How to Print in a Zero-Trust Network Environment

Using a printer should be easy. Simply plug it into a computer and it shows up as if by magic. Or, if the printer is on a Wi-Fi or company network, the computer might need a quick nudge with a mouse click to find the printer on the network. It is quite astounding in its simplicity — except when it is not.

printer security

As with so many things in the IT world, many scenarios can interrupt this seamless simplicity. The most restrictive of these circumstances is the “zero-trust” setup often found in highly regulated industries like finance, healthcare and legal. Users’ computers are locked down as tightly as possible to avoid data falling into the wrong hands. External ports are shut down to eliminate data being copied to flash drives or malware making its way onto the computer through a compromised accessory. Network traffic is forced through an always-on VPN to reduce the chance of an internet-based attack and to allow monitoring, tracking and blocking of network traffic at the VPN back end in the company’s data center or cloud. The user’s device can only communicate with the applications, data and resources a user needs for their job. Unfortunately, this does not include a printer.

Another increasingly common scenario is an office setup that essentially mimics a user working from home or a coffee shop. While a user’s device might be relatively unlocked compared to the zero-trust setup, it is separated onto a network with no access to internal resources like files or applications — or, ideally, printers. It seems intuitive for applications and data to be inaccessible without a VPN or through a web-based interface that requires two-factor authentication, but doing the same for the printer is less so, and so in some cases the printer is not relegated to a secure network. This becomes a problem when printed data is sensitive either because it is proprietary to the company or contains personal information about clients or customers. Leaving the printer easily accessible on the same network as users’ devices would leave it very vulnerable to malware or other attacks from a compromised user device. But, at the same time, users still need to print. Therefore, a secure, easy way is needed to connect to the printer they are looking to use.

A home office setup is another example where this can be an issue. In this scenario users are allowed, or encouraged, to use a personal device to access their work applications and data through a virtual desktop like Microsoft’s Windows Virtual Desktop, Citrix, VMware or Parallels. Using a personal device simplifies home office setups as it saves on space while enabling workers to use the familiar setups and devices they have in their homes. Most virtual desktops offer extensive protections against keyloggers, hidden screenshots and other attack angles, and data is safely confined to the company cloud. If they need to print, though, users might be left high and dry as the virtual desktop would likely not allow a redirection of the user’s local printer — that would allow print data to be exposed to attacks and leaks from malware that could be on the user’s computer.

As we are steadily working our way toward a recovery from the COVID-19 pandemic it is becoming increasingly clear that many of the new ways to work are here to stay because they are beneficial to workers, organizations and customers. “Hybrid work” is the term the technology community has coined for the fact that we will not simply return to the office, but instead find the most productive combination of employees working in the office, at home, and from anywhere they can connect. Employees and employers alike will benefit from an increased ability to match employee skills to available jobs, (reasonable) flexibility and the ability to balance technological advancements with proven, productive old school ways of doing things that can’t be replaced by a webcam or an app.

As much as our printing habits have changed throughout the stages of digital transformation, printing remains the tangible connection between our digital and physical lives. Printing produces a document with information that can be attached to another physical object. This includes a shipping label being attached to a package, healthcare information that is handed to a patient and readily available to them without an app or device, or a legal document that can be stored for long periods of time without the method to access it becoming obsolete or the storage medium becoming inaccessible.

With all that said, we need an easy, reliable, manageable and secure way to connect users to their printers beyond plugging the printer into a USB port or letting a computer detect it on the network. We need this to work across users’ locations as they go back and forth between offices and home offices. And, we need this to work across users’ devices as they switch between devices best suited for their tasks throughout the day, whether that is different workstations in a hospital or switching between a computer and a mobile device.

The ideal solution is a companywide print solution that can connect to all applications, devices and printers without breaking down security measures rightfully put in place to protect the organization and its data. These solutions can come as an on-premises or private cloud version that is installed and managed by the company, or as a cloud service that leaves the complexities to a trusted, experienced vendor and provides the benefits of a seamless print experience that services customers and employees.

Assuming the solution is set up and configured properly, the on-premises/private cloud version and the cloud service consist of roughly similar components. It includes an application that behaves like a printer driver, but is printer agnostic and not a universal driver. It also provides the user with the available options for the device they intend to print to. On the user’s side, this application establishes a secure, outbound connection to avoid complex, potentially insecure network and firewall connections. It also integrates with the central back end that holds the native printer drivers, processes the user’s print jobs, regulates access to printers and features and keeps track of user activity, as well as accepts the outbound connection coming from a software or hardware connector that publishes the available printers into the solution.

The software connector can be used to instantly connect an existing print infrastructure into the overall print solution by utilizing existing print server configurations. At the same time a hardware device, or hub, is the ideal way to connect home offices, smaller branch offices, affiliated clinics, doctors’ offices, retail stores, warehouses or any place not part of any kind of central print infrastructure or even the company network. All connections are compressed and encrypted to ensure speed as well as security of the solution.
In the initial zero-trust example, this kind of setup allows a printer from a home office to be made available because the printer has its separate connection to the print solution outside the user’s computer. The user’s computer then has access to the print solution via the VPN.

The coffee-shop-like office setup benefits because there is no direct connection required from the user’s device to the printer. The users and their devices connect to the print solution securely encrypted via the internet, while the printers can be accessed directly from the on-premises setup or made available to the cloud service via a connector. And, a home office user shares the same benefits with a hardware connector or hub making the home office printer securely available to the company infrastructure or data and applications as if the home office were a tiny branch office, all while bypassing the user’s personal devices.

Best of all, all of these scenarios share the same basic setup so the solution is adaptable. No matter what the hybrid work experience of the future looks like, users, the company and its data can be protected from increasing security threats.  

+ posts

is president and CEO of ThinPrint, a leading provider of print management software and services for businesses.