Securing your print queues
Having a secure print queue is critical since printing plays a key role in many business processes. A server-based print architecture is needed to support important capabilities such as dynamic data transforms, retention of print files, rerouting of documents to an alternate printer, and providing IT staff with end-to-end visibility of the entire printing process. This requires a reliable, high-performance print spool, ideally running on a central server to minimize complexity.
In the Direct IP print model, one might assume there can be no “data at rest” because there is no spool. Or, is there? In the case of a Windows desktop, the print job is created locally and then immediately sent to the printer, assuming the printer is online and accessible over the network. If it is not, the print job is held on the desktop until it can successfully print or is cancelled (deleted) by the user. If pull printing is used in conjunction with Direct IP printing, then print jobs must be held on the local desktop until the user authenticates at a device and releases them for immediate printing. Held where? A local desktop spool of sorts.
The net effect is that it is possible to have “data at rest” in the Direct IP printing model. However, since the user (and owner of local print jobs) presumably had authorized access to the content in question, the potential security exposure would mainly come from an unauthorized third party that was able to access the contents in the event of a lost/stolen computer (e.g., laptop). The risk of leaving data vulnerable to unauthorized use can be greatly minimized or eliminated by implementing full-disk encryption across employee desktops (e.g., BitLocker for Windows systems).