Xerox and HP Managed Print in the Wall Street Journal...

As MPS continues to expand in recognition, Ed Crowley gives is 0.020 worth in a recent WSJ article written by William M. Bulkeley.

The article is a simple piece - the content nothing new to any of us "in the industry." I guess if your niche gets mentioned in the WSJ, the niche is likely to start getting crowded.

A mention of a big deal in Michigan, Dow Chemical, was of particular interest. I believe the case is studied in one of Photizo's first newsletters.

From the WSJ article:

"...Tom Codd, H-P's director of marketing for enterprise services, says H-P's managed print services business has been growing at a 38% annual rate since 2004.

"H-P comes from a very strong position because we invented network printing, and historically IT guys bought the printers," Mr. Codd says.

Dow Chemical Co. in Midland, Mich., which hired Xerox, says under the managed service it cut the number of printers, copiers and fax machines in its offices to 6,600 from 15,000..."

One other interesting point from Stephen Cronin, president of Xerox's global-services business,

"...Xerox doesn't force customers to switch to Xerox hardware,

noting more than half of the 1.5 million devices the company currently manages are from other vendors. But he says consolidating on a single brand helps cut costs. "Total spending goes down, but my proportion goes up," Mr. Cronin says. Last year, services, including maintenance as well as managed print, contributed $3.5 billion of Xerox's $17.6 billion in revenue."

Check the rest out, here.

MFP's: Security Leak?

I want to pass this along.

A security article around MFPs.

Nothing new really, security is an issue with every network connected device.

MFP's have always had issues (small) with possible security breaches. These potential leaks can usually be addressed with "check in a box"configuration, closing the open channels.

But, just like everything else around the print fleet, these issues have been overlooked. A printer or copier or MFP just isn't as sexxxy as a Blade, or Citrix, or VMWare, is it?

Enjoy...

MFP security--or how the IT guy is becoming the security guy
Wednesday, 11 February 2009 12:15 Vince Jannelli, Sharp Information and Imaging Company of America

NetworkingI recently read an interesting article in the Wall Street Journal (October 16, 2008, “New Data Privacy Laws Set for Firms”) that outlines new state-by-state regulations for data security. The article contains a great quote that I think sums up the major concerns for IT managers right now, but it doesn’t come from IBM or Cisco or even Sharp. It comes from the network manager for the Northeast-based pizza chain, Papa Ginos, who says, “Anybody in IT has to become the security guy.” I truly believe this quote illustrates how IT managers in companies of all sizes are quickly realizing the importance of data security and are learning more about what steps need to be taken to ensure that the network, and ultimately the company, are safeguarded against data theft.

Technology makes an ever-increasing contribution to profitability in today’s highly competitive business landscape. However, the same technology that enables high productivity in the workplace can easily be compromised if not sufficiently secured. The consequences of inadequate protection could be financial loss, identity theft, risk to intellectual property, or even the ruination of an upstanding business due to identity theft.

Organizations spend significant capital to protect digital assets from threats, yet frequently overlook one of the most used network devices today -- the office multi-function peripheral (MFP). As these devices become more advanced and integrated, they offer companies a myriad of new benefits. However, because they are a document’s entry and exit point on your network, they also pose a number of threats that cannot be overlooked. For a comprehensive security strategy to be effective, it is imperative for organizations to demand a greater level of protection from MFP vulnerabilities.

MFP: The Overlooked Security Risk

An MFP is a powerful asset in your office’s environment. Left unsecured however, an MFP can pose one of the greatest threats to your organization. Just consider the types of documents that are copied, printed, faxed or scanned on a daily basis -- personal information, financial statements, confidential reports, e-mails, memos, customer data and employee information. Much like a computer, this data remains on the unit’s hard drive indefinitely.

The Risks to Office Multifunction Peripherals

Internal Threats

Important information can be at risk at the internal level, from threats within your organization. At the device level, confidential information can be accidentally or even purposefully copied from stored documents on the unit’s hard drive, taken from the output tray or faxed without authorization. Any information stored on a local desktop computer or accessible through the Local Area Network ( LAN) can be printed without authorization. And since many of today’s offices MFPs are running over a network, this provides employees with another entry point to the network that could be used to bypass user restrictions and access information on other computers on the same network.

External Threats

Data is also at risk via external threats, outside the company’s realm. From across a Wide-Area Network (WAN), the Internet or a Virtual Private Network (VPN), information such as stored documents, scanned data or print data can be intercepted. In the worst case, a user from the outside can obtain confidential information, unleash a Denial of Service (DOS) attack, or even place a virus on the device via the network or a phone line. Through a FAX line, or corporate LAN, communications could be intercepted or sent without permission anywhere in the world. Data stored on the copier’s hard disk drive or in memory could also be compromised or even taken off-site and stolen if not protected.

IT mangers need to also consider what happens to office equipment once they have reached their end of life. If copiers or MFPs are being leased, there is always a chance that these units can fall in to the hands of hackers who can unlock data stored on the hard drive.

The Solution: Multi-Tiered Security

In any situation, protecting your MFP from just one threat is not adequate. A solid security suite will offer a multi-layered approach to protection -- providing better control over the users, devices, ports, protocols and applications on your MFP(s). A comprehensive approach to security will account for protection at every step in the document lifecycle, from the initial scan or print to final output and distribution.

Solutions for Internal Threats

The first step is to secure data that is stored right on the MFP that users can access locally. Manufacturers have introduced Common Criteria security solutions to offer encryption and data overwrite features for various levels of use. Ensure that your MFP meets the highest commercial level of Common Criteria Validation.

Data Security

A powerful security suite or security kit protects and controls the major MFP systems, subsystems (print, copy, scan, fax jobs, network settings, operating system, memory components, local user interface, engine and job controller) and all data before it is written to RAM or Flash memory and the disk. Be sure to enable overwriting routines for deleted data so that all information is virtually irretrievable by unauthorized users.

Access Control Security

To limit unauthorized access to each device, specify account codes, user/group profiles, passwords, or external user accounts contained in an LDAP or Active Directory server. And to mitigate the risk of interception, user credentials should be transferred using a proven combination of encryption standards, such as, Kerberos, SSL or Digest-MD5.

An MFP security suite should also enable you to customize your solution to meet your unique requirements and ensure data confidentiality and integrity. For instance, government agencies should seek out a security suite or development platform that can be customized for use with MFD or CAT card readers. Without a CAT card reader, the MFP is not compliant with HSPD-12 (homeland security presidential directive 12) and renders the network functionality of your built-in fax or copier unsafe.

Audit Trail Security

A modern MFP will provide an internal audit trail, and/or third party application software such as Equitrac Office, for comprehensive auditing of all user activity. Certain federal regulations parameters, such as 'to', 'from', 'when' and 'file name' can be logged, reviewed and archived for conformance. Be sure that your MFP is customizable so that, if audit trail software is not embedded, you can easily request or download the appropriate software.

Solutions for External Threats

Unlocking the true potential of your MFP means having it fully integrated with your network, so employees can scan to email, or browse and preview data from the server right on the MFP. Of course, adding another entry point to the network present another possible threat to a company’s data. A security suite should provide you with the proper safeguarding against external threats too, allowing you to scale up as needed, but adequately safeguarding the network infrastructure and MFP installed base, without affecting network traffic or workgroup productivity.

Network Security

A multi-tiered security suite will feature an intelligent network interface that can limit access to specific computers on a network by IP or MAC address, and selectively enable or disable any protocol or service port on each device. All communications to and from the MFP will utilize Secure Socket Layer ( SSL) for secure transmission over the network, and most devices also support SMB, IPv6*, IPSec* and SNMPv3.

Fax Security

Often times attackers can gain access to the internal systems of the MFP or the local network via fax lines. The MFP should provide a logical separation between the fax telephone line and LAN.

Platform Virus Security

Be sure that the MFP operating platform is secure. A proprietary platform is ideal, since it won’t be susceptible to viruses designed to attack more popular operating systems available on personal computers.

Taking the time to talk to your dealer about these features is vital. The time spent will be minimal but the cost savings, both tangible and intangible, will be enormous. Regardless, do not settle for a cookie-cutter, one-size-fits-all security package. Threats to private information and data will always be present and are always evolving. Make sure you are ahead of the game when it comes to security and that your MFP security suite is evolving fast enough to stay ahead of these threats.

Vince Jannelli is the associate director, Applications and Partners, for Sharp Information and Imaging Company of America.

Here is original.

Click to email me.

Death Of The Copier a Year Later: When does a Blog stop being a Blog?

I had to go back and see what the official date was of my first post. I knew it was close to March, but to my surprise, it was a year ago, yesterday (Feb 20).

So I guess it is fitting that I put down some thoughts a year later.

One of the techniques I have learned to drive traffic to a site, is to use easily searchable words in the title of the post, like "copier", "HP", "Xerox", etc. - this post will not show up on many Google results and that is fine with me.

It's fine because I really write to read what I write - that's how this started, and today it's still true.

I started this little endeavor without really knowing what a "Blog" was - all I wanted to do was put some information "out there", within reach of potential clients. Information strictly around the HP Edgeline. At the time a revolutionary new technology, a "copier Killer" technology.

Well, I never really wanted to talk about what I ate for lunch or how many people came over for Thanksgiving dinner.

Back in the beginning, "driving traffic" to the site meant me telling my family and close friends about my blog and how they should "go check it out". One month, 12 of my friends viewed one page and spent an average of 30 seconds on the site. Today, I have a months with 16,000 and an average time on the site between 2.5 and 3.2 minutes.

Back then a "Blog", the combination of the two words web and log, was considered a diary created by individuals and stored on the internet.

I looked at the Drudge Report as a functional model. Scanning the internet for information regarding my industry and posting.

Pretty simple.

This idea grew into finding more information, again interesting to me, and writing some commentary or reflection. And ultimately, writing pure content based on topical issues.

As time progressed, I started to refer to the blog as "my site" - because it really isn't a blog, it's not a journal or diary. One of the many things I have learned, most successful, business blogs really aren't diaries. Neither is mine - but I must admit I do like to go back and read older posts.

Sometimes I cringe, sometimes I laugh out loud, most of the time I am just as amused as the day I wrote it.

They say any good experience is one you learn something from. This is the greatest learning experience, ever.

Over the past 12 months, together, we have been witness to the beginning of the largest merger in the history of our industry .

We've seen $5.00/gallon gasoline prices grind the economy to a stand still and have witnessed the biggest transfer of private business to government ownership in the history of mankind - this has not been a "ho-hum" year.

I have learned more about smart paper, carbon credits, publishing, killer laser toner, nano-printing, copier leases, copier crimes in Cleveland, winery tours, and recycling centers, soy based toner, Hybrid Dealers, Galactic-Hybrid Dealers, drunk email, umbrellas of silence, Pearl Harbor, and Google Data Barges.

Some of the other things I have learned involve plagiarism, "feeds" vs content, verifying sources and that writing should not be easy, if it is, then it is not writing.

I have also tried to title my posts with a bit more thought - well, I must admit, I do like "The Death of..."

The Death of Xerography
The Death of the Sale
The Death of the Copier Person
The Death of Print
The Death of Kaaaaaahhhhhhhhhhhhhhhhhhhhnnnnnnn!
The Death of Socrates
The Death of Windows 3.0
The Death of the "Close"
The Death of the Typewriter
The Death of the Copier Dealer
The Death of Edgeline

I still chuckle, and reflect, when reading "The Death of Kaaaaaaaahhhhhnnnnnn!" I am sure there will be more.

Ah...the people...

This site as introduced me to so many different people. People I would never have met without the DOTC. Great peeps - you know who you are. Collaborators, mentors, contributors, critics - peers. To you, I say thanks.

And the connections...

I have now been published in a new and highly regarded MPS Journal, I have been interviewed by dozens of pundits, industry analysts and peers. I am currently working on articles for a number of industry publications.

I attended the Lyra Symposium and will be attending the Photizo conference in April. I am part of a collection of MPS people focused on helping others make it in this field.

All of this is very flattering and a bit unbelievable. The attention is grand.

And yet, the most rewarding aspect has been receiving emails from folks who read the site everyday - who have made it part of their routine.

The regular, normal, everyday Selling Professional. The people that make EVERYTHING happen. Sometimes it's just a phrase or two and sometimes I receive a nice long letter - and to be honest I haven't received all that many. But a law of marketing says for every "one" response, there are 5.3 people who feel the same.(not sure on the actual figure)

The blog stopped being a blog, the day I received my first "good job" email, back in August of 2008 - since then, its been a odyssey.

And as this writing expedition, this journey into "self" continues to evolve, I am even more honored to have you here along with me.

Thank you, and keep coming back.

Click to email me.