A conversation with Chris about security and stuff – part 1
Chatting with Chris Dance, PaperCut founder and CEO, can be a challenge. Not because of his position, mind you – he’s incredibly personable and always up for a chat.
No, it’s more because of his intellect. In a nutshell, he’s a little smarter than me. That’s the facts. Just like I’m a little taller than him, he’s a little smarter.
So when I cornered him for a chat recently, I steeled myself for the inevitable periods of probably not really keeping up with the conversation.
What follows is a reasonably precise retelling of our conversation (which ostensibly focuses on print security).
An IT department’s biggest challenges
I begin by asking Chris about the challenges facing today’s IT departments. It turns out they’re a far cry from when he started his first job.
“It’s changed a lot over the years and really, that is a common theme – change,” Chris says. “When I first started in my system administrator job at a local high school, the concerns were the mouse balls getting stolen out of the mouse.”
Chris offers two big ticket items – outside of change – that are keeping IT managers on their toes.
“The shift across to bringing your own device [BYOD],” Chris begins. “Whether it be a student bringing their laptop, or a business offering a fund to go and buy a mobile phone of your choice, or bringing your personal mobile phone into the work environment. So that BYOD mobile worker shift.”
And the second area of concern?
“Definitely security is at the forefront again. I suppose for our industry we mention both in print management because you’ve got to enable that mobile worker and mobile devices around print management, and you’ve also got to look at security.”
Won’t somebody please think of the printers?
Talk of ‘our industry’ gives me pause to consider where exactly print management sits in the scheme of things. As in, do IT managers actually spend much time thinking about their print environment versus, say, their firewalls and server integrity?
“I don’t think it should be top of mind,” Chris says.
Whoa. I find this line of thinking interesting coming from the CEO of a print management software company. Shouldn’t he be pumping up the tires of print management?
“I think it should be just something that works,” he continues.
Chris is warming up now. I can tell because he brings up his favourite saying.
“We like to say that we’re the most exciting company in the most boring part of IT, which is printing. Because it should be boring, it should just work.”
I smile. It really is his favorite saying.
The problem with print security
I ask Chris what the big problems are concerning print management security. This is clearly a pet subject for him, because he has a long answer. So long, in fact, that I end up interrupting him just so he remembers it takes two people to make a conversation …
“You can be proactive or you can be reactive,” Chris begins.
And it’s true, I really can be.
“And I think a lot of organisations – with printing – they take the old-style reactive approach, rather than the proactive approach. So they’re waiting for a problem to occur, and then fixing it. The printer running out of toner, or a device erroring over time.”
“I think we’ve got to move to a more proactive mindset,” he offers as a solution.
“And we’ve also got to think more about the user experience. We’ll bring secure print release in to improve our security, for example, but we don’t spend the time to articulate to the user why the change is occurring. We’re not managing the change process around their experience.”
At this point, I seek clarification. Because in my head, security’s about combating hooded hackers with fast fingers saying things like, “I’m in”. So I ask him what exactly he means when he talks about printer security.
When document security makes you cry
“I think one of the great paradigms is thinking of security in layers,” Chris states. “It’s like an onion.”
Our conversation has taken an unexpected turn. Onions? So, document security makes you cry when you … uh … cut it?
“So if you build your whole IT security infrastructure based on the fact that you’re running anti-virus software, you’ve got one layer,” he explains. “The reality, though, is you need to address the human layer, you need to address behaviour. You need to address systems. You need to update policies.
“It’s building layers and treating security as more than a one-stop fix. It’s a cultural change and a layered change.”
“With print management and printing in general,” Chris continues, “I think it’s often been an afterthought. We’ve spent millions and millions on firewalls or intrusion detection systems. They’re all different layers and they solve the problem in different ways, but we’re missing what I call the analogue loop.”
Suddenly I catch up to Chris: “The humans,” I reply hesitantly.
“The humans, yeah,” Chris confirms.
I feel good.
“The fact that you print something out, human behavior says that, “I forgot to pick it up from the printer and the payroll has been picked up by someone else and I don’t know who it is”, or “I have an obligation to patient records”, or something like that. We spend all this money protecting from the external hackers that are out there on the internet hacking, but it’s often the internal threat through accident and mistake which is often one of the biggest risks.”