Cyber Security: The Needs of Hybrid Workplaces and How to Secure Them
Get to know MyQ's take on securing document processing in modern hybrid workplaces.
Hello everybody. Let me welcome you to our presentation. We’ve focused it on security concerning modern hybrid workplaces. We’ll talk about how we get from printers to this term. Behind me, you could see a printer and a misuse of documents. This foreshadows our topic for today. Shortly, for those who don’t know us, we’re a Czech company MyQ. With some 100 current employees, we’re a small dynamic firm. But we’ve still managed to found seven worldwide branches. Together with our certified partners we offer our product in over 90 countries. Over 1 million devices use our technology all around the globe. Let’s look closer at the printer. We’ve been focusing on printers over many years. We even started as their distributors.
But I’d like to talk about the end of ‘90s and beginning of the new millennium, when people started to realize that with centralizing the local devices in hallways came some new issues. Before, you printed a sensitive document, and it lay in your local printer on the table. You didn’t worry much about someone taking it, reading it, etc. But when it happened in a hallway, you had to walk there and open some doors, and in this case the security concerns are valid – someone else can get to the file. What we started with some 20 years ago, was to get the users authentication. Meaning before I actually print, I prepare everything in a print queue. Once I am by the device, I authenticate as fast as possible, and I collect the documents. We’re talking about printing now. Here, we can mainly secure the sensitive doc from getting into the wrong hands. If someone actually doesn’t take it away and you have to reprint it. That’s a well-known thing, we won’t waste time with it.
How about scanning? Many colleagues here try to solve outside attacks on internal systems, etc. However, it turns out industrial espionage or other type of document misuse often happens in the simplest form. Someone copies or carries out the sensitive file. Sadly, this is often an unhappy employee motivated by an external agency or party. As you know, in the USA in the past, the first attack was typically expected from a cleaning company that searched through the managers’ trash cans. Some interesting stuff could be found there. Yet with the ongoing digitization, this becomes more complicated. Imagine what industrial espionage is for a factory or a national security agency that works with really sensitive documents. When the requirements for a proper security are truly present it’s time for us to offer this institution full control over who’s scanning what, and what people do with the paper documents. When I insert such doc into a scanner, not only do I perform the scan operation, but if the IT department requires it, they can also receive a complete copy of this document in a folder. Later, this can help with an analysis of the user’s unusual behavior.
How about copying? I can send myself the digitized sensitive file via email, which is most convenient. But I can fear there is such a system, so I try to copy the document. Many people think once they’ve copied it, the document only transfers to another paper, and no one’ll know about it. Our solution can solve this as well. We can monitor someone has copied a file, but mainly, in some cases, we are able to capture the entire content of the copied file, and store it safely on the server. Again, this can serve for the analysis. Talking about where to spare, what else to secure, you might think the costliest thing about the printer is its operation. It needs toner, paper… We are naturally able to monitor this as well. We can let the IT dept. know in advance there’ll be toner or paper missing, prepare, get supplies, and now replace it. Or we can point to an ineffective replacement of consumables. They are being replaced prematurely, which can lead to unnoticed secondary losses. And that costs a lot of money.
What else? Someone can turn the device off, it can also crash on its own. We should know about this ASAP. The MyQ system can also react fast to this and notify the IT department. We tend to forget many modern MFPs have a hard drive. You can do the same with it as with a PC. On one hand, we secured everything, but if a person manages to take out the drive, which is not that hard, they don’t need to move the MFP for an analysis. They just take a small box, and put it back in shortly after. Often, we don’t even notice an MFP was out of order for two hours. And all the documents that went through it were downloaded. There is also a solution to this and you should consider it, if document security is an important issue for you. Apart from other security components, like an ID card that can be stolen or lost, you can combine various methods like a card + pin, or your phone and biometrics. This takes us to an important topic. Basically, the document either comes to the device or leaves it. So, the document can be seized not only at the printer, but anywhere in the network as well. Looking at it from the previous perspective we know, in a typical corporate environment, there was a print server and other systems, end devices that worked with documents. The docs were stored with you, on a server, or lately in the cloud. Between all this, there were various print devices that accessed the documents when necessary. And they provided the users with them based on the users’ authentication in the secured access framework.
Next thing you can add to both paper and digital documents, once you’re processing them, you can put a visible watermark over them or a time stamp. It can also be a personal stamp, so we can always find out who printed the document and where, etc. Scans might be signed with a digital signature. If this still isn’t enough, and we work with sensitive data that are on the doc, but we won’t have them on the print-out, typically in a bank or other environment, for some types of docs, the system can automatically blacken sensitive data that might be misused later on, e.g., a birth number. Now let’s get to the main point. That’s how things were roughly before the pandemic. We worked in an office, usually someone created the work environment for us, for our work process to be ideally optimized and fast. Maybe we didn’t consider someone else was responsible for our workplace. Be it an office manager, a person that optimizes processes, or the IT department. Simply put, someone gave us a chair and equipment and we were using it. Usually the IT department installed and picked the IT systems and set them up. Depending on their knowledge, the system configuration was good or bad. If there’s time, the IT can adjust the system to meet specific user needs. If they lack time, they do it somehow generally for the whole firm. This can lower the productivity of specific employees.
That’s how we used to work. Sure, home office existed, but it was more of a benefit that we could stay home. Having a fever or not. We took care of some emails. And then the pandemic came. No one expected that. Before, nobody would ever forbid you to come to the office. We’ve started dealing with different existential issues than decades ago. I’ll make it a bit shorter. What’s essential – to prevent you from getting covid from a display you didn’t need various wipes or atomizers.
We were one of the first solutions that immediately informed its customers and users that we have a function for printing from a device without touching it. Using a phone, you could authenticate and print out a document. I’ll get back to this important feature. Just remember how it began. The office was locked, access was denied, and we stayed home. What changed? Ok, we worked from home. After a week, a month, or a year, it became quite annoying. Plus we worked with a completely different team. Our colleagues weren’t there, but there were our wives and children with their needs. They had to study, copy documents, or even do something at our workplace or printer. The needs were not just work-related. Also – who brought us a chair or other equipment? We had to do it ourselves. So, Hornbach or another open shop. And the Czech DIY began. If you or your child didn’t like some system or needed something for work, often you had to do it yourself. People without much IT knowledge had to try out some apps, and install them to a phone or a PC, etc.
Where am I getting with this? The centralization and responsibility tended to depend on the IT department. They were all sweaty, as they didn’t expect thousands of dedicated workplaces with various needs. They didn’t care about you wanting to personalize your system, e.g. to set up a special button at your printer for your kids. All this impacted either productivity or, in some cases, security as well. Let’s be honest, we try out a bunch of stuff, we don’t uninstall it, and then we find out we have five apps doing the same thing. What comes after the end of the pandemic? We hope we’re already headed towards it. I have a modern term for it, “The new cloud era”. Of course, the cloud’s existed before, it’s been here for a long time. For me, the pandemic was a trigger towards the true digitalization. Before, “the physical” was possible, then it really wasn’t. There were many things being postponed in state-owned or private organizations, and the pandemic made us pay attention to them. If we could send it digitally in the pandemic, paper form is no longer needed.
Our approach was to look at what happened during the pandemic. We were thinking about creating a cloud product that’d work like the server one. But we weren’t sure what good it’d do. Just transfer the whole thing into the cloud? Then you run into many limitations like performance or quality of connection. It made no sense to us until the pandemic. We realized the needs of the users had changed. First, people and firms realize they must improve the resilience to external factors. The government meets and forbids you to do something from tomorrow. What’s essential is for you to carry the virtual backpack with your skills and working desk, and being able to unpack it, be it at home or on a trip, once we can travel again. Simultaneously work should remain safe and efficient, and we should have the same level of comfort anytime, anywhere. Lastly users tried to do something on their own, so now they’re willing to get a system they can intuitively and simply set up, so that it reflects their real needs. E. g., I’m at home with kids, I create a simple scanning workflow on my phone with their names on it. When they press it, an essay or a test will be sent directly to their teacher into their system. I don’t need to trouble them with sending emails and complicated scanning. All these aspects went through our heads. We thought this started to make sense, and it was worth developing a new product for. Do you remember the internal office network I showed you? When we move into the cloud, things get a bit more complicated. There’s a public network in the middle that we communicate through. If we work properly in the cloud, we shouldn’t be using VPN so much, because how do you use it to enter you OneDrive or CRM? The systems need to comply with much higher security standards, so that when the data are served by the cloud servers to your local devices, it still remains secured.
Our method is to comply with the highest standards and use existing technologies. To create a queue or work with docs, we won’t develop new things like OneDrive or Google Drive. The opposite – we’ve integrated them into our product and we use them to print or scan documents. But there’s been a dramatic change In the MFPs’ architecture. Naturally not all printers are ready to be connected to the cloud. As the MFP might not have the newest libraries, the platform needs to be revised to see if it’s able to offer communication in the most secure mode. This has limited the number of devices and manufacturers. But it also gives you the freedom to connect the MFP anywhere, and when you’re connected to the Internet, you can provide all the services the users expect from the system. Shortly about our new product. I’ll show you an intro video from its launch a few months ago. There’s a reason for the military theme. We’re going into the cloud, so we wanted something to represent that. For us it’s planes as they fly into the clouds. A rocket is too much, it flies out of reach. Secondly the plane’s moving, symbolizing the system is available anywhere the devices have it. The third thing is reliability, we don’t want the planes to fall down. To produce a car and drive it is different from making a plane.
That’s how we took off last December with a new product – MyQ Roger. It was created in the pandemic mainly to address the needs of our users that stayed home and will travel in the future, but they don’t want a thing that’s centrally managed by their IT dept. They want something that lets them react dynamically to their current needs. To talk concretely, we gave our customers our aces right away. Now there are 13 cards. Here, I’ll focus on those connected to security. However, if you’re interested, there’s a video on our YouTube channel, where you can see what each card stands for in practice. What’s fundamental – each user can set up everything on their phone. When we talk about MyQ Roger, it’s not a server, printer, but your smartphone. You download the MyQ Roger app on iOS and Android, you log in into your work or even private environment which you can do right after this. And you can start using the app. If you have an MFP that meets the requirements of connecting to the cloud, you can simply equip it with the MyQ Roger technology, and you can work only with that. We talked about cloud printing, now printing without VPN or Wi-Fi. What does it mean? Before, it was possible to access this environment with a mobile app, but it required connection to the local server, meaning someone had to let you to the local Wi-Fi, solve the authentication, and in theory you could do other things than just print. If this is to be truly in the cloud, we take care of everything. Your phone’s connected to the Internet, the requests past securely through our cloud services that are the first to connect to the MFP which is connected to the cloud. This means no local Wi-Fi or VPN is needed. If you connect to a Wi-Fi, it’s just to save your mobile data. I’ve talked about touchless control. MyQ Roger was truly revolutionary.
Not only concerning printing, but scanning and copying as well. You can predefine all the actions you might do with the printer on your phone and perform them remotely on the MFP. You come to the device, authenticate with an ID card, QR code, or MFCP, etc. You can send a signal from the phone e.g., to scan a document, and the workflow will scan it, send it to a preset email, save it to a (cloud) repository. It simply does all you’ve preset. You don’t touch the device at all, you just put the paper there, it swallows it and spits it, you collect it and go your way. Once we achieved this, and it was unique worldwide again, we excelled with connecting it to a voice assistant. Both Siri and Google assistant. You don’t have to launch the actions from the mobile app, you just say a voice command, and the phone gives instructions to the MFP. I’ve talked about security standards, they’re on a whole new level compared to having it at home or in an office, where the access is limited. The typical example being a QR code. Imagine it’s stuck to or showed on an MFP. Anyone can copy it. If this was a solution for a public institution or a hotel, it wouldn’t be welcome if a guest copied the code and sent us prints from the other part of the globe, or alter our MFP somehow.
We dealt with this with a QR code that changes after each session. So if you take a picture of it, you could use it within a time limit, but not again. We connected it with Chromebooks and Universal Print, that’s not so important. We came up with a new technology for saving documents. When we’re in the cloud, it didn’t make sense to us that in the office the documents should leave the infrastructure, travel to the cloud, and then return back to the printer. We didn’t want to park them in a PC and make a server out of your computer. So, we parked them in any MFP in the network. With this technology of ours it doesn’t matter what printer you print to with the classic print driver, the job waits there. The cloud services are just aware of it. When you go to any printer, it can collect all the jobs saved in various MFPs and print them. It can also send an instruction to delete them, etc. And the traffic stays locally. Licensing and pricing has not much to do with security. Lastly, I’d like to mention our recently revealed joker.
We taught your phone to scan. You can say it already does that now. Yes, many phones can capture a doc, crop it and even make a PDF of it. Our advantage is having it all in one app. When you’re at the MFP, it performs it. If not, you press the same tile with a predefined action as on the MFP, you just perform the scan operation on your phone. It captures the document, crops it, completes it and processes it the same way you know from the office, where you used the copier. If I don’t have a scanner at home or if I travel, I can perform the whole operation.
That was it. Thank you for your attention. If you are interested in something, please visit our website!