With the advent of social media, cloud computing, location-based services and smart cards, the theft and abuse of personal information has become a major problem in today’s world. Accordingly, the European Union has passed the General Data Protection Regulation (GPDR) to effectively secure EU citizens’ personal information rights.
When the regulation goes into effect in May 2018, all companies that control and process data of EU residents will be responsible for following the regulation’s stricter rules on safeguarding consumers’ personal information.
For this interview, we spoke with Harris Han, Vice President and Group Leader of the Software & Solution R&D Group at Samsung Printing, and his teammate, Kwangwoo Lee, a security architect at the Software R&D Lab, about how Samsung Printing has made preparations with regards to these strengthened global regulations, and how it has enhanced the security of its products and solutions.
When briefly asked about the level of security Samsung Printing provides for its users, Han proudly explained that “no additional development was required to accommodate Europe’s GDPR,” adding that Samsung has long been at the frontline of secure solution development in the industry, and that the company already includes broader and more rigorous security measures than called for by the GDPR.
Here’s more detail on Han’s team’s efforts in developing security solutions that go beyond the needs of the EU GDPR.
Printers operating 24/7 can be the biggest security blind spot
Security is an extremely crucial factor for hardcopy devices such as printers and multifunction printers, which handle sensitive information including user data. As printers are one of the very few office devices that sit at the cross-section of digital and analog – creating hardcopies of documents from softcopies and vice versa – they require additional considerations from a security perspective.
“Users, for example, worry about their print-outs. With network printers, there’s a possibility that somebody may take a glimpse of their confidential documents while users are on their way to pick up their copies,” said Han. “Pull printing solutions, where users have to tap their ID cards before the devices to print their copies, is one of the many security solutions Samsung offers to mitigate user concerns.”
On the other hand, customers also worry over the possibility of softcopy information leakage over the printer network. Considering that printers are network devices operating 24 hours a day, it is likely that the devices will be exposed to intrusions.
To address these concerns, Samsung developed an ‘Image Overwrite’ function, which securely deletes all information saved in the storage device after a certain amount of time, in addition to various security solutions that protect Samsung’s printers from any external attacks.
“Samsung actively communicates with our clients to ensure they are using our printers and solutions with the highest level of security,” said Lee. In fact, Samsung Printing developed and periodically updates its Security White Paper and Security Settings Guide, comprehensive documents which provide full explanations of the printing devices’ vulnerabilities and Samsung’s security strategies and processes. These documents have already been distributed to Samsung customers in Europe in light of the GDPR.
According to Han and Lee, Samsung has also prepared a three-step security process – Secure Development, Secure Maintenance and Security Certification – designed to mitigate the security risk of customers while producing, managing and operating its products and solutions. Secure Development ensures that printing products and solutions are built securely by design, while Secure Maintenance and Security Certification focus on monitoring and solving security-related problems post-product launch.
Secure by design: Security is at the center of Samsung’s product development
As printers and MFPs become more complex, security threats such as denial of service, escalation of privileges, remote code execution and information disclosure are presenting problems more frequently. Samsung Printing developed various product features and solutions to protect our clients against potential attacks.
“Samsung provides seven security features on our printing devices – Secure User, Fax, Data, Document, Network, Management and Platform,” explains Han. “Each category is implemented with a variety of security-related solutions, such as User Authentication for pull printing in the Secure User feature, the Image Overwrite solution in the Secure Data feature and Watermark and Stamp solutions in the Secure Document feature.”
Also, when developing new products and solutions, Samsung follows the Secure Development Lifecycle (SDLC), a product development process established in 2012, that encompasses all steps of creating a product. Following the SDLC, Samsung conducts code reviews, vulnerability assessments and penetration testing to enhance a product’s security features.
“In preparation for the GDPR, Samsung has also adopted the ‘privacy by design’ concept to securely process clients’ personal data online,” said Lee. “Collected personal data is processed in secure manner, using means like alias processing and encryption, and all information also gets automatically destroyed within the system. We confirmed with legal experts that this method was securely constructed for personal information protection.”
Maintaining product security and safety at all times
After product development, Samsung employs an incident response process called the Secure Maintenance, which ensures that new threats to the printing devices are monitored and resolved in a timely manner.
The Samsung Printing CERT (Computer Emergency Response/Readiness Team), a global team of printing security architects at Global Security Research Labs around the world, provides prompt assistance upon receiving security problems from printer users. Operating 24 hours a day, the Printing CERT team monitors and analyzes vulnerabilities, and provides the quickest response within a 24-hour period.
“Samsung Printing CERT’s speed in problem-solving definitely exceeds the needs of the GDPR, which requires companies to provide feedback to clients within 72 hours in case of personal data breach,” said Han.
Further, Samsung also ensures that its products meet the industry and government’s security requirements. In particular, Samsung products have received Common Criteria Certification over the past 10 years through approved testing lab. Common Criteria Certification is given to products that observe ISO/IEC 15408, an international standard for information security related products.
Making the Android printing ecosystem a safer place
Samsung’s printing solutions are unique in the fact that it has industry’s first open source, Android-powered UX Center. While the printing environment has become more user-friendly with Samsung’s Smart UX Center and its apps, security has also become crucial since MFPs can now interact with mobile phones and tablets
As Google openly discloses security risks associated with the Android platform, Samsung Printing also periodically issues security patches to mitigate any potential issues.
In particular, when dealing with solutions created from Android’s open source, Printing CERT analyzes the software’s functions and applies secure patches before releasing it externally.
“Samsung is also poised to address the needs of a wide range of verticals including financial, legal and healthcare sectors that hold many different pieces of client or patient information and are extremely sensitive to security-related risks,” said Han. “Based on our seasoned experience in the field, we are able to provide a number of solutions and Smart UX Center apps that can adhere to the security and privacy needs of each industry.”
“We hope to continue to maintain a more secure and android-based printing ecosystem to provide a trustworthy printing experience for our customers and partners,” said Han.
“As we are perfectly prepared for the security of user information, the strengthening of information-related regulations like Europe’s GDPR is an opportunity for Samsung to show our strengths,” added Han. “Security will continue to be one of the key differentiating factors that encourage customers to choose Samsung’s solutions.”
Be sure to share this article to spread the information Samsung Printing Solutions provides.