Xerox CISO Readies Printers for IoT Era

Dr. Alissa Johnson, the CISO of Xerox, believes that printers are part of the IoT ecosystem, and that's where the security concerns start.

Scott Ferguson, Managing Editor, Light Reading

October 16, 2017

4 Min Read
Xerox CISO Readies Printers for IoT Era

Printers are part of nearly every office space in the world. Even with the move to cloud computing and the digitalization of most documents, printers -- although sometimes overlooked and seemingly a tad old-fashioned -- remain part of the business fabric.

However, should enterprises now start thinking of printers as more than just copy machines, scanners or all-in-ones? Dr. Alissa Johnson says the answer is yes.

"Yes, I do consider printers to be part of the Internet of Things," Johnson, the chief information security officer (CISO) of Xerox, told Enterprise Cloud News during the recent Gartner Symposium & ITxpo in Orlando, Fla.

"I don't consider it [a printer] a solid network piece because it's really an endpoint. That's why I can't consider it like a firewall or a switch that is integrated with so many other things. So, I consider it, and I think Xerox considers us, as part of the Internet of Things."

Figure 1: Not just a document company now (Source: Xerox) Not just a document company now
(Source: Xerox)

Cloud, security and IoT are some of the issues Johnson has had to consider during her career, which included a stint as the deputy CIO of the White House from 2012 to 2015.

If the printer is now part of the IoT ecosystem, it means there's plenty of customer opportunity for Xerox, including managed print services, ability to print documents from the cloud, as well as documents and workflow applications that can be sold.

There's also a significant security issue.

"I consider the printer an opportunistic commodity," Johnson, who goes by the handle "Dr. Jay" said. "I say that because it connects based on an opportunity. It may not always be connected to the Internet. It may be connected locally. It doesn't always reach back out and say 'Do I need a firmware update?' … We are more reactive than proactive and the proactive part has to become more prevalent as we think about all these Internet of Things devices."

In addition to having an Internet connection, many printers hook into the cloud -- public and private -- and work with a variety of cloud services including Dropbox, Microsoft Office 365 and Google Drive. In addition, Johnson said many Xerox printers offer an app gallery with APIs to allow developers to create their own apps.

All of which muddles a security situation that can be overlooked.

"We have a responsibility that the connection is secure and we have encryption on there," Johnson said. "You now have to look at the printer not as taking a sheet of paper and printing on it, but instead it's a way into the cloud, the data repository, the storage networks. We have to be able to deliver that in a seamless way and a secure way."

Keep up with the latest enterprise cloud news and insights. Sign up for the weekly Enterprise Cloud News newsletter.

Since security is her main concern, and printers are now on the edge of the IoT ecosystem, Johnson spends a lot of time thinking about security, including new ways to make it better. This being Xerox, she spends a lot of time at the famous PARC facility in Palo Alto, Calif., to see what researchers are working on for the future.

Figure 2: Dr. Alissa Johnson, the CISO of Xerox (Source: Xerox) Dr. Alissa Johnson, the CISO of Xerox
(Source: Xerox)

At the Gartner Symposium, Johnson talked about using blockchain as a federated system to provide more security, although she admitted the technology was not mature enough for that. (See What's Blockchain Good For?)

Other issues are artificial intelligence and machine learning, both of which were discussed at length during the show. Johnson noted how AI could help close some of the security talent gap by automating certain tasks. (See Will AI Solve the IT Jobs Shortage?)

" I think that is interesting if we allow ourselves to be disrupted by it," Johnson said. "What I mean is that a lot of the times we ask 'how do we secure AI?' instead of 'how do we empower AI in order for us to do more things in the security space?' Security people don't want machines doing things for them. We want to have all of the control and I think there's an opportunity to find the right balance and allow those engines to learn about our networks and how to do things for us."

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

About the Author(s)

Scott Ferguson

Managing Editor, Light Reading

Prior to joining Enterprise Cloud News, he was director of audience development for InformationWeek, where he oversaw the publications' newsletters, editorial content, email and content marketing initiatives. Before that, he served as editor-in-chief of eWEEK, overseeing both the website and the print edition of the magazine. For more than a decade, Scott has covered the IT enterprise industry with a focus on cloud computing, datacenter technologies, virtualization, IoT and microprocessors, as well as PCs and mobile. Before covering tech, he was a staff writer at the Asbury Park Press and the Herald News, both located in New Jersey. Scott has degrees in journalism and history from William Paterson University, and is based in Greater New York.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like