You've been running a print center for a while, using multiple printers and workflow software to manage your print production. You hear about some features in an upcoming software release and begin the process to update the software when the vendor releases it. You just need a little help from your IT department. But then you find out that it's not quite that simple.
The world of cybersecurity, or Information Security is quickly evolving. News of compromises and data exposure has become a daily occurrence. No wonder your security team is on edge! As your security team steps up their efforts to protect your entire organization, you will need to be aware of and adhere to security policies and procedures for the equipment and software in your shop. There are things you can do- or avoid doing- to keep your cybersecurity team happy.
Know that you will be on your IT and security team's radar if you are add, change or upgrade printers or solutions that use software in your shop. Armed with this understanding and knowledge of your internal IT and security requirements, you will be able to make informed choices and ensure that you meet your organization's internal policies.
Actions You Can Take to Minimize Stress with IT
Your security and IT teams exist to protect your organization. In today's environment they are busier than ever before. Here are four actions to take to keep these departments happy with you and help your projects run smoothly:
- Partner with Information Security and IT- Reach out to these departments before you have a project to establish a relationship and educate yourself about how they will work with you and your print center team on projects.
- Understand Security and IT's requirements and procedures- As part of your education, learn Information Security and IT's normal requirements, project expectations and timelines and incorporate those with your shop's requirements.
- Develop a list of do's and don’ts based on Security's and your shop's requirements- For instance, your IT group may have a Cloud-only or no joint-tenant hosted solutions policy. That will help you choose a software solution that supports your requirements.
- Ask if/when vendor screening takes place as part of the purchase process- Many IT and security teams require software vendors to complete questionnaires and in some cases validation testing of the vendor's security as part of a vendor screening process. Knowing if and when screening takes place and how long it takes will help you plan and build project timelines.
Know the Four Areas that Drive Your Security Standards
If you know the four things that drive your organization's and print center's security standards, your printing software projects will advance more quickly and seamlessly. The four items are:
- The data classification of what you print.
- Standards for the industry your shop serves (for instance healthcare or financial services).
- Your organization's standards and policies for third party software systems.
- Your organization's risk culture.
Knowing and being able to share the standards externally when you work with print software vendors is a must.
The Three Circles of Trust
Your IT and cybersecurity teams assess the security of your software vendor in three areas: application security (application was developed with security in mind and has undergone and passed vulnerability tests), the corporate security profile and operational security of the print software vendor that develops and supports the software (the policies they have and if they are followed), and the hosting platform security and the location and method it is deployed (particularly if the software is cloud-based). This includes the tenancy of the hosted application.
You don't have to know all the acronyms you will hear, but be cognizant of these three areas to make you an informed buyer and avoid wasting time working on a project that won't meet your security needs or adhere to your standards. Knowing a few key terms and why they are important makes screening potential vendors easier.
Work with a Software Vendor Who Understands Security
Consider working with partners and print software vendors who have the knowledge and expertise to work with your IT and security team/experts.
Ask the software providers you are working with for their security standards and application security documentation and look for them to use key industry terms like NIST, SOC, encryption, SSDLC, and single vs multi-tenant. If a software provider uses none of these terms, does not mention security in their materials or early in the sales process, or have documentation available, it can be an indication that security is not a priority for that vendor. RSA offers several documents for you and your IT/security teams, including a helpful "Print Center IT Security Checklist," available for download below. RSA has been placing secure systems since 2005, adhering to National Institute of Standards and Technology (NIST)- the security standard that all others follow.
You want to work with a print software provider that matches or exceeds the security mindset of your organization, helps you navigate the security process, and is flexible with evolving needs. That will make your IT security team happy!
Every industry is different and has their own requirements. Contact your security experts for the latest advice and guidance.
Learn More about Making Your Security Team Happy
Learn more about how to keep your print center secure on an on-going basis or when you add, change, or upgrade printers or solutions that use software in your shop. Get RSA's "Print Center IT Security Checklist" now.
To discuss your printing security needs and how you can keep your IT security team happy, contact RSA's security experts