Secure Your Enterprise Printing Environment

*Updated – Originally published March 09, 2016*

For many print management solutions, security and convenience are considered mutually exclusive. You can have secure mobile printing and secure document printing (provided those features are offered at all), but that security comes at the expense of ease of use. Just to print a document, end users have to fuss with passcodes and jump through multiple hoops—which, paradoxically, makes them less likely to actually make use of the features in their supposedly secure printing software. Even worse, these features are often included at additional cost. That means you’re paying for features that your employees don’t use.

At PrinterLogic, we know security and convenience are actually directly linked. Or to put it another way: secure printing software is only as strong as your end users’ willingness to use it.

We’ve given a lot of thought to the printing habits of everyday users and the ideal way to integrate secure printing features into their normal workflow. And we came to the conclusion that secure printing has to be easy, seamless, and—most importantly—incredibly secure in order for it to have maximum effect. That’s why PrinterLogic combines features like secure mobile printing and secure release printing with seamless integration into your existing print environment, offering the flexibility to accommodate any printing workflow.

PrinterLogic allows you to choose from multiple secure printing release methods:

  • Badge/card reader: End users can release their print jobs at the local printer using your existing badge system. A badge reader situated next to the printer or embedded in the printing device will release the queued print jobs associated with the scanned badge.
  • Browser-based release: With this method, print jobs can be released using any device capable of running a browser—including PCs, Macs, Chromebooks and mobile devices. End users can access PrinterLogic’s web-based app to release print jobs using their own devices from anywhere in the organization. Alternatively, an inexpensive iOS or Android device can be permanently placed near the secure printer.
  • Embedded control panel: By installing the PrinterLogic app directly onto a supported printer, users can log in and release their print jobs right from the device’s LCD. This method is extremely straightforward because it doesn’t require any additional hardware.
  • Mobile Release: Using the PrinterLogic Mobile App (available on iOS and Android), end users can log in, select their print job from the queue, and release it to the printer of their choice.

In all of these scenarios, PrinterLogic’s secure printing software enables users to initiate print jobs using a specific printer driver to a single printer—thereby maintaining all functionality native to the driver and ensuring the integrity of the print job. The crucial step is the release command, which has two important roles:

  1. Print jobs cannot be authorized to be executed by anyone other than the user who initiated them.
  2. Those jobs are only released when the user is present at the printer, so the documents are not left in the output tray—and viewable to anyone—for any length of time.

Better still, secure document printing with PrinterLogic isn’t limited to one manufacturer or any single type of print environment. You can use it in any PC/Mac setting and with a whole range of devices. Your IT team will appreciate that platform and manufacturer agnosticism. Your users will appreciate the simplicity. And your organization will love the security.

The Zero Trust Series: VDI Environments and Security Risks

Organizations have gravitated toward virtual desktop infrastructure (VDI) solutions like VMWare and Citrix to operate following a shift in workforce demands. For various reasons, they’ve become a permanent fixture of enterprise IT strategies. VDIs help companies reduce costs and infrastructure while maintaining flexibility and access to important features. They also help combat security vulnerabilities and IT labor costs by simplifying IT management and enhancing employees’ experiences. 

From a security standpoint, virtual desktops are a definite upgrade compared to physical desktops and a significant step toward embracing a Zero Trust Network Architecture (ZTNA). However, despite improving security, employing VDI solutions aren’t a quick fix to avoid data breaches and cyberattacks.  

In part three of our Zero Trust blog series, we’ll talk about who utilizes VDI solutions and the security risks associated with using them. Let’s dive in.

 

Who Uses VDI Solutions?

VDI integrates well with any company employing a hybrid workforce, remote employees, contractors, task workers, medical professionals, and teachers. Its versatility gives employees access to their office on-demand and fits right into digital workflows without skipping a beat. In order to meet security and remote workforce demands, VDI solutions are commonly deployed by organizations operating in: 

Highly Regulated Industries: Legal or healthcare organizations that are required to comply with regulatory standards benefit from VDI because data is centralized in a data center or secure cloud. Employees can’t store private data on a personal device, eliminating the risk of internal malicious actors doing serious damage.  

Confidentiality-Centric Environments: Government entities or financial institutions that must maximize security to protect data are well-suited to employ VDI. This allows IT teams to have complete control over user desktops and prevent potentially harmful software from entering the VDI environment. 

BYOD Programs: Hybrid or remote employees that use their own devices in the workplace need a VDI solution to increase productivity and keep everything in-house. Bring your own device (BYOD) programs eliminate the need for employees to download apps separately on their computers and provide them with fully functioning virtual desktops with predetermined apps already installed.   

 

Security Risks of VDI

Companies deploying VDI often place security at the top of their agenda. The reason is that VDI servers run on many desktops containing sensitive information across an entire organization. Since many people in executive roles are also using the VDI system, hackers can gain access to your company’s most precious information which, in turn, decreases company productivity and causes financial chaos.  

Despite having innate security capabilities, VDI carries unique security risks and creates the following attack surfaces:

  • Internal actors: Internal threats are a growing cause of data breaches, particularly in VDI environments where malicious actors can breach other employee desktops or VDI servers. According to a 2022 report by Ponemon Institute, malicious insiders caused 26% of insider data theft at an average cost of $648,000 per incident. Not all threats are intentional either. A Citrix study found that many are accidental (54% of threats) and result from weak passwords, stolen property, or lack of file encryption. 
  • The network: Virtual network environments share the same resources meaning they are more vulnerable to attacks. Many organizations have been feeling the repercussions of not adequately segmenting network assets with the average cost per data breach hovering above $4 million. If the network isn’t properly segmented and one section is attacked, routers and links from other virtual networks become vulnerable.
  • VM updates: It takes considerable time to patch, secure, and maintain virtual machines manually because they have their own operating system and unique configuration. If the IT department falls behind on updates and patches, the network is more prone to security breaches. 
  • Hypervisors: Hypervisors support the creation and management of virtual machines. They allow one host computer to support multiple guest VMs by virtually sharing its resources. Attackers can take control of the hypervisor by using malware to take over the operating system. At that point, you might as well have given them the keys to your home.

 

Hybrid Work Creates Security Holes 

It’s easy to think that printers are losing their relevance in today’s workplace since companies have leaned toward digitization and cloud storage. However, many industries and teams still rely on printing as a vital part of their operations, including healthcare, logistics, government, and legal sectors. Some of these areas have allowed workers to take on hybrid roles, but they still have to print. They often have to rely on their own out-of-network printers to print the documents they need. 

You may be thinking: Wouldn’t remote work decrease the need to print?

Quite the contrary. A study on remote printing found that 59% of employees printed more or the same amount at home as they did in the office. Most of these print jobs contain employee, customer, and company information that can be compromised through home networks.

In a recent survey, Quocirca found that 67% of organizations are concerned about the security risks of home printing. Many of their concerns stem from hybrid workers not using strong passwords to protect the administrator account and not having up-to-date firmware on their devices. Printers become vulnerable and give cyberattackers a way into an employee’s home network. From there, attackers can maneuver through a company’s virtual private network and ultimately get into the corporate network. And voila! They have access to your organization’s crowned jewels.

Giving users secure printing alternatives could make all the difference in mitigating the risk of printing from home. Leveraging PrinterLogic’s advanced security features like Off-Network Printing allows users to print securely from any network outside your organization.

 

Up Next: Making VDI Zero Trust Compliant

This blog covered the attack vectors of VDI solutions without a Zero Trust framework in place and how remote printing has caused security headaches for organizations. Part four of our five-part blog series will discuss the steps companies can take to make their VDI environments Zero Trust compliant and pinpoint the limitations of VDI printing.

Check out part four of the Zero Trust blog series here

The Lingering Effects of PrintNightmare

A little over a year ago, the IT community was hit with a massive vulnerability that affected way too many companies. It was known as CVE-2021-34527, colloquially called PrintNightmare.

Most companies still run print servers, which require spoolers to do their jobs properly. Unfortunately, this vulnerability was exposed within the spooler, allowing anyone to execute code on a network without even having to work around other network security. That meant everyone using servers was in trouble. 

Thankfully, a patch was released relatively quickly. But… that fix ended up causing other problems. More patches were released and, ultimately, the final fix essentially offered companies 3 choices:

  1. Stop printing entirely.
  2. Manually enter admin credentials for any print changes, deployments, or problems.
  3. Get rid of their print servers/spoolers.

Clearly, option 1 is not a long-term solution. Even companies that are moving toward a fully paperless office need time and policies in place to fully stop all printing. Even in most “paperless” offices, there are still some circumstances that require printed documents. That means that companies choosing to go this route are making choices about when it’s necessary to risk their security in order to print.

The second option is not ideal either. It takes time and resources to have your IT team constantly dealing with small print tasks previously in the hands of your general employees. Needing admin credentials to update a simple print driver is a frustrating, time-consuming issue. And employees used to having some autonomy are getting fed up with needing help to fix simple problems.

The last option may be the best choice for your company in the long run. It also takes time and resources to implement. But while it may take time and budget, more than a year of dealing with the lingering issues from the PrintNightmare vulnerability is more than enough. 

Serverless Printing Is a Permanent Fix

Unlike the patches that were released, going serverless with PrinterLogic solves print spooler vulnerabilities for good by avoiding them entirely. It streamlines your infrastructure, creating a direct IP printing environment. Plus, with the PrinterLogic Admin Console, you can manage drivers, deployments, and users all in one place. That means no more wasted time for your IT team and a more secure network. 

Isn’t it time to ditch the ongoing PrintNightmare problems?

The Zero Trust Series: Why Printing?

This is part two of a five-part blog series centered around Zero Trust. In our first blog, we covered the basics of Zero Trust, its core principles, and how to begin your Zero Trust journey.

This article ties in how endpoints are security vulnerabilities and why printers are a good start for companies wanting to embrace the Zero Trust philosophy. 

Endpoints: The Low-Hanging Fruit

Organizations recognize that now is the time to start securing their networks, especially with the number of data breaches increasing year after year.

It’s not a matter of when to start your Zero Trust strategy.

For most, it’s a matter of where and how

Securing your endpoints (i.e., printers, workstations, mobile devices, cloud, etc.) is a quick way to start building a strong ZTNA. It’s also one of the most beneficial starting points from a financial perspective. 

According to a study by the Ponemon Institute, 68% of organizations have experienced one or more endpoint attacks that successfully compromised data or their IT infrastructure. They also note that the average cost of a successful endpoint attack is $8.94 million, more than double the amount of an average data breach ($4.27 million). This statistic alone is enough to justify why endpoints should be first-in-line for security improvements.

How Is Printing Involved?

Yes, people still print. And more than you may think. 

According to Quocirca, 64% of organizations still rely heavily on printing. Many print jobs containing company information are deployed from a home office printer since the hybrid workforce has become the norm. Office and home printers should be taken seriously because print jobs with vital information are subject to internal and external theft if left unsecure. 

Printers Are a Security Weak Link

PCs and laptops are prioritized when companies assess security threats. Printers, however, are often an afterthought because they perform basic functions and they, well, print paper. They sit behind one layer of security: your network’s firewall. But that layer is not enough to keep hackers out. 

The simplicity of printers and the fact that they are overlooked make them ripe for the picking for cybercriminals coming after your company’s data. 

Security risks aren’t just because of your printer either. Print servers are often the true culprit. With print servers, files waiting to print are collected in a spool folder on the print server’s hard drive, sometimes for excessive amounts of time depending on job traffic. These jobs are prime targets for interception. 

Think about all the times you have printed tax documents, financial statements, employee data, and medical records in your office. All of those documents had the potential to be exposed or swiped. 

Fun Fact: If you have the time to look up “How to hack a printer” online, you’d notice that there’s loads of information on how easy the process actually is. 

Hacking a printer isn’t rocket science. It’s as simple as a Google search. 

Recent Events Started Turning Heads

Cyberattacks on companies have become a regular occurrence. We’re constantly seeing breaking news reports on cyberattacks against large companies. Of course, we only hear about the news involving large sums of money or substantial data loss that affect the public like the breach that affected 3 billion Yahoo accounts or the theft of 26 million files containing U.S Veterans’ information.

Regarding print security news, none received more publicity than PrintNightmare, a Windows Print Spooler vulnerability that was discovered in late June 2021. Leaving millions of customers prone to attacks, this vulnerability was exposed through inbound Remote Procedure Calls which failed to restrict the administration of printers and related drivers. With SYSTEM privileges a remote attacker could execute arbitrary code on a vulnerable system.

Windows issued so many patches they could have revived the first pair of Levi’s jeans your great grandfather ever owned. 

But the nightmare continued.  

Kaspersky reported seeing roughly 65,000 attacks targeting the Windows Print Spooler vulnerabilities between July 2021 and April 2022. It’s still a popular attack route for cybercriminals, so no matter how many patches are out there, it can happen again. 

Your First Step: No More Outdated Print Servers

Zero Trust isn’t a product. It’s a model that defines how to strengthen security across the board. Starting with the basics and implementing secure practices one step at a time reduces risk and improves visibility, enabling your organization to handle threats appropriately as they emerge. 

If you print regularly and want to begin implementing ZTNA by securing your devices and data…why not start with your print environment?

Uncertain about how to do it? We’ll help you trust your printers again.  

PrinterLogic SaaS boasts a serverless printing infrastructure that complies with Zero Trust standards. By simply eliminating your print servers, you get rid of the black sheep of office equipment while gaining a feature-rich, secure, and streamlined printing infrastructure. 

Next Up: VDI Environments and Security Risks

Following the pandemic, many organizations began implementing VDI solutions to solidify security and allow remote workers access to files and applications from anywhere in the world. Employing VDI is a step in the right direction toward Zero Trust, but it doesn’t entail you’ve completely secured your devices and critical assets.

Part three of our five-part series will cover VDI solutions, their security risks, and how remote printing has created a gaping hole in companies’ security. 

Read Part Three of our series.   

The Zero Trust Series: What Is Zero Trust and How Do I Start?

Roughly 12 years after the term was coined in 2010 by John Kindervag, a Forrester researcher and thought-leader, Zero Trust has finally reached mainstream popularity. His game-changing philosophy transformed organizations’ perceptions about network security and how to mitigate risk as data breaches become more routine. However, IT companies and professionals have exhausted the term Zero Trust, causing organizations to think a full-fledged Zero Trust Network Architecture (ZTNA) is achievable with a quick snap of the fingers. Unfortunately, that’s not the case. 

That’s why we’re here. To help give you a fundamental understanding of how to implement Zero Trust practices in your organization and guide you through your journey to minimize data and financial loss. 

In this five-part blog series, we are going to cover:

  • What Zero Trust is (and isn’t)
  • How printing fits into a Zero Trust approach
  • Why you should secure your endpoints
  • VDI printing security issues
  • Making VDI print environments Zero Trust compliant
  • How PrinterLogic, Citrix, VMware, and IGEL work together to create a Zero Trust environment

Zero Trust: The Basics

Let’s start with how Zero Trust impacts our daily lives.

You swipe your debit card at the gas pump, enter your PIN, fill your tank, and drive off to your next destination. Five minutes later, someone tries buying a $3000 watch using your debit card details–500 miles away from where you just pumped gas.

The bank realizes that you couldn’t have driven 500 miles in five minutes to purchase something and you never spend more than $500 on a single purchase, so you receive a text or email from your bank notifying you of potential fraud. You decline the transaction and disable your card. 

This Zero Trust approach saved you and the bank a lot of time and money and eliminated the threat before they could do more damage.

Traditional vs. Zero Trust Security Approaches

Traditional access models allow everyone within the company network to access data, trusting everyone who logs on to a computer within the network’s perimeter as long as they have a password and username. This model was legitimate until digital transformation and hybrid cloud infrastructures became the norm. 

Now that employees regularly work outside their companies’ network perimeters due to hybrid work, companies’ attack surfaces have expanded and made them more prone to threats. This prompted organizations to make a dramatic change to their security standards.

Zero Trust takes the opposite approach with its motto of “Never trust, always verify,” enforcing access policies based on a user’s location, device, and requested data. Under this framework, end users are always seen as a potential threat and are continuously verified to block inappropriate access to critical information. 

Zero Trust evaluates against each resource separately, so every time a user needs access to a particular app, they must prove they are someone who needs access to that resource before being able to use it. ZTNA is especially important for companies employing a hybrid workforce where employees constantly shift locations.

Zero Trust’s Three Core Principles

Zero Trust is not a single solution but rather a combination of third-party services that operate simultaneously and follow three core principles:

  • Everyone Is a Threat: By assuming everyone and everything is a threat, organizations are more prepared for actual threats when they do occur. Through continuous authentication and authorization of all Internet of Things (IoT) devices, users, locations, and data sources, organizations reduce risk by uncovering what’s on the network and how it’s operating.
  • Reduce Attack Surface: The Zero Trust model employs microsegmentation, enabling admins to monitor and control information between applications and servers. Isolating your network’s assets limits the attack surface, eliminates the risk of lateral movement by attackers, and prevents exposed devices from damaging other resources.  
  • Minimize User Access to Resources:  Zero Trust only allows users access to necessary applications they need to perform their jobs and doesn’t offer them direct access to the network without verification. Following the Principle of Least Privilege (PoLP), Zero Trust prevents users, accounts, and processes from having broad network access, significantly reducing network vulnerabilities. 

Now that you get the gist of what Zero Trust is and it’s core principles, let’s help you establish a base for how to start your Zero Trust journey.

The Path to a Zero Trust Architecture

 Zero Trust Isn’t a “One Size Fits All” Solution

It’s important to note that the Zero Trust model isn’t an all-or-nothing approach. This common misconception has caused organizations to balk at starting their Zero Trust journey. Knowing that there isn’t one correct path to Zero Trust and choosing a starting point that aligns with your organization’s goals makes all the difference in building a highly secure network. Start by prioritizing your needs and implementing ZTNA with a step-by-step approach by asking yourself three questions:

Zero Trust Part 1

Answering these questions will help your organization develop a strategy to begin implementing Zero Trust on top of your current infrastructure. Begin with your most critical assets before you try implementing solutions on a broader scope. Rome wasn’t built in a day; your Zero Trust Network won’t be either. 

Regardless of your starting point, you can expect to receive immediate security, risk reduction, and investment returns. 

On Deck: Why Printing?

So far, we’ve covered Zero Trust, its core principles, and how to begin building towards ZTNA. 

In part two of our five-part series, we’ll answer the following questions:

  • Why should organizations start a ZTNA strategy with their endpoints?

 

  • How is printing involved in Zero Trust?

 

  • Why are printers a security weak link?

Click here to read part two.