Network Printing and Security
Wednesday, October 05, 2016
by Brent Black
It is easy to overlook or trivialize security requirements for printing. After all, it’s just printing, right? Is anything really at risk? The short answer is “no,” assuming that all printed documents can be freely shared with anyone in the organization. However, that is a ridiculous assumption in the business world, where it’s important to safeguard sensitive/confidential information and limit access on a need-to-know basis. Every day, printers process documents that are created by users and business applications across the entire enterprise. Some of these documents represent wasted paper. Others represent top-secret information.
Why do network-attached printers and multifunction devices represent a significant security risk? Precisely because most people in the IT organization do not see printing as an area of high security risk. Basically, it is a lack of awareness and focus about the possible security exposures that make this area vulnerable to insider threats. If everyone assumes that everything is OK, then who is left guarding the henhouse from the fox? Uh, that would be you. So it’s a good idea to look at some important capabilities to better secure network printing across your business.
What is “secure printing?”
When most print software vendors talk about “secure printing,” they are usually talking about a pull-printing solution. Many of us are familiar with this popular capability, also known as “secure release” or “follow me printing.” This is where users submit documents for printing from their desktops, but the documents are held in a queue until users authenticate at a device and release them.
Pull printing provides many business benefits. It safeguards sensitive information during the printing process, reduces cost by eliminating unclaimed documents, and increases the mobility and productivity of users by letting them print whenever and wherever they want. In terms of security, a pull-printing solution does ensure that an authenticated user is at the device when his/her documents are released for printing. This is critical when printers and multifunction devices are shared by many users in a workplace environment. Users no longer have to race to the printer to ensure that no one else walks off with their documents. Without such a capability, businesses are at greater risk for security breaches because sensitive information can easily end up in the wrong hands.
However, print security goes beyond just a pull-printing solution. What about protecting print data as it moves across the network from the user’s computing device to the printer? How do you prevent someone from “sniffing” network print data using widely-available tools that are freely available on the internet? The simple answer is – encrypt it.
IPPS, and SSL, and LRSQ, oh my…
LRS has long supported the ability to encrypt print jobs using its LRSQueue (LRSQ for short) client software. This client provides a command line interface that enables users and applications on multiple platforms to exploit the features of the LRS print/output management products. In short, think of LRSQ as a super-duper print command that uses Advanced Encryption Standard (AES) technology to safeguard the content of documents from submission to delivery to the LRS Enterprise Output Server. Some of our alliance partners and other technology providers have added LRSQ support to their solutions for just this reason.
However, not all users and applications are able to utilize LRSQ, and there is also a requirement for an industry-standard mechanism to encrypt print jobs between the LRS Enterprise Output Server and print devices. To address both of these requirements, we recently enhanced our print/output management solution to receive and deliver print jobs using “Internet Printing Protocol over SSL” (IPPS). This new capability encrypts print jobs submitted on Windows, Mac, and Linux desktops to ensure safe transmission over the network to the LRS Enterprise Output Server. In turn, print jobs sent from the LRS Enterprise Output Server to a network printer or multifunction device can also be encrypted. Just as your online banking transactions go over an “HTTPS” connection to ensure security, your print jobs can use IPPS to protect your print data.
Other security measures
What else can be done to improve security for network printing? Watermarks, for example. LRS software can dynamically add watermarks to documents without application changes, which lets organizations classify documents according to company guidelines (e.g., internal use only, confidential, test data, etc.). Watermarks are a powerful, visual aid that reminds users of the need to properly handle, protect, and dispose of printed material.
Finally, it is important to track “who” prints “what,” “when,” and “where.” This is where a comprehensive print auditing capability comes into play that helps organizations track costs and improve compliance with regulatory and corporate mandates. “Trust, but verify” is still good advice today.
Holistic approach to print security
In contrast with other vendor offerings, LRS takes a holistic approach to the subject of security and network printing. We provide print security capabilities that span a wide range of applications and platforms, from mobile to mainframe. In short, why should this important subject be limited to a subset of applications and computing platforms? At LRS, we believe that organizations do not have to sacrifice capability for standardization. You can and should demand a holistic approach, certainly for all things security-related.
Simply put, LRS is not a “one-trick pony” when it comes to security and network printing. We understand how important data security is for large enterprises around the world, and that drives our strategy to be the global leader in secure printing solutions.
Give us the opportunity to discuss your print security concerns and requirements. We’ll help you plug print security holes across the enterprise, from user desktops to critical business applications. With the LRS solution in place, the security of your network printing is under control. Leaving you more time to find and fix other security holes in your environment.