by Henning Volkmer
Printing processes sensitive information of some kind almost every time the printer warms up and whirs to life. Those looking to secure their organization’s environment are almost certainly familiar with the current regulation and standards buzzwords for their industry, such as PHI, PII, HIPPA and more. And now there’s the latest acronym — GDPR.
In May 2018 the European Union’s General Data Protection Regulation (GDPR) will become mandatory. If your organization conducts business in the European Union it must comply with these rules by mid-2018. Developed to harmonize the rules for processing personal data by private companies and public authorities throughout the EU, this new legislation raises a number of questions, especially for small and medium-sized businesses. What information is considered personal data? Which IT processes are affected? How can I start implementation?
One perhaps overlooked point of concern should be printing. With or without GDPR, printing has a significant impact on security because it sends unencrypted, sensitive data through an organization’s network. This is of concern because recent data breaches have shown that data collection almost always happens on the internal networks. To ensure GDPR compliance, or to simply ensure your company’s print data is secure, the following steps should be taken.
Step 1: Secure printing starts with implementing SMB 3.0 or later for all printer shares, especially those on your organizations print servers. With SMB 3.0 the connection can be encrypted so be sure to enable this feature.
Step 2: Encrypt print data when it travels from the centralized print architecture to the printer. Unfortunately, this is not just a check box in Windows. This requires a third-party solution that can encrypt the data once it has been processed by the printer driver and either encrypt it through an app installed directly on the printer, or a hardware module that can be added to virtually any printer.
Step 3: Evaluate direct IP printing in your organization. As a basic rule, if it is unmanaged, it is not safe. If everyone can print to any printer then there is no monitoring that can be audited. And, if users can access any printer from any device, printers must be on the same network as the devices sending print jobs.
The latter is especially risky because it makes the printer itself vulnerable to attacks and someone might gain access to data stored in the printer memory or storage much more easily than if the printer were on a separate device. There are solutions to manage direct-IP printing and make it more secure. This is especially important if you are a larger organization working with sensitive data. In these situations, a centralized print architecture with a good print management solution is a necessity.
Step 4: Reduce the impact of printing on end-to-end security by ensuring users always have the right printer available and can easily identify which printer they are using. Implement a solution that can automatically detect and provide updated printers as a user changes location or takes on a new role in the organization. This not only ensures significantly reduced help desk calls, but also greatly reduces the risk of printouts containing sensitive information being distributed to paper trays all over the organization where they can never be picked up.
If you’re unsure about the effort to teach the algorithms needed to provide this level of automation you have two valid alternatives: One, implement an easy-to-use self-service option for users. This provides an easy and reliable way to access the printers needed (provided they have permissions to use that printer). Two, implement a follow-me or pull print solution.
Follow me or pull printing solutions should fulfill a few criteria to be truly useful:
- Offer a “no hardware required” authentication option like scanning QR codes with a smartphone
- Offer a truly universal adapter to be added to every existing printer so the existing printer fleet can remain in place
- Eliminate all other methods of printer mapping. The user always prints to the same printer object and then decides where to print by authenticating at any printer in the environment that has been enabled for follow-me/pull printing
- Store data centrally and securely while it waits to be printed. Storage in printers is easily accessible to be removed and the data stored there is mostly unencrypted. Printers are far more difficult to monitor or intrusion and hacking than servers and are a much easier target for an attack.
Printing has a huge impact on the end-to-end security of your organizations’ and your customers’ data. For those doing business internationally, new, comprehensive rules with stiff penalties are just a few months away. And, if you’re in the service provider or cloud provider business, your customers trust you with a lot of sensitive data. You may be responsible for that data beyond just your cloud. Take a moment and consider making printing that data you’re entrusted with part of your security strategy and offering.
The good news is that solutions to ensure security for printing are readily available. Print data can be encrypted end-to-end. Printing can be managed better and more securely. Users can be asked to authenticate at a printer while increasing convenience of printing and these challenges can be solved in both direct-IP and centralized print environment. Just talk to a solution provider of your choice.
Henning Volkmer is president and CEO of ThinPrint, a leading provider of print management software and services for businesses.