Canon Security Solutions for the imageRUNNER® Series Security offerings that help maximize your organization’s ability to deter information theft and fraud
I Canon Goals of Information Security . . . . . . . . . . . . . . . . . 3 I Government Legislation. . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 I Key Categories for Device, Network and Document Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 I Canon Security Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . 6 I System Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 I Canon HDD and RAM Data Protection . . . . . . . . . . . . . . .
Your business produces, analyzes and processes information daily. Information is a company’s most valuable asset and also the most vulnerable one. Information can be shaped into multiple forms: bits and bytes for network transfer and storage, printed documents, or materials for presentation. Because information can be presented in multiple ways and is found in various locations, it is extremely vulnerable to attacks including data corruption, theft, piracy and destruction.
Government Legislation The following table briefly summarizes common information security items applicable to MFP devices, as required by current government regulations: Requirements Sarbanes-Oxley (SOX) Threats Potential Mitigation Unauthorized access to, or modification of, data; data fraud; data deletion; data availability User authentication; access controls; encryption (storage and transmission); logging and auditing GLBA has new privacy laws that regulate actions regarding confidential personal
Identifying Key Categories for Device, Network and Document Security From the summarized table on the previous page, it is obvious that the mitigation mechanisms are all similar in implementation. More specifically, they are as follows: User Authentication Every user should establish his or her identity before accessing any resource. Authentication is the method used to verify that the user is who he or she claims to be.
Canon Security Solutions To help you meet your corporate security goals, Canon imageRUNNER devices may be equipped with a number of defensive solutions that support requirements for data confidentiality, integrity, and availability. From secure printing and document storage to sophisticated identity and device access management, you can trust Canon to deliver solutions that authenticate, encrypt, and preserve data and user histories.
Summary of Canon Security Solutions and Protection to Help Meet Regulatory Compliance Protection System Architecture Canon Security Solution • Security-Hardened imageCHIP System Architecture Operating System ® • Multifunctional Embedded Application Platform (MEAP ) • All MEAP Applications require code signature for installation • Proprietary HDD & RAM Data Protection • Data directory information is stored separately and permanent data is compressed in a Canon proprietary format and written to random, n
System Architecture You Take Your Security Needs Seriously. Canon Does Too. imageCHIP Architecture and Operating System Multifunctional Embedded Application Platform (MEAP®) A corporate network will never be secure if the individual systems on the network are not protected against attack before they are deployed, and more importantly, maintained at that same level of security throughout their lifecycles.
HDD and RAM Data Protection Canon imageRUNNER devices use a combination of Random Access Memory (RAM) and an internal Hard Disk Drive (HDD) to meet the need for short-term and long-term data processing and storage. RAM is used for short-term storage of image data during the printing, copying and scanning process. The volatile data stored in RAM is erased and becomes permanently inaccessible once the device is powered down.
HDD and RAM Data Protection (continued) Only management data is deleted after output while the actual data remains vulnerable on the hard disk. Deletion of data is complete, leaving nothing vulnerable on the hard disk. Each output is overwritten with 0 data or random data. Hard Disk Drive Data Encryption Feature (256-Bit AES Encryption) Encryption on the hard drive is achieved by using a multistep process to mitigate any risk of unauthorized disclosure.
HDD and RAM Data Protection (continued) Standard Job Log Conceal Function Mail Box Backup Function The same job history screen that offers traceability can also be concealed from unauthorized users to hide the list of completed jobs, aiding in regulatory compliance. Through Canon’s Remote User Interface utility, administrators can manually or automatically backup all documents stored in Mail Boxes and the Job Hold queue to a network file storage destination.
User Authentication Authentication is the First Step Toward Regulatory Compliance The proper identification and authentication of every user attempting to access a networked device is critical toward implementing a viable security system. Firms must have controls to restrict physical and virtual access to sensitive information.
User Authentication (continued) Access Management System System Administrator Control Canon offers two robust tools to limit access to each of the functions and features on imageRUNNER devices at the user and group-level, such as Copy, Send, Fax, Print, Mail Box and Scan. Within each device function, access to individual features or tabs can also be further restricted as a part of the Access Management System.
Network Access Control In addition to authentication and user-based access controls, the imageRUNNER device also provides a number of features that deliver protection against network threats. Standard within imageRUNNER devices, administrators can block specific systems and IP/MAC addresses from connecting to the device, as well as access to service ports, applications and connectivity options. Remote UI interface.
Network Access Control (continued) Secure Socket Layer (SSL) Encryption Device Information Delivery Function (DIDF) Many organizations are quite diligent about protecting data as it is transferred between PCs and servers or from one PC to another. However, when it comes to transmitting that same data to and from the MFP device, it is almost always sent in clear text. As a result, it may be possible to capture all the data as it is sent to the printer via the network.
Document Security Canon imageRUNNER devices are equipped with a host of features and functions to help minimize accidental disclosure of data to casual observers. From basic facedown output to secure printing, Canon protects your information with the following security technologies.
Document Security (continued) Digital Device Signature PDF/Digital User Signature PDF Canon imageRUNNER devices offer the ability to add components that help prevent impersonation and provide information of any alteration.
Fax Security Canon Fax Boards Have Firewall Protection Since the advent of MFPs, there has been a misconception about the possibility of network penetration via the public switched telephone network (PSTN) used for voice and fax transmission. Canon imageRUNNER devices may be equipped with a G3 fax board.
Conclusion Awareness is the key to initiating your security process, while regulations are a means to enforce implementation of proper controls regarding data security. Security threats have emerged to target networked MFPs in the office. Your organization needs to implement a security solution that will protect your data from fraud, unauthorized access, modification, and deletion. Canon understands your security requirements and has developed security capabilities that help mitigate the risk to your data.
1-800-OK CANON www.usa.canon.com Canon U.S.A., Inc. One Canon Plaza Lake Success, NY 11042 Statements made in this document are the opinions of Canon U.S.A. None of these statements should be construed to customers or Canon U.S.A.’s dealers as legal advice, as Canon U.S.A does not provide legal counsel or compliance consultancy, including without limitation, Sarbanes-Oxley, HIPAA, GLBA, CASB 1386, FISMA, Check 21, or the US Patriot Act.
