Tuesday, June 29, 2010

Compliance Alert! Are Copy Machines and MFP's a security risk?

The ECM industry has been rather strangely silent on the issue of inherent security risks of the copy machine industry, namely the Multi-Function Peripherals (MFP)s.  Recently, CBS did a rather revealing story on the subject of copy machines that include a hard disk drive used to store the documents that you copy, scan, email, etc.  What is rather alarming here is the images on the hard drives are not automatically erased after the user completes their work.  Imagine that?

That means all that sensitive data that you have been copying,  perhaps containing personal identity information, health history, financial data, employment and payroll data etc. is on that copy machine's internal hard drive - unless someone takes the extra precaution of deleting it from the copy machine. Would you even know how to delete the images from the hard drive?  Were you made aware such a security risk exists in your organization?   Worse yet, when your Facilities and/or Finance department says the equipment has reached end of life and it is time to swap out the dinasour with the latest and greatest copy machine, who is taking the responsibility of erasing the hard drive and verifying all that senstive data on the copy machine has been eradicated?



The silence is rather deafening, isn't it?

Hey, the good news is at least one of the MFP manufacturers discussed in this story sells an OPTIONAL utility to wipe that hard drive clean.   Question?  Why isn't such a utility considered a STANDARD no cost feature on all copy machines given the fact that the copy machine/MFP vendors know the security risk exists by design with every copy machine/MFP that ships out the door?  Perplexing.

Tip of the hat to the innovative team at Digital Copier Security in Sacramento for addressing this major industry GAFFE!!!  Nice job CBS picking this story up and running with it. 

Before you roll out or refresh all those MFP's, consider the organizational security and liability risks and make sure they are adequately addressed.  Or, consider using document scanners for the job as the only ones to contain hard drives are usually the large mainframe, production document scanners.  And, if those document scanners happen to have a hard drive, be sure you zap them before you retire them from your operation.

Full story can be found on YouTube or by clicking here

Thursday, June 3, 2010

Larry Ellison clears up Cloud Computing for all of us!

A colleague of mine sent this YouTube audio sound byte of Larry Ellison from Oracle speaking on the subject of Cloud Computing....he sums it up as follows: "What the hell is cloud computing?" Put aside all his rambling on about the subject, I think he is largely on target.

Yes, the industry is attempting to repackage and redress itself like it did years ago when "Time Sharing" on a mainframe was the trend until the Micro-VAX from Digital Equipment Corporation emerged, then the mini to the PC, back towards the the adoption of a PC server (thanks to Novell) and Citrix terminal servers, ASP's in the 90's, co-location to virtualization and now SaaS/Cloud Computing in the 21st Century.  The pendulum has swung!

Interesting perspective...I will leave it that.    View the audio playback http://www.youtube.com/watch?v=0FacYAI6DY0 and you be the judge.