Xerox Product Security Data Protection: Image Overwrite, Encryption and Disk Removal

General Purpose and Audience

Xerox Corporation nor Xerox devices could possibly know what information is sensitive to your business. This document is intended to provide users of Xerox products accurate and actionable information to help them evaluate and manage risks associated with image data stored to disk drives or other non-volatile memory.(The latest version of this document is always posted publicly at www.xerox.com/diskdrive)

Summary Information

Xerox copiers, printers and multifunction products are intelligent devices that contain a computer and the necessary software that allows them to accomplish the many productivity-enhancing tasks that have become so valuable to today’s workplaces. These internal computers may have a disk drive or other non-volatile storage where image data is written during job processing, or where it may be stored for later reprint. From the introduction of the first digital products Xerox has recognized the risk of retained data being inappropriately recovered from non-volatile storage and built features and countermeasures into our devices to help customers safeguard their data.

Xerox has taken information security seriously for years. An excellent source for security information is http://www.xerox.com/security, where information including security bulletins and patch information, US-CERT advisories, white papers, and videos on what customers can and should be doing to mitigate security risks can be found. Xerox provides detailed information about internal product workflows and the algorithm used for image overwrite in Information Assurance Documents which are available for many products at the website or as requested for older products.

Different devices represent different levels of risk. It’s axiomatic that as functionality increases so does the potential risk. For those devices, countermeasures are built into the machine to reduce the risk. 

  • Not all copiers have hard disk drives. Those that do not are not at risk. 
  • Some copiers and multifunction devices have hard disk drives, but do not use the hard disk drive to save document images. These are also not a risk.
  • Those copiers and multifunction devices that do use hard disk drives to temporarily store images, should have an "image overwrite" feature that destroys the copied image immediately." That function should be built in, (which Xerox does), or installable via a security kit. If neither solution exists for the product, it is at risk.
  • Also, most copiers and multifunction devices that have hard disks include a disk encryption feature which encrypts all stored customer image data with the state-of-the art AES encryption algorithm.
  • Xerox has developed a disk removal program so that prior to a device being returned a Xerox technician will remove the disks and leave them with the customer. This program charges a flat fee per machine for the service. Contact Xerox Customer Support for information on fees and availability in your geography.

Download Full Whitepaper: Xerox Product Security Data Protection: Image Overwrite, Encryption and Disk Removal

Tags: