Ask the Expert: Are My Printers Really a Source of Security? Or Just Another Point of Vulnerability?

Enterprise printing expert Mike Millman sets the record straight about what companies can and should be doing to protect their data and people every time they plug in a new printer.

A security lock inside a circle
by Your Edge Blog Team
October 30, 2019

Earlier this year, Mike Millman wrote a post here on Your Edge talking about how printers can be a source of safety and security in warehouses. To say it stirred up debate would be an understatement.

With everything from coffee makers to cars now vulnerable to hacks, many wonder how a printer – whose main output is sensitive data – could be safe from security threats, much less a security solution.  So, we invited Mike to clarify printers’ role in protecting both people and data, at least from a business perspective.

Your Edge Blog Team: Last year, Security Today published an article with an eye-catching headline: “There is No Such Thing as Printer Security and Privacy.” They even went so far as to say that “when in doubt, pen and paper is best.” What is your reaction to those statements?

Mike: Based on VDC Research reports and our own market research, there are an estimated 25 million desktop, tabletop and mobile printers installed in workplaces today across the globe. These include hospitals, factories, grocery stores, warehouses and even field service environments where people are coming and going all the time. How many times have you seen papers lying around, perhaps with inventory, pricing, personnel or customer information? It happens all the time.

As does this common scenario: a worker prints something that contains sensitive data on a printer accessible by everyone in the office or warehouse and then takes a few minutes to retrieve those papers. Perhaps the boss stopped that worker on the way to the printer to chat. Or the person is submitting multiple print jobs at once, meaning he or she is still sitting at a desk initiating those requests while the papers chock full of sensitive data are sitting in the printer tray. All the while, anyone within those four walls could walk up and take those pages off the printer. (Unless you have a third party assigned to printer overwatch, verifying who is taking what off the printer. Which is unlikely. Or you do what we do here at Zebra: require employees to scan their badge at any printer to retrieve and print files.) But, let’s assume that you don’t and that the papers were grabbed on accident – what do most people do when they realize such a mistake? Do they put them back on the printer? Try to track down the person that printed them? Or discard them in an open trash bin without giving due attention to their sensitive nature and special disposal requirements?

The point is that it’s hard to predict, much less completely control, how people are going to handle printed sources of sensitive information, whether it was a piece of paper, an ID or credit card, an RFID label or a patient ID wristband. Even if you implement strict policies governing workers’ retrieval and handling of printed assets, it’s probably unfair to assume that those processes will be followed with 100 percent precision all day every day. We’re only human after all, and there are a million different ways that hardcopy information can fall into the wrong hands. (Isn’t that why we were so eager to digitalize everything? To try to gain better control over data access and security?) Needless to say, I certainly don’t agree with those who say we should ditch printers and revert to handwriting everything.

Your Edge Blog Team: So, instead of dismissing printers in the digital age, you’re suggesting that we should be embracing their value.

Mike: One hundred percent. Printers don’t just print paper. They print the RFID tags that are used to track valuable assets as they move across each supply chain touchpoint. They print the wristbands that verify patients’ identity in hospitals and improve their quality of care. They print the barcoded labels that are critical to inventory management and loss prevention – and the shipping labels that improve accountability and traceability as packages speed from a warehouse shelf to your front door. They print access cards, ID cards, credit cards and many other tangible valuables that we need in the modern world to live, work and play.

In fact, as I stressed in my previous blog on warehouse security and safety, I actually view printers as security assets, in a way, for many of the same reasons I noted above.

Your Edge Blog Team: But, couldn’t one argue that printers are a point of vulnerability from a cybersecurity perspective, just as any other network-connected device could be a point of vulnerability? Is this a double-edged sword of sorts? Printers could be a security asset, but also a security risk?

Mike: Organizations and confidential data are susceptible to countless points of vulnerability. All we can do is make a concerted effort to identify them and take measured steps to mitigate them. Sometimes that means introducing new policies and procedures and making sure we have a way to enforce them. But, more often than not, the focus is on the cybersecurity climate. Learning from the past, carefully assessing current threats and doing our best to anticipate and protect against new tactics that someone might use to breach a network broadly or target specific devices.

Your Edge Blog Team: So, minimizing the number of data security threats that originate from the printing technology itself, as a connected device?

Mike: Exactly. As the number and severity of data breaches increases, businesses should not have to worry about security when adding a device or solution to their networks.  Every device they connect – whether in a wired or wireless fashion – should have mechanisms built in to help prevent, detect and fortify against cyberattacks such as a data breach or denial of service. Printers are certainly no exception. Since they are capable of transmitting sensitive data across a network that, if not secure, could be accessible to unauthorized parties, printers could be a cyber target. That is why it is so critical to assign security controls to printers specifically.

Your Edge Blog Team: Does Zebra integrate such safeguards into its printers?

Mike: Zebra is committed to combating threats by developing smart, configurable devices, solutions and services that allow businesses to balance operational and security objectives in real time. That includes printers. In fact, over the last 12-24 months, I’m proud to say that we’ve made great strides in delivering solutions that help to reduce printer-related vulnerabilities.

Your Edge Blog Team: Can you elaborate?

Mike: Take our PrintSecure solution, which was first introduced in October 2018. It’s only been on the market 12 months and we’re already adding several new features that make it easier for our customers to configure their Zebra printers to use secure connections, block unwanted access and ensure that data and infrastructure are protected.

For example, we’ve just rolled out a new printer security assessment tool that enables our enterprise customers to analyze thermal printer best practices and security settings. We’ve also added a protected setting mode to ensure that only authenticated changes can be made to 150 different settings, allowing users to block unintended printer software updates.

Your Edge Blog Team: Can all companies access these PrintSecure features? Or is the offering exclusive to Zebra customers?

Mike: Well, PrintSecure is enabled by Zebra’s Link-OS® enterprise printer operating system and Print DNA suite of applications, utilities and development tools. So, companies would need to have a Zebra Link-OS-enabled printer first. But, once they do, these features are available for free via the Link-OS v6 download.

Customers can also add on the Printer Profile Manager Enterprise (PPME) for Wi-Fi® certificate management capabilities. In fact, we just released a new version of PPME that automates certificate management to reduce the time spent by our customers’ IT staff updating WLAN security certifications. This feature is not free, but it’s certainly worth the investment.

Your Edge Blog Team: Security threats are constantly changing. How does Zebra monitor those? Are the Link-OS and PrintSecure solutions agile enough to respond?

Mike: Zebra actually has a Security Steering Committee and Threat and Vulnerability Management program which proactively monitor and evaluate potential security vulnerabilities on an ongoing basis. We also have incident response procedures in place to ensure rapid and effective response to mitigate reported vulnerabilities. We’ll push Link-OS software updates as needed, and we provide free firmware downloads of Link-OS to customers using our Link-OS-enabled printers. All of these actions are communicated through our channel partners and on our website. We also update our PrintSecure features regularly.

Plus, the new Printer Profile Manager Enterprise version we introduced this month enables customers’ IT staff to maintain the most up-to-date security on Zebra printers, making it easy to remotely manage, troubleshoot and configure fleets of printers from a single location.

Your Edge Blog Team: Do you have any advice for customers who are concerned about their printer being a point of vulnerability? What can they do to secure their networked printers, especially if they don’t have a Link-OS-enabled printer?

Mike: First off, make sure that any printer you select, especially one that claims to be a secure printing solution, was developed in alignment with the guidelines and best practices established by globally recognized security organizations, including ISO and the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

You should also refer to the Printer Administration guide frequently. Most look at it during the printer configuration process and then never look at it again. However, it can be an invaluable resource for understanding and applying the proper security-related settings on the printer as well as best practices for printer security. And, though it may be the printer manufacturer’s responsibility to install certain cybersecurity tools, it’s really up to the customer – or the customer’s IT administrator – to ensure those tools are being fully utilized. As I mentioned in the beginning, the cybersecurity climate is unstable. New threats are emerging every day, and you have to adjust for those just as you would adjust your other network settings on occasion.

Your Edge Blog Team: Where can customers find Zebra’s Printer Administration guides? Are they online somewhere?

Mike: The Zebra PrintSecure Printer Administration guide and configuration files are available on the PrintSecure webpage on the Zebra website. However, I highly recommend that customers with Link-OS printers also use the Printer Setup Utility-Security Assessment Wizard available to them via free download to assess whether or not they’re following best practices for securing their printers and receive recommended setting changes.  

###

Editor’s Note: Need help assessing vulnerabilities with your current printing system? Want to upgrade to a more secure printing solution? Or learn more how you can leverage your printer as a security asset? Contact us here or leave us a comment below.

You can also learn more about Zebra’s secure printing solutions on our website: PrintSecure and Printer Profile Manager Enterprise.

null
Your Edge Blog Team
We want to hear from you! Submit your comments, questions and topic ideas to blog@zebra.com.




















































    A Time to Celebrate!

  • by: Your Edge Blog Team
  • July 30, 2019
  • Meet Some of the Zebras (and Zebra Technology Solutions) That Have Been Honored in the First Half of 2019 for Their Exceptional Contributions to Global Industries and Communities