Exposed: What is Secure Print?

Face it: from the moment a user or an application generates a document that is going to be printed, that document is exposed to a variety of threats. The term “Secure Print” involves protecting the printed documents at every step from the originating application to the target print device as well as offering some mechanism to track printed documents.

Let’s walk through the different hazards that documents are exposed to and think about how to protect them from each:

Network Traffic: The Threat

Looking at the overall print process, a print file is normally sent from an application or from a user workstation to a print server that routes it to the destination printer. Alternatively, if direct IP printing is enabled, the print file will be sent directly from the application to a printer. In either case, the print file travels over a network and during this time of transit, the data is at risk. Why? Because the print file is designed to be read and the information it contains can be easily viewed with freely downloadable tools.

The Solution

One way to prevent any document traveling over the network from being exposed is to encrypt the data.

LRS can encrypt print jobs using its LRSQueue client software. This client runs on multiple platforms and provides a command line interface that enables users and applications to send documents to the LRS print/output management products. Document data is transmitted using Advanced Encryption Standard (AES) technology to safeguard the contents from the moment of submission until final delivery.

Another way to encrypt print jobs is using “Internet Printing Protocol over SSL” (IPPS).

LRS supports IPPS for print job submission from Windows, Mac, and Linux desktops to ensure safe transmission over the network to the LRS Enterprise Output Server. The LRS Enterprise Output Server can also use IPPS to send an encrypted document to a network printer or multifunction device.

In short, LRS supports encryption from the application all the way to the device regardless of what platform the application runs on - anything from mobile to mainframe.

Unattended Documents Sitting in the Output Tray: The Threat

When someone prints a file, the document usually arrives in the output tray of a printing device within seconds. As a result, when the user who submitted the print job arrives at the printer, the output is waiting there “unattended.” If another user is by the print device at that moment, that user can look at or even walk away with the printed document. No big deal if it’s a take-out menu from a local restaurant. Very big deal if the document includes confidential information.

The solution

To prevent “unattended” output, many companies are implementing a pull print solution that prevents the document from being printed until the user authenticates on the device. Pull printing provides many business benefits. It safeguards sensitive information during the printing process, reduces cost by eliminating unclaimed documents, and increases the mobility and productivity of users by letting them print whenever and wherever they want.

LRS provides a Pull Printing solution that can be integrated with any corporate application, even backend systems outside the realm of “typical Windows printing.”

Pull Printing: The Threat

As mentioned above, pull printing provides many business benefits. However, it also introduces another type of threat due to the fact that the output waiting on the pull print server can be hacked.

The solution

To protect documents waiting to be released, the pull print solution needs to support “encryption at rest”, which means that those documents are encrypted while waiting on the pull print server. This is in addition to document “encryption in motion” as described in the Network Traffic section above.

If the waiting output resides on the user’s workstation (as in the serverless printing scenario), that output needs to be secured and should not be available to any other user logging on to that workstation.

LRS Pull Print solutions support encryption at rest to prohibit access to the documents stored in the pull print server. The LRS software also supports secured serverless printing.

Printed documents: The Threat

Once a document is printed, there is no way to electronically secure the information it contains. Therefore, the user who printed the document is responsible for protecting that information. There is no way to control a user’s behavior, but there are some things that can be done to remind users of the need to properly handle, protect, and dispose of printed material.

The solution

One simple thing that can be done to make print users aware that they are dealing with sensitive information is to insert watermarks onto the printed page.

LRS software can dynamically add watermarks to documents without requiring IT departments to modify their applications. This ability helps organizations easily classify documents according to company guidelines. Watermarks stating “Internal Use Only” or “Confidential” or “Test Data” go a long way toward helping users understand the nature of the information they are handling.

Another way to improve security is to track “who” prints “what,” “when,” and “where.” This is where a comprehensive print auditing capability comes into play. Such solutions can help organizations track costs and improve compliance with regulatory and corporate mandates.

In summary, LRS Enterprise Output Management software can provide secure printing from any application to any device and for any platform, from mobile to mainframe. Our solutions help you covering all types of security threats: