This is the second in a three-part series of blog posts discussing five security concerns that are top of mind for today’s CIO or IT director.
My first post examined attack surfaces and data protection as a jumping-off point. This post will expand on that by delving into Zero Trust and remote work—two very recent trends that are not only deeply intertwined but also, like the others, heavily dependent on the print environment.
Zero Trust
Zero Trust is a computer security concept that first appeared in 1994, yet it didn’t start seeing mainstream adoption for another two decades. Basically, the name says it all. In a Zero Trust environment, the assumption is that every device is potentially compromised. To keep those devices contained, there should be multiple authentication mechanisms and access control policies in place for users as well as their machines.
That’s a tall order—very simple in theory, a lot messier in practice. As a result, you have a lot of IT leaders asking themselves and their teams, “How do we get to Zero Trust while still keeping all the essential pieces of our IT puzzle?”
Printing has historically been one of the trickier pieces. After all, the very concept of printing is a holdover from the analog world of ink and paper. Its primary purpose is to turn what we see on our screen into something we can hold. Maybe that’s why it sometimes feels like there are light years separating today’s print environment from modern cloud computing where the user’s location is fluid.
So, when you’re talking security best practices, maybe the question is better phrased like this: How can a technology with such a classic pedigree as printing be modernized for the era of cloud-based Zero Trust models?
The starting point is authentication.
First, you’ve got to get single sign-on (SSO) in place. You can think of SSO as the one-stop shop for users to sign in to all their cloud services at the same time. SSO works hand-in-hand with—but is also distinct from—the identity provider, or IdP. The IdP is the data store for digital identities and functions like a guest list. If you’re not on the list, you don’t get in.
What makes IdP different from traditional authentication is that it’s not limited to individual users. In keeping with the Zero Trust philosophy, IdP also verifies apps, devices, and any other entity that wants to connect to the network.
The second step is multi-factor authentication (MFA). It’s designed to double (or even triple) check the validity of any authentication process—similar to presenting your passport after showing your driver’s license. One everyday example of MFA is the SMS verification codes you receive when logging into websites. Enterprise-grade systems are naturally more varied and robust.
For the third and final step, you’ll need to implement adaptive identification. This is a context-based security concept that emerged in response to mobile device adoption, and it’s taken on more importance during the global shift to remote work. In simple terms, adaptive ID means, “I’m going to trust you a lot more if you’re working out of your home office than if you’re in the local coffee shop.” At home, you might be able to go for days without re-authenticating. At the coffee shop, it will be much more frequent.
All of this is difficult—if not impossible—to apply to the traditional print environment. That’s why PrinterLogic, as a cloud-native SaaS solution, creates a bridge between the two. Our core platform supports all major IdPs, including Okta, Azure AD, Google Identity, and seven more. We tightly integrate with industry standards like Security Assertion Markup Language (SAML), System for Cross-domain Identity Management (SCIM), and OpenID Connect (OIDC) to update and authenticate principals and authorize access to printers.
In short, before a print job can come through, PrinterLogic makes sure the user and device are thoroughly vetted.
And as far as admin tasks go, PrinterLogic’s role-based access control (RBAC) lets you limit the scope of access while also delegating more responsibility to power users. You can even let users install printers themselves without worrying about them doing anything beyond that. So you get granular security and fewer support calls.
There are two more important aspects of Zero Trust that are worth mentioning here. One involves shrinking your network. The other has to do with conducting ongoing audits.
Both of these are also addressed with our core PrinterLogic platform.
As I detailed in the previous post in this series, PrinterLogic was designed from the outset to eliminate infrastructure—namely, print servers. That doesn’t just minimize your attack surface. It also shrinks your network: fewer devices, less exposure, less to keep tabs on and lock down.
In addition, PrinterLogic’s core platform includes powerful auditing capabilities. From end-user print activity to admin configuration changes, you can see exactly who did what, where, and when. That rich oversight, coupled with PrinterLogic’s authentication and access control, creates a secure print environment that supports Zero Trust policies.
Remote Work
These days, any conversation about Zero Trust is incomplete if it doesn’t tie into remote work.
Coming off the heels of the COVID-19 pandemic, some form of remote work—or its close cousin, hybrid work—is widely acknowledged as the workplace standard going forward. A recent survey we conducted revealed that over 80% of our customers envision their employees in remote or hybrid work models for the foreseeable future.
Generally, many of the same technologies that are enabling Zero Trust are also key to hardening the security around remote work. These include the cloud-based IdPs, MFA, auditing, RBAC, and other protocols and practices I laid out above.
But let’s look at things from the remote user’s point of view.
For this, I’d like to use an example that we featured during a recent live demo. We had an employee named Greg sitting by the pool on top of a hotel downtown. He was connected to the hotel’s Wi-Fi, enjoying some downtime, checking the headlines and his social media feeds on a mobile device.
Then he realized he needed to print a document back here at the office. The printer, of course, was connected to our corporate network.
Think about all the moving parts involved in that device chain. How in the world does Greg print without resorting to all kinds of inconvenient network acrobatics? And more importantly, how does he do it securely?
This is where PrinterLogic’s Off-Network Printing plays a huge part. Using this feature in our new Advanced Security Bundle, Greg was able to remotely print a job from his personal mobile device to an in-house printer with a tap or two. PrinterLogic handled all the authentication and access control along the way, even if that involves concurrent IdPs. Plus, PrinterLogic TLS encrypted the print job from end to end to safeguard against interception.
As far as Greg is concerned, all this was as simple as printing from an in-house PC. Maybe even simpler. He stays productive when he’s offsite, and his print data stays secure. A win-win.
It’s not hard to envision how this would apply equally well in a hoteling or desk-sharing scenario. Then add PrinterLogic’s built-in location-aware functionality to those possibilities. This feature set can determine where a user or device happens to be, based on criteria like their IP address. In other words, if a hybrid user sits down at a new desk in a new building, they can automatically be associated with a nearby printer and even have it auto-install on their compatible device.
And we have some amazing technology in the works that will make it easier for guests, freelancers, and hybrid workers to print securely without even having to interact with a standard print dialogue. When they want to print, they’re simply taken to a PrinterLogic portal page where they can upload their file. That assigns them a unique identity. They can then walk over to the printer, enter the temporary ID, and tell the printer to release the job. That’s it: totally serverless, clientless, and driverless.
We’re also working on more robust offline printing capabilities. This is useful in scenarios where a remote user prints a job to the in-house corporate printer for later retrieval. Let’s say they send the print job from their mobile phone at home, then come into the office the following day without their phone. They’ll still be able to release the waiting print job simply by swiping their badge. This PrinterLogic feature already works with Windows endpoints, and our plan is to make it fully OS-agnostic—like everything else in our solution—in the near future.
Next Up
Here we’ve looked at how PrinterLogic modernizes the print environment for Zero Trust and remote work—two interconnected security and workplace trends—through concurrent IdP support, MFA, comprehensive auditing, Off-Network Printing, and much more.
That still leaves one other topic I’d like to cover. From a data security standpoint, it may even be the most urgent: Cyberattacks.
In the final blog post of this series, we’ll lay out why the standard print environment remains vulnerable to cyberattacks and how the other four factors we’ve covered so far play a role in that. Better still, we’ll also look at straightforward, cost-effective ways to thwart these threats.