Australia’s controversial ‘encryption bill’ has not been a hindrance in the certification of local company Datasec Solutions’ Cryptix secure-printing technology for worldwide distribution through a new partnership with HP, according to the company’s CEO.
The Melbourne-based firm recently announced that its Cryptix Scan for HP tool – which secures output devices by encrypting document data before it’s sent for printing – had passed validation and verification as an application for HP Workpath, a new cloud-based printing platform that enables the creation of workflows that incorporate value-added capabilities.
The move makes Datasec one of over 300 HP Workpath developers, and Cryptix one of around 50 applications available to users of the Workpath platform.
Designed to address potential vulnerabilities that could provide cybercriminals access to sensitive data while it’s being processed on the printer, Cryptix layers encryption, authentication, and a business-rules engine that shifts the document preparation process away from print environments that have been increasingly called out as vulnerable.
A 2016 IDC study found that up 35 percent of security breaches could be traced back to an unsecured printer or multi-function device, and the threat has persisted with the growth in Internet of Things (IoT) hacking techniques and the persistence of insecure-device search engines like Shodan.
Cryptix moves document objects away from the devices, using a proprietary Datasec secure format that was created “to ensure that if there was any kind of credential-stuffing attack on our object store or database, that these objects would have to be brute-force attacked,” Datasec director Paul Waite told CSO Australia.
“Because they utilise [multiple layers of] encryption it would take people a significant amount of time to try and crack those individual objects. In most instances, people would move on rather than trying to attack each individual one because the cost would be too high.”
Use of ‘one-time pad’ encryption technology provides a high degree of security and separates control keys at a data level, meaning that document objects don’t collect into a data “honeypot” that could be appealing for outside hackers.
Datasec progressed and finalised the deal with the support of AustCyber and Austrade, which were quick to put their backing behind another Australian security success story. Cryptix is offered at $US1 per day, per device and the company anticipates ramping up to have 100,000 devices under management in the near term.
With an aggressive international expansion plan in place – Datasec will push into the US, Asia, EMEA and South American markets over the next two years and plans an IPO – the company has positioned itself for rapid growth. Yet despite its ambitions to play on the global stage, Waite said, Australia’s controversial encryption laws have not been an impediment as many suspected.
“It’s one of the key areas that we have already identified and gained advice on,” he said. “But until there is a bit of pushback with regard to the government and how [the law] is going to be handled, and what the precedents are, it’s a bit of a watch and see at this point.”
Labor announced this week that it would push forward with a bill to remedy the government’s “broken promises” around encryption legislation and amend the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill – which was passed in late 2018 amidst a flurry of warnings from local industry players that its mandated compromises would cause “catastrophic” problems by prejudicing overseas buyers against Australian developers of security technology.