Protect Your Data with a Zero-Trust Print Approach

In most modern work environments, data is no longer primarily stored on a physical hard drive and is instead stored in the cloud. It’s a transition that began a while ago, but it’s now more important than ever, with more and more individuals working from home due to the pandemic.

In a cloud work environment, important information is stored in data centers or spread across multiple cloud vendors. Employees can then access this data through a myriad of endpoints from numerous home or public Wi-Fi connections.

This has increased organizations’ attack surface and created a pressing need for IT professionals to rethink the traditional perimeter-based approach to network security. Rooted in the principle of ‘never trust, always verify’, zero trust has fast become a hot topic in cybersecurity.

What is a zero-trust approach?

With zero-trust security, user access is authorized continually to ensure authenticity. Zero trust is not a single catch-all technology—instead, it’s a fresh approach to network security based on three fundamental principles of:

  • Verify explicitly (i.e., always perform authorization and authentication through every possible data point)
  • Use least privileged access (i.e., don’t give users more access than they need to perform their tasks)
  • Assume breach (i.e., don’t expect your safety measures to be sufficient—have measures in place that can work as a catch-all in case safety measures fail)

While this decade-old concept is viewed as critical in preventing hackers from launching an attack via many more entry points, it still has a long way to go before becoming mainstream.

In an attempt to reach optimal safety, many companies use what is known as an ‘access management service’ to control their access points. Some of the most famous examples of these access management services include Microsoft Azure Ad, LastPass Enterprise, and Ping Identity SSO.

One of the significant gaps that a zero-trust approach leaves is how it relates to print services—and we’ve seen how disastrous it can be when print entries are not protected. This article will go over how traditional zero-trust approaches often leave print infrastructure aside, creating a vulnerability in the corporate network, and how cloud printing can help.

Print: a weak link in zero-trust environments

Sometimes, businesses are so caught up in maintaining their zero-trust networks that they forget about one of the business activities most susceptible to threats: printing.

Printers and multifunctional devices (MFPs) can be a weak link in IT security. Smart connected MFPs are critical endpoints and just as susceptible to malicious external cyberattacks as PCs—especially if print systems are still running on a traditional network.

In a traditional setting, a hacker may be able to access a printer queue and intercept documents. They may also be able to use their printer as an attack point—their “way in” to attacking other systems within the company.

This doesn’t even consider how the release of traditional print jobs can’t be easily controlled, making it possible for a document to physically fall into the wrong hands (a scenario that can be avoided with a cloud print feature called secure pull printing).

As a result, an emphasis on print security must be maintained at all times. This means that IT leads must leverage the cloud to provide complete visibility of the print fleet and securely and centrally manage everything print-related from a single pane of glass.

Data sent to a print device is stored on the hard drive and, if left unsecured, remains accessible and vulnerable to attacks even after being printed. This vulnerability means print should be viewed as a critical component of an effective network security strategy.

Make print part of a zero-trust architecture

As organizations continue their journey to the cloud and pivot to support new hybrid work scenarios, they need to rethink strategy and modernize legacy security as a top priority. This will not only strengthen their security posture but will also work to minimize the possible attack surface.

Security teams must look for ways to align their print management and infrastructure with broader IT policies such as authentication, authorization, and role-based access control (RBAC). The best way to strengthen the security around your printing infrastructure is to rely on cloud print solutions that can use sophisticated identity verification systems like Ping ID.

With Hybrid Cloud Platform (HCP), RBAC is tied to the customer’s ID provider and gives granular access within a customer environment to services and data. When you use cloud print, you no longer need to rely on clunky, high-maintenance printer drivers. Devices are also uniquely identifiable, which means that employees can print from anywhere within your enterprise networks from their computers and mobile devices.

Trust is established with certificates and Public Key Infrastructure (PKI) for applications running on PC clients, embedded, etc., and internal device tokens can be used to authenticate the device itself.

The cloud-based platform also uses standards-based technologies such as TLS, OAuth and SAML for devices and services. Traffic is encrypted by TLS 1.3 by default, whether on an external or internal network. HCP connections are outbound from the customer network, unsolicited links are discarded, and there are controls to shut down connections to prevent denial of service (DOS) attacks.

Cloud print allows for monitoring, real-time updates

Relying on a cloud service also makes it easier to perform network configuration on an ongoing basis. This means that you can easily update your internal network when permissions within an organization change.

Having navigated the perfect storm of providing access to printers while striving to maintain information security and cost control, IT leads’ focus should now be on building a cloud-native zero-trust infrastructure. One that is agile to support changing business needs in a post-COVID world.

If you’re building a roadmap for implementing zero trust, consider EveryonePrint’s born-in-the-cloud multi-tenant print infrastructure platform which works in a zero-trust environment. With more and more businesses switching to cloud services, turning your print over to the cloud is a great way to prepare for the future while keeping your data safe.

Mark Milaszkiewicz
About the Author
Mark Milaszkiewicz is a senior pre-sales consultant at EveryonePrint. He’s been working as a technical pre-sales consultant in the print & IT industry for over 15 years. Living in London, he gets around the city visiting customers and friends on his e-bike.