Ashish Malpani

A recent study conducted by IFSEC Global reveals how trusted identities can serve as the backbone for smart buildings and today’s connected workforce. Sponsored by HID Global, the access control study on the connected workplace explores the trends in smart buildings and the increasingly important need for identity-aware building systems that offer greater convenience, security and productivity. Integrated Smart Buildings Most respondents want more integrated smart buildings and business applications that seamlessly work together"“Most respondents want more integrated smart buildings and business applications that seamlessly work together. While many of them are realizing these benefits by using common management frameworks with centralized databases, this approach is generally quite expensive,” said Ashish Malpani, director of product marketing with HID Global. “The study reveals how trusted IDs offer a viable alternative for achieving a connected building at lower cost, better ROI and improved user experience--all by providing systems with knowledge of identities and their authorizations for access to elevators, parking garages, vending machines, printers and other systems.” IFSEC Global’s study focused on how the access control infrastructure combined with trusted identities can connect disparate systems for enhanced monitoring and a better user experience as people enter and move around buildings, access various systems and consume building services. Building Systems-Access Control Integration More than half have already connected their building systems to access control applications According to the report, 85 percent of respondents are aware that identities can be connected across multiple systems and devices, and more than 60 percent believe that having everything on one ID card or mobile device will provide operational efficiencies. More than half have already connected their building systems to access control applications, and converging systems can even be a factor in deciding to upgrade the access control infrastructure. Top applications include integrated logical access, AV conferencing, elevators, secure print, locks for interior draws and racks and HVAC control. Other key findings include: 63 percent define their building as “smart” to at least some degree, a 13 percent increase as compared to a 2016 IFSEC Global report on smart buildings. 60 percent of access control systems are already integrated with other buildings systems. Roughly the same percentage believe that system integration is hugely beneficial for user convenience while adding value to existing systems. 51 percent of respondents have already integrated time and attendance systems. 45 percent cite asset tracking as the most likely system to be integrated in the future. System integration can also be a trigger for access control upgrades – at least 40 percent cited converged physical and logical access as a decision factor. Other top upgrade triggers include enhanced security (65 percent), multi-factor authentication (46 percent), and multiple ID form factors, such as mobile devices and cards (41 percent). Two-thirds of respondents believe that IT and facilities/security management teams need to work together more closely when buying, installing and using new technologies. Internet of Things Another finding from the IFSEC Global study is the growing awareness of the Internet of Things (IoT), with 86 percent of respondents either “very aware” or “modestly aware” of the IoT. For a more connected workplace, trusted IDs can help organizations take a first step towards integrating building systems by securing, customizing and enhancing IoT applications that help connect people, places and things.

Colleges and universities have been targeted in the last several weeks with a series of bomb threats received via campus printers and fax machines. Targeted institutions included Vanderbilt University, the University of Southern California, the University of Virginia and the University of Detroit Mercy, among others. Businesses were also among the targets. Around 100 organizations in all received print-outs, faxes or emails demanding that a $25,000 ransom be paid to a Brazilian citizen to avoid detonation of explosives allegedly planted on the sites. The police determined that the “form letter” threats were part of a hoax and not credible. The situation highlights the need to proactively secure access to printers in today’s networked world. SourceSecurity.com asked Ashish Malpani, Director, Embedded Solutions Product Marketing at HID Global, for insights from a technology perspective. SourceSecurity.com: What are the best practices for securing access to a printer? How widely employed are such practices (i.e., how vulnerable are most printers today?) Ashish Malpani: Most network printers in university environments are secured using several best practices. They include: Set a strong administrator password. Modern MFPs (multi-function printers) have a web interface for configuration and control. By default no password is set so it is important to set a strong admin password. Restrict network access to campus. Ensure that only campus IP addresses are able to access the printer. Disable unnecessary services. Disable services like FTP, Telnet, other network (and discovery) protocols, etc. Implement firmware updates. Securely dispose of MFPs. A recent scan at University of Nebraska at Lincoln found that, in spite of all security practices, 12 percent of printers still have open port and password issues. SourceSecurity.com: How can systems be set up to accommodate students who need access to printers from off campus (or outside the firewall)? Malpani: In the university environment, the need for off-campus print access is prevalent. One of the ways to enable this capability is to force students to connect to the university network using a virtual private network (VPN). However, this is inconvenient and doesn’t usually support printing on demand or printing from handheld devices and cloud storage. An effective way to address this issue is to deploy a secure printing solution, where the users are required to authenticate themselves before the print job is released to the printer from a centralized pool. The benefits of this approach are increased convenience and ability to print at any printer on the campus. However, most printer manufacturers support entering a PIN for authentication, and it is not necessarily secure or convenient when you want faster access. However, new innovations in secure printing have made the printers more identity-aware and rely on everyday devices such as cellphones and wearables for authentication, resulting in secure and convenient access. SourceSecurity.com: Whose responsibility is the security of a printer? Should manufacturers be doing more to prevent unauthorized access to printers? What is the customer's role? Malpani: IT security staff is responsible for the security of the printer. Something as simple as a printer is expected to work right away after deployment. Manufacturers can do more to enforce security policies on the printer or provide modes that enforce stricter control by default. As a customer, it is critical to have print data security as part of security policy, to review the manufacturer’s recommendations for securely configuring a printer, and to find solutions that not only enhance the security but also provide convenience to end users. A compromised printer can be used to attack other applications, execute arbitrary malicious code or attack other systems SourceSecurity.com: What are some other ramifications of unsecured printers, beyond the printing of threatening materials as we have seen recently on college and university campuses? Malpani: Today’s MFPs are more than just printers. They are file servers, they can email, act as DHCP (Dynamic Host Configuration Protocol) servers, and have the capacity to hold large data sets. Unsecured printers risk misuse and data disclosure. In January of this year, a team of researchers from Ruhr-Universität Bochum in Germany exposed vulnerabilities of major MFPs, such as exploiting the PostScript and Printer Job Language (PJL) vulnerabilities to get access to the data on the printer’s files system and memory. SourceSecurity.com: How does the problem of unsecured printers relate to wider issues of network security (given that most printers are now networked)? What is the risk that printers might be vulnerable as an entry point to the larger network? Malpani: In addition, a compromised printer can be used to attack other applications, execute arbitrary malicious code or attack other systems (e.g., to launch a denial of service attack on the network). SourceSecurity.com: How does the risk of unsecured printers impact the business world or other markets (in addition to college campuses)? How are the security measures different in various environments? Malpani: The security challenges are the same in business environments but, other than the financial industry, most other businesses do not pay close attention to threat vectors emerging out of print data security. IT security departments are also concerned about network security, and the facilities worry about building security, paying little attention to the security of business systems like printers, elevators, HVAC systems etc. Businesses are increasingly turning to managed print service (MPS) providers to ensure compliance, data security as well as management of accessories like print cartridges. SourceSecurity.com: What's your best advice for customers in terms of what they should do to secure their printers? Malpani: First of all, know your customer, understand their needs and what capabilities they desire from the printing systems today. The next generation of students value convenience over privacy and security. So the IT departments across universities need to think about how to meet the needs of their customer while ensuring best practices for security and compliance. It is critical to develop a comprehensive security policy, a regular audit schedule, to secure printers according to manufacturer’s recommendation, and to invest in solutions like secure print that not only provide convenience but also enhance security. Identity-aware systems definitely handle the challenges more effectively than traditional practices going forward. So it is important that the solutions we invest in also take into account the future trends in authentication and printing. {##Poll35 - How strong are your company’s defenses against cyber threats?##}