Skip to content
Login
Email
(800) 505-2821
Facebook twitter LinkedIn youtube

Data Security Q&A

In recent years, BTA has taken the lead to thwart any state data security legislation from moving forward or being passed, as it relates to the data that is on the hard drive of a copier/MFP. To respond to inquiries we have received from members, below are answers to questions about data security from industry vendors. These Q&A's were completed in September 2012.

Click on a vendor's name to jump to its responses:

Konica Minolta

Lexmark

Sharp

Toshiba

Xerox

 

 

(1) Is the data encrypted?
Konica Minolta offers standard AES 128-bit encryption for our bizhub office MFPs.

(2) Is the data removal feature a standard option in all your copier/MFPs that store user data?
The following hard drive protection functions are standard and offered at no charge:

  • HDD Lock Password - The internal hard drive can be locked using a password of 20 alphanumeric characters. The data stored on the HDD is protected, even if the HDD is removed from the MFP and installed into a different MFP or PC. The data cannot be read. The hard drive will not turn on.
  • Hard Drive Encryption - Whether it be standard or as an option, bizhub MFPs support Hard Drive Encryption. Hard drive data can be encrypted using the Advanced Encryption Standard (AES). Once a hard drive is encrypted, the data cannot be read even if the HDD is removed from the MFP.
  • Hard Drive Sanitization - At disposal, a key operator, administrator or technician can physically wipe (erase) the hard drive if the MFP needs to be relocated or at the end of lease.
    The hard drives can be overwritten (sanitized) using up to eight different highly secure methods including DOD, NASA, Air Force and NSA standards.
  • Data Auto Deletion - Data Auto Deletion allows an administrator to set an auto deletion timer for data stored in the personal or public user boxes, as well as system boxes (e.g., secure print box or encrypted PDF print box). The auto deletion setting will erase the copy, print, scan or fax jobs stored in boxes, depending on the storage period and the time frame selected for deletion. The data is automatically erased using a highly secure U.S. Department of Defense (DoD) overwrite method.
  • Automatic Job Overwrite (Temporary Data Overwrite) - Most bizhub MFPs support automatic erase of any temporary image data that might remain on the hard drive after a job is completed. Temporary Data overwrite conforms to DoD methods.

(3) Is it sold as an option or is it provided at no charge?
It is provided at no charge.

(4) Is the feature enabled at the factory?
Some functions are enabled at the factory. Data Auto Deletion is set for 24 hours. The other functions need to be enabled by an administrator because passcodes need to be defined by the customer.

(5) Can the feature be turned off or disabled?
Only by an administrator.

(6) If not enabled at the factory, what is the process to have the feature turned on?
Konica Minolta offers its bizhub SECURE professional service. bizhub MFPs ship standard with a wide range of data security functions and features. For customers who don't have the time or bandwidth to set up and configure the settings, Konica Minolta created bizhub SECURE — a professional security service that provides lock-down protection on the bizhub MFP. It allows you to:

  • Develop a 20-digit secure alphanumeric password with the help of a Konica Minolta field engineer to lock down the HDD.
  • Encrypt the entire contents of your bizhub HDD for exceptional data security.
  • Eliminate any trace of data even after it has been deleted with Temporary Data Overwrite. Temporary Data Overwrite conforms to DoD methods.
  • Time your machine to auto-delete any material located in personal/public user boxes, as well as system user boxes.

(7) Is the data removal comprehensive and complete? Does it meet any standards?
The hard drive overwrite meets several DoD standards including the Navy, Army and Air force overwrite methods.

(8) How frequently is the data removed? Describe implementation.
For Data Auto Deletion - This can be set by an administrator to overwrite any job in as little as five minutes.

For Automatic Job Overwrite (Temporary Data Overwrite) - This happens as soon as the job is processed, with no noticeable performance degradation. The control panel never says "please wait - overwriting data."

(9) What model/year was the feature introduced?
The bizhub 350 series in 2005.

(10) Is there an additional "complete wipe" feature available that an end user can utilize at end of term?
Yes. See the Hard Disk Drive (HDD) Security Guide. This is on Konica Minolta's public website.

(11) How long does it take to remove all data at the end of term?
It depends upon the number of overwrites and the size of the hard drive. Typically, a three-times overwrite on office models takes approximately 60 to 90 minutes.

(12) Have these standards/features been implemented on all product segments?
In the bizhub office segment and production models, including the C600/7000/8000 and the 951/1051/1200. Not all of the features described here are available in our production-class models.

 

(1) Is the data encrypted?
Lexmark MFPs and network printers come standard with 256-bit AES HDD encryption, with can be enabled at the point of installation.

(2) Is the data removal feature a standard option in all your copier/MFPs that store user data?
Lexmark MFPs and network printers come standard with file-based wiping capabilities (automatic, scheduled and on-demand manual, with single or multiple passes) and end-of-life wiping capabilities for the HDD and non-volatile memory.

(3) Is it sold as an option or is it provided at no charge?
Standard capability provided with no additional charge.

(4) Is the feature enabled at the factory?
HDD encryption is not enabled at the factory, but can be turned on during the initial setup of the device. Automatic file-based disk wiping is enabled at the factory for single pass. End-of-life wiping is enabled and can be used remotely via the devices' embedded Web server.

(5) Can the feature be turned off or disabled?
HDD encryption and file-based wiping can be disabled.

(6) If not enabled at the factory, what is the process to have the feature turned on?
HDD encryption enabled during the initial setup of the device.

(7) Is the data removal comprehensive and complete? Does it meet any standards?
Both file-based and end-of-life wiping capabilities are comprehensive and complete. Each of the wiping capabilities is set to multiple passes and meets the overwrite/sanitization requirements for DoD 5220-22.M and NIST SP 800-88.

(8) How frequently is the data removed? Describe implementation.
File-based wiping that is set to automatic (default) will wipe data immediately after the data has been printed, scanned, transmitted, faxed and/or copied. If file-based wiping is set to scheduled, the data will be wiped according to the schedule set up by the device administrator. Lexmark recommends the device be set to automatic wiping.

(9) What model/year was the feature introduced?
HDD encryption was introduced in Lexmark devices in Q4 2005 with 128-bit AES and was upgraded with 256-bit encryption in Q4 2008.

End-of-life wiping was introduced in Lexmark devices in Q4 2005. Non-volatile-memory wiping was added to devices via a firmware update in Q4 2010.

File-based wiping was introduced in Lexmark devices in Q4 2008.

(10) Is there an additional "complete wipe" feature available that an end user can utilize at end of term?
Lexmark end-of-life wiping is a complete disk wipe with a selectable single or multiple pass option.This also includes the ability to wipe all settings information and embedded solutions stored in non-volatile memory.

(11) How long does it take to remove all data at the end of term?
There are multiple factors, such as the amount of memory, processor speed, HDD size, HDD speed, number of passes, etc., that come into play to determine the amount of time it takes for a device to be wiped. Typically, complete disk wipe with an 80 GB HDD will be two to three hours for a single pass and six to nine hours for a multiple-pass wipe. A non-volatile memory wipe will typically take five to 10 minutes.

(12) Have these standards/features been implemented on all product segments?
All the capabilities mentioned are available on all model segments.

 

(1) Is the data encrypted?
Sharp's MFPs offer the capability to encrypt spooled data and data stored in memory using 256-bit AES (Advanced Encryption
Standard) encryption. Sharp MFPs with hard drives introduced since early 2011 offer encryption as standard. Released models as of today include:

Monochrome
MX-M264N, MX-M314N, MX-M354N, MX-M904, MX-M1054 and MX-M1204

Color
MX-3111U, MX-2610N, MX-3110N, MX-3610N, MX-4110N/MX-4111N, MX-5110N/MX-5111N, MX-6240N and MX-7040NPreviously released models offer data encryption as a feature of the optional Data Security Kit.In addition to encrypting spooled, stored and latent data, Sharp devices are capable of sending encrypted PDF files through data networks to ensure that file data is not compromised. And, security during printing operations is provided through the use of IPsec or IPP/SSL technology (IPPS).

(2) Is the data removal feature a standard option in all your copier/MFPs that store user data?
Sharp's latest MFP models also offer overwrite as a standard feature. The up-to-seven-times overwrite function sanitizes all data from memory components within the MFP. An end-of-lease feature resets the MFP essentially back to its factory default. It overwrites all data stored in the machine. This includes address book data, personal information, user information, job data, programs, job logs and latent image data.

The optional Data Security Kit provides earlier-released models with data removal functions such as an on-demand overwrite, automatically after each job, and "power-up auto-clear." Any of these can be set to overwrite any stored data using a one-to-seven-times overwrite action.

(3) Is it sold as an option or is it provided at no charge?
The newer models listed above provide hard drive overwrite features as standard. Prior models have optional Data Security Kits available separately.

(4) Is the feature enabled at the factory?
Standard security features available on newer models, while "included" with the models as they ship with the factory, are not enabled by default. The features can be enabled at any time during the life of the device; however, it is recommended that they be enabled soon after the MFP is installed so as to ensure that the machine and its data are secured from first use on.

Models that use the optional Data Security Kit can have the kit installed at any time during the life of the MFP. Here, it is recommended that the Data Security Kit be installed prior to the MFP being placed at the end-customer's location. A servicing dealer installs the optional Data Security Kit.

In both cases, the end-customer system/security administrator has the ability to configure security features as required by his (or her) organization.

(5) Can the feature be turned off or disabled?
Some features, such as "power-up auto-clear," can be disabled through an administrative configuration setting. Other settings, such as the number of times a hard drive is overwritten can be configured for one to seven times. Once enabled, overwrite and encryption features cannot be disabled.

(6) If not enabled at factory, what is the process to have the feature turned on?
Enabling of the standard security feature on newer models is done through a simple process of entering a numeric key code via the operator panel and administrative system settings menu. An end-customer security or MFP administrator can perform this operation.

A servicing dealer performs installation of an optional Data Security Kit.

(7) Is the data removal comprehensive and complete? Does it meet any standards?
Data overwrite is comprehensive and complete, including not only data stored on the hard drive after print, scan, copy and fax operations, but also data stored in machine memory. Sharp offers ISO 15408, Common Criteria EAL 3 certified Data Security Kits.

(8) How frequently is the data removed? Describe implementation.
Data overwrite occurs either on demand (manually) at any time selected by a system administrator, or automatically at the end of print, scan, copy and fax operations. In addition, the "power-up auto-clear" feature, if enabled, overwrites all machine memory every time the MFP is powered on. The "power-up auto-clear" feature can be configured to remove data from all memory areas, file data (including protected/confidential files) and quick file data (including protected files).

(9) What model/year was the feature introduced?
In 2001, Sharp was the first in the industry to introduce encryption and overwrite capability with the AR-FR1 Common Criteria-certified Data Security Kit. Overwrite and encryption were added to the set of "standard" security functions in machines launched since early 2011.

(10) Is there an additional "complete wipe" feature available that an end user can utilize at end of term?
Newer models offer an "end-of-lease" data overwrite function. Previously released models equipped with a Data Security Kit offer a manual overwrite function.

(11) How long does it take to remove all data at the end of term?
While the removal process is very quick, the actual time to complete the removal is dependent on the size of the hard drive and the number of overwrites.

(12) Have these standards/features been implemented on all product segments?
All of Sharp's MFP models with memory support most or all of the security features outlined here. Several older models provide a limited subset of the features available on Sharp's latest models.

 

(1) Is the data encrypted?
Yes. All current models ship with the Toshiba Self Encrypting Drive (SED), with the exception of the eSTUDIO2550c series, which offers the SED as an option.

(2) Is the data removal feature a standard option in all your copier/MFPs that store user data?
Yes, the data removal feature is a standard option for Toshiba MFPs.

(3) Is it sold as an option or is it provided at no charge?
This is a standard feature that is provided at no extra charge.

(4) Is the feature enabled at the factory?
All models with the SED have it on as standard. For the 2550c series, the SED is optional.

(5) If not enabled at factory, what is the process to have the feature turned on?
The feature is enabled at the factory.

(6) Is the data removal comprehensive and complete? Does it meet any standards?
Yes. It is a complete solution and meets IEEE2600 standards.

(7) How frequently is the data removed? Describe implementation.
With disk overwrite on, the data is erased immediately after printing.

(8) What model/year was the feature introduced?
Disk removal has been available since the e-STUDIO3511, which was introduced in January 2004.

(9) Is there an additional "complete wipe" feature available that an end user can utilize at end of term?
Yes, there is a complete wipe feature available that an end user can utilize at the end of the term. With the Toshiba Self Encrypting Drive, this process has been reduced from hours to minutes.

(10) How long does it take to remove all data at the end of term?
All of the data can be removed in under 20 minutes.

(11) Have these standards/features been implemented on all product segments?
The previously discussed features have been implemented on all e-BRIDGE product segments.

 

 

(1) Is the data encrypted?
Yes, on all A3 and most A4 MFPs that have hard disks.

(2) Is the data removal feature a standard option in all your copier/MFPs that store user data?
Yes, on all A3 and most A4 MFPs that have hard disks.

(3) Is it sold as an option or is it provided at no charge?
It is provided at no charge.

(4) Is the feature enabled at the factory?
Yes.

(5) Can the feature be turned off or disabled?
Yes, the feature can be enabled/disabled from the system administration pages at the Web user interface and via the local UI tools menu.

(6) If not enabled at factory, what is the process to have the feature turned on?
The feature can be enabled/disabled from the system administration pages at the Web user interface and via the local UI tools menu.

(7) Is the data removal comprehensive and complete? Does it meet any standards?
Yes. It meets DoD 5220.22-M and DoD 5200.28-M standards.

(8) How frequently is the data removed? Describe implementation.
Data is automatically removed immediately at the completion of each job.

(9) What model/year was the feature introduced?
Image Overwrite was initially introduced in 2000 with the WorkCentre/WorkCentre Pro 535/545/555

(10) Is there an additional "complete wipe" feature available that an end user can utilize at end of term?
Yes. Xerox calls this feature On-Demand Image Overwrite.

(11) How long does it take to remove all data at the end of term?
The time depends on the size of the disk. A full On-Demand Image Overwrite takes 40 minutes to an hour.

(12) Have these standards/features been implemented on all product segments?
Yes, on all A3 and most A4 MFPs that have hard disks. DFE's for light production equipment also have similar features.