Problems with Current CAC/PIV Secure Printing Solutions

In our recent blog, Barriers to CAC/PIV Secure Printing Implementation, we discussed PrinterLogic’s research into why federal agencies had put off deployment of a CAC/PIV secure-printing solution. Part two of that investigation was to survey agencies who had implemented a CAC/PIV solution to learn more about the pros and cons of their approach, as well as their level of satisfaction with the solution.

We learned that some agencies were not happy with their current CAC/PIV implementation because the solutions were too complicated to maintain, or because they introduced additional risks, or because they invested in a solution that had not paid off.

Most server-based print-management solutions employ one of the three common network printing architectures: centralized print server, distributed print servers, or a combination of both. These packages inherit the associated challenges and security risks of print servers in general, and include:

  • Centralized points of vulnerability for all print jobs at one location
  • Centralized points of failure that delays mission-critical printing
  • Absence of digitally signed print jobs resulting in a lack of document integrity

Each of these risks create new challenges, as outlined below:

  1. Single points of vulnerability. Whether they are centralized and distributed, print-server networks use one location for all print data. Any unauthorized or malicious access compromises every print job on the server. While most of this access is unintentional, malicious access is initiated by an authorized user with detailed system knowledge. Most print-server architectures make it possible for a single actor to access large amounts of sensitive or classified print data. If one document is breached, it’s fair to assume that all print data at that location is compromised. Even when security measures protect data at rest, these server-based systems use centralized document file stores, print-job repositories, or print queues that become high-value targets for malicious actors. By definition, they are a weak link in the security of a network.
  2. Single points of failure. If a print server or communication with that server fails, printing comes to a standstill until the issue is resolved. Even with high-availability failover or clustered print networks, printing of mission-critical data stalls out and negatively affects the productivity of an entire organization.
  3. Lack of document integrity. Most server-based print management packages rely on device-based printer and MFP CAC/PIV solutions. They are single-vendor designs that do not have direct access to the user’s CAC/PIV card when authenticating at the printer. Instead, the CAC/PIV solution passes the user information to the print-management software. Jobs are not digitally signed before release at the printer, which creates a vulnerability in the agency’s print security. These print-management systems have no way of knowing if a print job was altered before appearing on the printer.

Based on this research, PrinterLogic has developed a cost-effective CAC/PIV secure pull-printing system that works with ANY network printer, requires no print servers, and gives complete visibility into print activity on the network. Read about it in our new blog, The PrinterLogic CAC/PIV Advantage, call our Federal Sales Desk at 435-216-1939 for more information, or to schedule a WebEx product demonstration and a 30-day free trial.