Secure Printer… or Secured Print?

(Update of post from October 19, 2018)

In my February 5th 2020 Blog post, I talked about several aspects of document encryption – with emphasis on how this technology relates to governmental regulation and information security. While that article primarily dealt with encryption in the context of electronic document archiving, the same issues still apply to hardcopy documents. So this week, I'm revisiting one of my earlier posts to highlight various risk factors related to print.

The topic of data security has been in the news a lot, thanks to the introduction of the General Data Protection Regulation (GDPR). This EU mandate has had a far-reaching effect well beyond the borders of Europe, and it follows in the footsteps of regulations like the Healthcare Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act in the United States. What all these laws have in common is that they require anyone who handles data to take proactive measures to prevent information access by unauthorized parties.

These rules apply to countless kinds of information in a variety of forms. When it comes to documents, printing security (and confidential printing in general) is critical. But what is secure print? And what should you expect from a secure printing solution?

Threat Vectors and Print Protection

Much has been written about data protection and the information life cycle. Often, the focus has been on safeguarding databases and limiting network access – and rightfully so. But assuming you’ve got good network security with robust user authentication, what additional risks do you need to look out for?

You should think about all aspects of print security — beginning from the moment a document is created (which starts well before printers get involved). Generally, some business application takes information from your database and processes that information to create a more meaningful format called a document. This could be a customer invoice, a shipping manifest, a barcode wristband, or other business artifact. Whatever it is, if it contains personally identifiable data, then it needs to be transmitted in an encrypted fashion to prevent the information from being intercepted during the print capture process. Protecting data in motion during the print capture process is a necessary, but not sufficient, step in regulatory compliance.

Once the print capture process is complete, a document is very vulnerable. By their very nature, documents are designed to distill a lot of information into a form that anyone can easily understand… including people with bad intentions. Documents may reside on a print server or output management system while waiting to be sent to a printer, MFP, report archival system, or other destination. And while this data is at rest on a spool or in a print queue, it needs to be protected by limiting access to the document spools/queues or by encrypting the documents themselves. Ideally, the document contents would remain encrypted until just before the authorized end user retrieved the printed pages.

The next step in printing security is to protect the link between the output management system and the intended print device. Again, encrypting this connection can prevent the information-rich pages from being intercepted with tools like this before being redirected, falsified, or worse.

The final hurdle

Okay. You’ve put measures in place to encrypt and block digital access to documents all the way from document creation to final transmission to the printer. So, mission accomplished, right?

Not so fast. There’s one last step – the printed page. If your systems allow users to click “print” and directly send documents to an unattended target device, then you are putting sensitive data at risk. You may also be violating one or more data protection regulations. Because if the document arrives in the printer output tray before the user arrives at the printer, then anyone else walking by could access that sensitive protected data. Instant compliance violation.

A comprehensive secure printing solution includes a pull printing component to ensure that documents only print when the intended recipient is physically present at the device. Print jobs are held in a secure print queue until the user authenticates his or her identity by tapping a proximity badge, entering a PIN code, or otherwise verifying proper identification.

When implementing a secure printing solution, make sure you’ve protected your print data at every step of the process — during print capture; while data moves across the network; while at rest on a server; and at the moment of print. With confidential printing measures like these in place, you will do more than improve printing security in your enterprise. You will be avoiding costly penalties for regulatory non-compliance while protecting your organization and customers alike.