporting activities
- Secures, audits, and reports data that flows through the company
- Outlines a continuous process of assessment to develop standards and solutions that create a secure, efficient environment reducing profit leaks and mitigating risk
A strategic managed print roadmap will help you leverage technology and data to keep ahead of the rapidly changing universe of compliance and technology solutions.
Developing a roadmap goes beyond identifying the cheapest models and lowest service click rates. Start with a business process and technology assessment that evaluates business goals and initiatives, processes related to business-critical document management – i.e,. all-things related to print/scan/document workflows: who, what, when, where, and why documents are created/stored/printed. Then, review the role of IT and InfoSec for design, implementation, compliance, and support. Utilizing the results from the assessment to pinpoint gaps and bottlenecks in the flow and access of data, the next step is to develop a roadmap documenting a phased approach to implement solutions and services that fit your organization’s goal to optimize business process, productivity, security, and cost management.
The End Game... That Never Ends
Periodic reviews of your roadmap to rinse-and-repeat your assessment of business goals, processes, and industry trends will ensure that you’re ahead of the curve as demands of compliance and technological capabilities evolve. Focusing on business process in your managed print program instead of products will align your technology with your business goals and initiatives. The results will transform your print technology from a cost center to a strategic asset that leads to a greater ROI on your investment and a more agile, secure organization.