The Datamax Thinking Blog

Educating, collaborating, and sparking ideas for maximizing the technology that matters.

Don't Neglect Print Environment When Deploying Zero Trust


What happens when Zero Trust encounters your print environment?  How do you avoid compromising an otherwise locked-down IT architecture? How do you retain the ability to print as needed? 

Trust is a difficult thing to come by anymore when it comes to cybersecurity measures. 

In their "Zero Trust Segmentation for Dummies" guide, Illumio reports that 76% of organizations experienced a ransomware attack in the last 2 years alone. Enter Zero Trust Security Environments. But what happens when Zero Trust encounters your print environment?  How do you avoid compromising an otherwise locked-down IT environment? How do you retain the ability to print as needed?

Zero Trust is simply a concept.

Not a turn-key solution. In short, relying on traditional “perimeter” network security (Firewalls, etc.) is not sufficient with the advent of digital transformation and hybrid cloud infrastructure. Zero trust is not a specific infrastructure or software. It's not plug-and-play.  It’s simply a concept that assumes that no user, device, or service can be trusted without necessary approvals.

The National Institute of Standards and Technology (NIST) defines zero-trust as “an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.”

Zero Trust employs specific principles.

Microsoft has defined its own guidelines for this.

Since there is no universal definition of Zero Trust, organizations can interpret the term as they see fit. This leads to a wide variety of benchmarks because not all organizations give the same priority to data security. Following market and industry leaders, such as Microsoft and Google™, on their Zero Trust journey empowers organizations to build their own guidelines. Here they are, briefly:

1. Verify explicitly

Always authenticate and authorize based on all available data points.

2. Use least privileged access

Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.

3. Assume breach

Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.

Your print environment should not go untouched.

Is your IT department considering print activity with regards to Zero Trust implementation? 

A printer is not often the first thing people think of when they discuss security, but it’s a necessary conversation because printers hold a ton of sensitive data and also transform digital files into physical ones.   Traditionally inside most offices, PCs and printers are typically all on the same network or split into different virtual networks (VLANs) with a print server bridging the gap. However, in a Zero Trust model, as part of the 'assume breach' principle, the 'blast radius' of a potential breach is reduced by isolating each network endpoint as much as possible from all other network points.

This can also mean that internet access is only available from the internal network, i.e., no other communication routes are allowed. Should one PC become infected or compromised, it cannot spread because it cannot 'talk' to anyone else.

With a full Zero Trust micro-segmented network, companies are not only securing their business-critical data, but they are also able to remove their local on-premise infrastructure to free capital bound in server hardware, maintenance, and IT services.

How do you apply Zero Trust to your Print Environment?

A Print Management solution like uniFLOW allows you to adopt industry-leading principles to your print environment. uniFLOW Online, a cloud-based printing, scanning and accounting solution, offers user functionality and flexibility; meanwhile, administrators maintain central control within a print and scan environment ... no matter the size.

Due to the entity’s close collaboration with Microsoft, uniFLOW Online being hosted within the Microsoft Azure cloud, the Zero Trust principles of uniFLOW Online were developed using the same principles we shared from Microsoft above.

1. Verify explicitly

All users connect to uniFLOW Online using their existing login credentials such as Azure AD, Google Workspace ™ or OKTA. This includes full support for multi-factor authentication and other policies defined by the IT department.

2. Use least privileged access

Multiple levels of privileged access are available so different users can only access the parts of uniFLOW Online applicable to their role e.g. maintenance staff have no insight into user data, neither do budget managers have access to the rest of the system.

3. Assume breach

All communications and the print path can be made via the internet. No lateral connections between PCs and printers are required on the internal network. All communication and print traffic is encrypted.

What are the benefits of Zero Trust + uniFLOW Online?

A Print Management engagement such as uniFLOW Online allows administrators to gain control over their environment. With print devices to the software, allow access only to privileged users, based on defined rules and abiding by Zero Trust guidelines. Furthermore, isolate every device to ensure network security is not compromised. With cloud-based uniFLOW Online, you remove all local print servers (without comprising security), with no capital tied to server hardware and maintenance.

Essentially, the only thing the printer needs is a power supply and an Internet connection.

Are you considering or implementing a Zero Trust environment? Got questions about that process and/or how it relates to print? We'd love to visit. Click to schedule your meeting with a Datamax Technology Specialist!

Visit With a Datamax Technology Specialist ›


Topics: Office Equipment Network Management Document Security Network Security Secure Printing