Three weeks into 2018 and it’s already been a bad year on the information security front. On January 3rd Google’s Project Zero team reported a security flaw affecting any devices that use chips from Intel, AMD or ARM – which pretty much covers most personal computers, tablets and servers. There are two main vulnerabilities, “Meltdown” and “Spectre” that sound like they were named after Bond villains.
Chip makers, computer manufacturers and independent security firms have been burning the midnight oil around the globe to produce patches to address the vulnerabilities. Kudos on the speed of the response, but there are a few of problems:
- First, the patches can have a significant negative impact on processing performance, up to 30 percent degradation1.
- The second problem is that software patches may not be sufficient to address a CPU level flaw1.
- And third, the flood of patch releases creates an environment ripe for phishing scams, and the potential for opening of new vulnerabilities if server settings are adjusted when installing patches.
The bottom line is that everyone’s computing environment is significantly more vulnerable than anyone thought in the good old days of 2017. That means that we all have to work even harder to secure our data and our customer’s data. Inkjet Insight released a data security white paper earlier this month that talked about security issues specific to inkjet printing environments with recommendations on how to address them.
Encrypt, Redact & Scramble
One of the many topics discussed was the creation and management of test data to enable accurate measurement of ink usage and visual performance during the device evaluation phase. We also underscored potential issues with installing and troubleshooting the software needed to make an inkjet environment run efficiently. In both of these cases, the ability to scramble production data to generate test data can greatly improve test results.
Crawford Technologies, who sponsored the white paper, has announced a free-trial of their Redaction Express product for companies evaluating inkjet. What may not be clear from the name of the product is that this is both a data redaction and a data scrambling solution. This is an important distinction when testing inkjet because redaction “makes holes” in the data that result in empty spaces on printed pieces, while scrambled data gives the look of a completed document, including the full ink coverage, without exposing private data.
Printing enterprises are vulnerable and a belt and suspenders approach is warranted. Encrypt data at rest and in flight, redact it when necessary and scramble it when testing requires accurate visualization and measurement.
More on Meltdown and Spectre
- For a clear explanation of the difference between the Meltdown and Spectre vulnerabilities, see Andy Greenberg’s article in Wired.
- If you want to get a little freaked out on why these vulnerabilities are just the tip of the iceberg, and why the exposure will be with us for years, read Kelly Jackson Higgins’ article in Dark Reading.
- You can also take look at Capsule8 which provides some open source tools for detecting exploits.
We’ll keep looking for more information to keep your data protected. Stay safe.
If this post was helpful, please share it with a friend. Have an inkjet idea to share? Please get in touch.