Whether you’re a small business with 100 employees or a multinational enterprise with a workforce of 10,000, you have a shared priority: safeguarding the security of your network.
There’s good reason for that. According to reporting from Harvard Business Review, ransomware attacks rose by 150% between 2019 and 2020, and that deeply worrying trend shows no signs of stopping. Mission-critical security exploits like Log4j and PrintNightmare are cropping up every couple of months. And with the shift to remote and hybrid work, organizations are scrambling to plug newly visible gaps without inconveniencing their end users.
This series of blog posts will look at five security concerns that are top of mind for today’s CIO or IT director:
- Minimizing the attack surface
- Protecting data
- Embracing Zero Trust
- Safely supporting remote work
- Mitigating cyberattacks
All of these security concerns intersect in the print environment. That’s not just something we’re saying as a printing solution provider. It’s what our customers are telling us day in and day out.
With that in mind, these posts will also discuss how PrinterLogic’s core solution and our new Advanced Security Bundle solve these pressing and emerging challenges.
In this post, we discuss how PrinterLogic helps minimize your attack surface and protects proprietary data. Let’s dive in.
Your attack surface is the number of points that an unauthorized actor could breach to extract data or deliver a malicious payload. The size of your attack surface correlates directly with your infrastructure.
In the print environment, “infrastructure” equates almost entirely to print servers. If you have 50 print servers, you have 50 possible attack surfaces—each with multiple attack vectors and hundreds of megabytes of confidential user data as a target.
PrintNightmare is a perfect—and scary—example of the power and scope of an exploit that leverages print servers as a ubiquitous (and therefore often overlooked) attack surface. It preys on untrusted drivers, turning those modules into rogue agents. But the present tense is important here. PrintNightmare hasn’t gone away. It might no longer be grabbing headlines in the tech media, but its three variants remain a critical security vulnerability across the board. Some researchers have even argued that patched servers shouldn’t be considered immune.
At the same time, the comprehensive fix for PrintNightmare and other print server exploits is both simple and obvious. To minimize your attack surface, you just take the vulnerable infrastructure out of the equation. Problem solved.
This is why our customers didn’t even bat an eyelid when PrintNightmare appeared. They didn’t have to worry about print servers being exploited as they waited for a patch. Why? Because PrinterLogic had superseded their print servers the moment it was deployed. Malicious actors can’t attack what doesn’t exist.
From its very first line of code, the core PrinterLogic solution has been laser-focused on eliminating print servers through a centralized, enterprise-grade, direct-IP printing platform. Since then, PrinterLogic’s footprint has only grown smaller and more secure as it evolved into a cloud-native SaaS offering with support for all major cloud identity providers (IdPs).
That reduction in infrastructure has huge benefits for cost savings, ease of use, and resiliency, as many organizations have already discovered hundreds of times over. Now, they’re realizing they can add security to that list too.
I’ll bet your organization is already taking serious steps to secure your digital data. If you have several individuals or teams of people working with important documents, you’re probably making sure that all those folders and files have very specific access privileges. No unauthorized users can open or interact with them. The same goes for apps and other software.
But what about printed documents?
That’s a different story.
We can all probably share a bunch of anecdotes about how unsecure everyday printing can be. I remember a time when I would have to sprint from my desk to the printer as soon as I clicked “Print” in order to grab a sensitive print job as soon as it hits the tray.
In the real world, however, things don’t always go according to plan. You print a confidential job, get distracted by a phone call or a meeting, and then forget to pick it up. So it sits in the output tray, where someone else accidentally grabs it along with their own papers. Whether they wanted to or not, they’ve now seen that private salary information or the upcoming product behind the codename.
This is the number one way data gets leaked in many companies. The 2022 Quocirca Print Security Landscape study found that 68% of companies reported a data loss as the result of unsecure printing practices like these.
Here’s where Secure Release Printing comes in.
Secure Release Printing has been an optional feature for PrinterLogic customers for many years, and we’re now making this proven technology a cornerstone of our new Advanced Security Bundle. What Secure Release does is it asks the user to authenticate via badge or credentials while physically present at the printer before the job can be executed. The user who initiated the job is the only one who can retrieve it.
PrinterLogic’s new Advanced Security Bundle also includes a very convenient technology called Mobile App Release. This, too, is a feature we introduced several years ago and have been refining and augmenting ever since. It functions similarly to Secure Release, except it uses the user’s mobile device as the authentication mechanism.
It’s important to mention something about simplicity here. We know from experience that forcing users to jump through all sorts of hoops in the name of security is self-defeating because it only makes those users want to circumvent those protocols. That’s why Secure Release and Mobile App Release are incredibly intuitive. Users can seamlessly incorporate them into their workflows, so data protection becomes a natural and fundamental part of their productivity.
Another important thing that advanced features like these have in common is that they tap into the inherent security of the core PrinterLogic solution. By eliminating print servers, we haven’t just reduced an attack surface. We’ve also ensured that print data is never sitting in some intermediary point like a server-based print queue. With PrinterLogic, the TLS-encrypted print job goes from the user’s device directly to the printer. This direct-IP paradigm avoids single points of failure where someone could tap into that data stream.
If you look at the full feature set of our Advanced Security Bundle, you’ll spot something interesting: Off-Network Printing. This might sound like it goes against our “keep it local” philosophy when it comes to protecting print data. But the reality is that remote work—which I’ll cover in more detail in the next blog post—is now a dominant force in the modern workplace, and we need to find a way to support it securely.
PrinterLogic’s Off-Network Printing mirrors the direct-IP approach of our core solution but extends these capabilities to any authorized off-network device. It does this by establishing a secure tunnel between the initiating device and the local destination printer behind the firewall—no VPN required! All the print data is TLS-encrypted along that single path, and it’s never at rest.
Later this year, we’ll build on this model to offer optional functionality that can temporarily store the encrypted print job in the cloud for added convenience. Authorized users will then be able to execute the job locally using one of our release mechanisms to push the encrypted cloud data to our software on the destination printer.
Between our core PrinterLogic solution and the functionality in our Advanced Security Bundle, we now have three scenarios that cover any use case, while still protecting print data by design:
- Local direct-IP printing, enhanced by Secure Release and Mobile App Release.
- Our current Off-Network Printing solution, where data is not at rest.
- The forthcoming version of Off-Network Printing, where cloud data is protected end to end.
I promised to address five security concerns, and so far, we’ve covered only two.
In the next blog post of this three-part series, we’ll talk about trends like Zero Trust and remote work. How important is office printing to successful Zero Trust and remote work strategies? In what ways does the conventional print environment put those strategies at risk?
Those are all questions I think PrinterLogic can answer.