Here is a letter that management shared with us in our Monday morning sales meeting regarding the security of Ricoh hard drives. It is at least good to know that anything on the HDD is in a proprietary format.
I don't think the difficult thing is going to be to make our RFG customers feel at ease that their data is not compromised. The real challenge will be addressing the concerns on competitive systems that clients want us to send back to the leasing company for them. Of course, that is also where there could be a potential revenue stream.
I don't think the difficult thing is going to be to make our RFG customers feel at ease that their data is not compromised. The real challenge will be addressing the concerns on competitive systems that clients want us to send back to the leasing company for them. Of course, that is also where there could be a potential revenue stream.
Attachments
Files (1)
I have added the following line item to all my Service Contracts going forward. Hopefully, it covers me.
"7). All current model copiers equipped with a Hard Drive, will have the included 128 bit AES Data Encryption feature turned on upon initial delivery. This reasonably protects the confidentiality of any customer information stored on the copier’s Hard Drive, in case that Hard Drive is replaced or the copier is eventually disposed of. It is the customer’s complete responsibility to manage their Hard Drive’s information security upon disposal. Initial ____ "
"7). All current model copiers equipped with a Hard Drive, will have the included 128 bit AES Data Encryption feature turned on upon initial delivery. This reasonably protects the confidentiality of any customer information stored on the copier’s Hard Drive, in case that Hard Drive is replaced or the copier is eventually disposed of. It is the customer’s complete responsibility to manage their Hard Drive’s information security upon disposal. Initial ____ "
SSG
So, how are you handling returns to the leasing company?
Art
So, how are you handling returns to the leasing company?
Art
I would be most concerned about brands that do not use proprietary compression systems but use variations of Windows. The brands that the show used are probably the most vulnerable.
I agree with JasonR, removing the HDD and overwriting it would be a reasonable solution, or simply charge the customer a fee equal to the price of a new HDD or about $100 and hand the old HDD over to the customer before the machine is picked up seems reasonable to me.
I agree with JasonR, removing the HDD and overwriting it would be a reasonable solution, or simply charge the customer a fee equal to the price of a new HDD or about $100 and hand the old HDD over to the customer before the machine is picked up seems reasonable to me.
Simply handing over a copier's HDD removes the OS within the copier making it unuseable. Plus there is some labour to remove the HDD and reload the firmware onto it. At least $200 - $300.00 total vs turning on 128 Bit AES Encryption at the start - Free.
Going forward, we format the HDD on all of our own brand copiers we remove. For competitors brands, where we do not know the Service Codes, we can only inform the customer of the risks.
Going forward, we format the HDD on all of our own brand copiers we remove. For competitors brands, where we do not know the Service Codes, we can only inform the customer of the risks.
Apparently not all brands use the HDD to contain the OS but rather use the HDD as a repository to conduct certain functions.
Since the CBS video was aired I have had two municipal govt's begin to demand both Data Overwrite and Hard Drive Encryption become mandatory on all future copier acquisitions.
I have also had several recent commercial customers ask about copier security who would have never asked before.
I have also had several recent commercial customers ask about copier security who would have never asked before.
Toshiba releases new Hard Drives that eliminate the need for Data Overwrite.
http://www.theregister.co.uk/2...10/toshiba_sed_wipe/
http://www.theregister.co.uk/2...10/toshiba_sed_wipe/
I talked to an IT Manager today who told me that if you format a HDD immediately twice in a row, it effectively destroys all useable data on the HDD.
Most HDs store data in two parts. The Security Key and the data. Some Data removal software programs only remove the security key.
I am told this is like removing the Index from a book and scrambling up the book. The data is still there but needs to be rebuilt.
Most HDs store data in two parts. The Security Key and the data. Some Data removal software programs only remove the security key.
I am told this is like removing the Index from a book and scrambling up the book. The data is still there but needs to be rebuilt.
more details on the new drive
http://www.pcworld.com/busines...ives_turned_off.html
While a great feature I expect it will have to be Common Criteria certified before it gains much traction in the market place.
I would not expect buyers to give up on the idea of a Data Overwrite kit anytime soon.
90% plus of my Sales quotes these days involve copier secuity.
http://www.pcworld.com/busines...ives_turned_off.html
While a great feature I expect it will have to be Common Criteria certified before it gains much traction in the market place.
I would not expect buyers to give up on the idea of a Data Overwrite kit anytime soon.
90% plus of my Sales quotes these days involve copier secuity.
quote:Originally posted by SalesServiceGuy:
if you format a HDD immediately twice in a row, it effectively destroys all useable data on the HDD.
Well... Here's the deal. There are two levels of "Format". The most common "quick" format does not actually delete the data, it just forgets where the data is. That data can then be recovered by readily available software.
A "low level" format actually writes over the data. Formatting a HDD a single time this way "effectively" destroys the data.
The problem arises due to the fact that all this "writing" is actually placing + and - charges onto a metallic disk to represent 0 and 1. Even though the disk has been formatted and all the data now says "0", very sophisticated software can actually tell if it was a 1 before. It does this by detecting tiny differences in the amount of electrical charge, though the effectiveness of it has been in dispute.
Here's a good article about this.
Encryption is totally different. In Encryption, the data on this disk is scrambled and you need a key to unscramble it. Losing or deleting the key means the data is "Effectively" destroyed, however, the strength of the encryption comes into play.
If 128-bit encryption was unbreakable, why would 256 and 1024 bit encryption exist?
Still, this is only a concern for spies and nuclear physicists. for "normal" business, one real (not quick) format or ANY encryption would prevent a casual snoop.