The latest example of successful print security

This week’s story of another NSA contractor leaking classified documents is an example of how organizations with secure printers and MFPs may not completely prevent someone from sharing confidential printed information, but at least the offending individual can be tracked down relatively quickly. We take a closer look at what happened – and how the auditing capabilities of print management saved the day.

It happened again. This week, another NSA contractor apparently leaked classified information about Russia’s alleged interference in the U.S. elections to the media. In case you missed it, Reality Leigh Winner was arrested on charges of leaking classified material that was published by The Intercept website.

Last year, I wrote a blog article that showed how printers can be a significant security risk, especially when it comes to protecting printed materials and sensitive data residing in a printer’s memory.

Fortunately, this week’s news story is an example of how print security helped the NSA find the culprit extremely quickly. While this is evidence of “print management done well,” this article takes a closer look at additional ways print management technology can help improve any organization’s security posture.


Details on the leak

In case you missed this story, here are the pertinent details.

Last week, The Intercept website informed federal authorities that it was publishing a story on the alleged Russian involvement in the U.S. election, and then provided them with a copy of a top-secret NSA document to attempt to verify this information. The authorities quickly realized the information was classified, and the search for the culprit was on.

By examining the document The Intercept shared, federal agents determined that the pages appeared to be creased or folded. This suggested that the pages had been printed and then hand-carried out of a secure location.

The NSA was aided by the fact that its printers use invisible tracking dots. This is a common feature in modern printers for forensics investigations. These dots essentially become a code with tracking information that can be translated to tell users the time, date and serial number of the printer any printed document came from. By decoding this information, the organization can determine when and where the documents were printed, which was the case with the memo Winner printed.

An internal audit of document management further determined that six people had accessed and printed this intelligence report. From there, it was easy to connect the dots (no pun intended) and discover that only one person had email contact with The Intercept. The FBI quickly identified and arrested the suspect, Reality Leigh Winner, who allegedly printed and distributed the classified intelligence report.


Additional security measures

While it’s great that the culprit was found so quickly, there are a few other ways this security risk could have been minimized.

First, the contractor’s organization could have used secure print management technologies to better control printing and document management processes. For example, these secure printing solutions prevent documents from actually printing – and sitting alone on the printer tray – the moment a user hits the button.

Instead, the print job is sent to a secure print server (and can also include the option of encrypting data) where users are required to authenticate themselves to release the documents. This Follow-You Printing functionality eliminates the risks associated with  “orphaned print jobs,” documents that might not be picked up by the original user and could fall into the wrong hands.

In this case, that Winner allegedly printed the document herself and didn’t happen to stumble across it on a printer tray. Still, secure print management solutions can provide additional measures to further protect the organization. For example, using this technology, administrators can create business rules to prevent confidential documents from being printed at all. Or, print management solutions can block access based on user profiles or implement rules-based printing that can restrict access to certain devices or applications.

Additionally, many of these print management solutions offer complete integration with Microsoft Active Directory and Microsoft Azure Rights Management Services to adhere to corporate network standards and processes.

Clearly, this is an example where an effective print management strategy worked well to identify a culprit and quickly resolve a document leak. Yet there are additional ways to further minimize security risks posed by your printers and MFPs.

To learn more about this print-related security risks – and what you can do to overcome them – download our white paper, “Security Made Easy” now.

How can you improve print-related security?

Download “Security Made Easy” for 9 tips for addressing security vulnerabilities in network printing, scanning and faxing.


Tags: , ,

Jeff Segarra

About Jeff Segarra

Jeff Segarra is the Senior Director of Product Marketing for the Nuance Document Imaging Division. He is responsible for the global team that delivers industry product positioning, messaging and content to help our customers around the world identify how Nuance solutions can meet their needs. He enjoys speaking and writing about business process improvement, The Internet of Things, document security, document conversion technologies and personal productivity. He has an MBA from Iona College, Hagan School of Business and has been working with software technology for 20 years. Jeff is an original New Yorker and, therefore, a staunch Yankees fan – in the heart of Red Sox nation.