Digital Printer Security - Sharp achieves world first
by Peter Plested
Sharp Electronics has successfully completed the Common Criteria EAL2 evaluation for its Data Security Kit used in the AR-287, AR-337, AR-407 and AR-507 digital copier printers.
The first company to receive a Common Criteria certificate for security technology used within a digital copier printer, Sharp’s achievement was independently verified by the U.S National Information Assurance Partnership.
Sharp and Common Criteria
For some time now the Sharp Corporation has been investigating ways to eliminate the security risks attached to digital office technology.
The company identified security as an increasingly important consideration in the selection of IT equipment for many commercial firms, government departments and military bodies. It also became evident that such organisations typically possess neither the time nor the resources to conduct tests that could verify the validity of any security claims issued by equipment manufacturers. However, there was a widespread recognition of and respect for ISO accreditation. Gaining such third-party validation for security products was thus seen as essential for commercial success.
Indeed, received opinion now suggests that many organisations in the future will make Common Criteria approval a prerequisite for the purchase of digital office equipment.
Sharp is the first Digital MFD vendor to offer a product with information security measures which have been independently validated under the Common Criteria programme. Whilst other manufacturers offer products which they claim address information security, such claims have not to date been confirmed by a formal government sanctioned and authorised programme.
In summation, validation of the security features for the Sharp product lines provides a guarantee of enhanced security through the addition of 3rd party hardware devices available on a regional basis.
The global requirement for increased security
The need for secure scanning and printing varies from one organisation to another, but typical reasons for implementing secure solutions include the following:
Government and military organisations (this sector includes all levels of Government, military forces, embassies, consulates and trade and military outposts in foreign countries, each of which manages a large number of classified and confidential documents)
Protection of National Security, military and trade secrets, and compliance with Official Secret acts.
Finance and industry (this sector includes banks, insurance companies, and financial services firms involved in large financial transactions, mergers, acquisitions and stock trading on a regular basis)
Protection against unfair advantage and insider trading.
High technology facilities with large R&D investments (this sector includes organisations that manufacture semiconductors, computers, pharmaceuticals, biotechnology products, in addition to automotive and aerospace companies and Government laboratories which invest heavily in R&D projects)
Protection against industrial espionage.
Professional services firms (this sector includes legal, accounting, medical, and brokerage firms that possess private information about their clients)
Protection of clients’ right to privacy.
The future of office-based equipment security
Given the growing acceptance of the potential for serious lapses of security associated with conventional office-based digital scanning and printing equipment, there is a new and increasing emphasis being placed upon security assurances in this vital area of work. With its independently validated product range carrying Common Criteria approval, Sharp Electronics is in a unique position to meet this new market.
Further information on IT Security:
Germany: Bundesamt für Sicherheit in der Informationstechnik (BSI) www.bsi.bund.de/cc
France: Service Central de la Sécurité des Systèmes d’information (SCSSI) www.scssi.gouv.fr
UK: Communications-Electronics Security Group www.cesg.gov.uk
Netherlands: Netherlands National Communications Security Agency www.tno.nl/instit/fel/refs/cc.html
USA: National Institute of Standards and Technology (NIST) www.csrc.nist.gov/cc
National Security Agency (NSA) www.radium.ncsc.mil/tpep