White Paper: Secure Printing and Mobile Devices

Transcription

1 White Paper: Secure Printing and Mobile Devices

2 Secure Printing and Mobile Devices 1 Introduction The Importance of IT Security Industry Overview Printing and Mobile Security Solutions Enterprise Printing Access to and Control of Print Services Security During Processing and Transmission Access to the Finished Printout Secure, Centrally Managed Delivery of Centralized IT Services to BYOD/Post-PC Devices Access to Services Security During Processing and Transmission Endpoint Device Security True Support for All Platforms Cortado Corporate Server Product Overview Secure Printing August

3 1 Introduction For the majority of companies, information is their most valued asset. Access to information must be restricted to authorized personnel to avoid it falling into the wrong hands, e.g. competitors or hackers. All company information is proprietary, and any compromise in security will negatively affect the company both in time spent rectifying the situation and could result in a loss due to reduced competitive advantage, nullifying the cost spent compiling this proprietary information. This white paper will outline the importance of such information security and the potential damage that can result through security breaches. Additionally, an industry overview of IT solutions is provided. Finally it is clarified how Cortado leverages mobile devices, existing infrastructure and its own technology to deliver secure printing, mobile device management and mobile corporate access for organizations of any size. 2 The Importance of IT Security On average, companies spend more than $200 per compromised record, and a total of $6.6 million per security breach. When using mobile devices or when a company has branch or remote offices, there is an increased possibility for security breaches. Several basic factors must be taken into account when securing information. The security must actually be secure; it needs to withstand intentional and accidental attempts to hack or break through firewalls or encryption. The security solutions must be manageable, cost effective, available for different platforms and simple enough to use so that it will be accepted by a general employee. Consequences of security breaches range from slight security breakdowns to severe information loss. According to a 2009 survey by CNET 1, a company spends on average $6.6 million overall and more than $200 per compromised record when security is breached. Most of the cost is due to lost business. The result is that IT and management spends valuable resources to solve these security issues. Security breaches range from information falling into the wrong hands, such as printouts and hard copies going to the wrong recipient, to the company losing data and intellectual property. 1 Mills, Elinor. Data Breaches costs $6.6 million on average, survey finds. CNET Feb < Secure Printing August

4 For example, in 2011, Sony s PlayStation 1 network was hacked. The network allows online play between consoles, and due to the hack, the network was taken offline, affecting 70 million users. Additionally, hackers could have stolen a user s personal data and credit card numbers 2. In , MasterCard, PayPal, and Visa were hacked in a string of internet attacks. Most companies likely do not publish security breaches if they just affect internal business; only publishing security reports when consumers are affected. Therefore, it is difficult to pinpoint the number of companies affected and the amount of personal or corporate information that is compromised each year. 3 Industry Overview Security must always be an end-to-end solution. In today s post-pc world, most security-relevant processes begin at the core of a company s private cloud, the data center. Cortado s technologies offer added and increased security for two of the most important areas of a company s operation: 1) Enterprise printing 2) Secure, centrally managed delivery of centralized IT services to BYOD / post-pc devices 1. Enterprise Printing In today s world of increasingly centralized IT, most notably virtual desktop environments and centralized systems such as CRM or ERP, printing should also be a centralized IT function that is securely delivered to the user. In everyday business, printing remains one of the most critical functions. However, printing and print security is often overlooked. With companies increasingly under pressure to follow government regulations, generally increased scrutiny over privacy issues and the inherent desire to keep costs low, it is important to thoroughly analyze printing. 1 Thomas, Keir. Sony Makes it Official: PlayStation Network Hacked. PCWorld Feb < 2 Kuchera, Ben. PlayStation Network hacked, data stolen: how badly is Sony hurt? ars technical Feb < 3 CNN Wire Staff. Pro-WikiLeaks hackers change target to PayPal. CNN Feb < Secure Printing August

5 2. Secure, centrally managed delivery of centralized IT services to BYOD / post-pc devices: Currently, consumerization and here-to-stay trends such as Bring Your Own Computer/ Bring Your Own Device signal the beginning of the post-pc era. These trends require a different approach by IT professionals to provide users with access to corporate information and comprehensive secure device management. As a result, companies need to meet user demand and provide employees with secure access from any type of device. The challenge is for IT to design a secure environment where users can integrate any type of device using remote access. Using post-pc devices, such as smartphones and tablets, requires a radically new approach to security and remote access. Container-based security solutions whether it s a closed off app on the device or a virtual, locked down Windows Desktop are not the answer. What is needed is a secure, centrally-managed cloud desktop solution to mobilize IT and utilize the local intelligence of the user s device. 4 Printing and Mobile Security Solutions Regardless of set-up, printer or location, ThinPrint products guarantee secure printing environments. Cortado s ThinPrint products provide companies with a secure printing environment, regardless of the set-up, printer or user location. ThinPrint management products include various software solutions to increase security. The ThinPrint Engine provides print data encryption for the secure delivery of print jobs for application servers. Thin- Print Tracking Service collects printing activity data for analysis. Printer Dashboard is a free solution that offers printer monitoring. Personal Printing is a secure Follow Me printing solution. Cortado s cloud printing solutions provide manageable, scalable and secure printing and are suitable for companies of all sizes, from traditional networks up to distributed, highly complex IT environments. Thanks to central print management, the printing cloud is kept under control. Print security is guaranteed by SSL-encryption of print jobs and authentication at the printer. Cortado Corporate Server, the complete cloud desktop solution for businesses, integrates mobile devices such as tablets and smartphones into actual workflows. Users then have secured and convenient access to the services provided by IT infrastructure such as files, databases, printers, web apps, and authentication. Secure Printing August

6 Cortado Corporate Server is not limited solely to the management of devices, users, and applications; instead, it provides a complete solution for secure and seamless integration of tablets, smartphones and notebooks into corporate IT. The solution covers the entire lifecycle of mobile devices from setup to management, monitoring and reporting, to support and blocking. 4.1 Enterprise Printing Print security can be divided into three major categories: 1) Access to and control of print services 2) Security during processing and transmission 3) Access to the finished printout Access to and Control of Print Services With its centralized print architecture, ThinPrint solutions not only deliver print optimization to the entire enterprise but also control and track printer usage. ThinPrint features such as Dynamic Printer Matrix and Map Additional Printers ensure that users automatically receive the correct printers when logging on to their device. When using session-based desktops such as Citrix XenApp, XenDesktop, Microsoft Remote Desktop Services or VMware View, printers are also reassigned at every reconnect ensuring that, for example, doctors always have the closest printer mapped automatically as they move throughout a hospital. This greatly reduces the risk of users choosing an incorrect printer when selecting printers manually or accidentally printing to the wrong printer because they did not change their printer after changing workstations. Errors in printer mapping would leave potentially confidential printouts accessible to anyone, resulting in auditing and governance concerns. The ThinPrint Tracking Service ensures that all user activity for printing is tracked and auditable. Recorded data includes anything from the user name, date and time, the printer the job was sent to and even the document name. The addition of the Personal Printing Server further secures the print environment but restricts use of printers only to authorized personnel with registered badges or mobile devices that are used to release the print job right at the printer. Printer Dashboard can be used to monitor printers present in the environment. This helps locating unauthorized printers that have been installed outside of corporate control, for example, to circumvent printers secured with Personal Printing. Secure Printing August

7 Attempts to modify unencrypted print data can come from both within and outside the organization Security During Processing and Transmission ThinPrint can send print jobs over networks with 128-bit encryption, which ensures that even highly sensitive documents are completely safe from unauthorized access when printing via WAN connections. The software allows for an end-to-end encryption right up until the print stage, regardless of which printer models are used. Unencrypted print data can be easily captured and used to reveal the content of the print job. The data could then be modified and resent, for example, to manipulate checks or other personal data. This is not only a problem when sending print data over WAN connections but also leaves data vulnerable to attacks from within the organization Access to the Finished Printout Thanks to ThinPrint s extremely reliable methods of assigning printers to users, it is ensured that users always have the right printer available. This avoids unauthorized access to printouts that can occur when documents are sent to the wrong printer that is not within reach of the user leaving those printouts available for anyone with physical access to that wrong printer. Personal Printing combines user authentication at printers and SSL-encryption of print data to fully protect sensitive information. When using more cost-effective shared printers rather than local printers, printing sensitive data becomes a significant risk. With Personal Printing, Cortado s pull-printing solution, companies are able to print more securely and remain flexible at all times. Printing only begins once a user has initiated the printout at the printer through various authentication methods. This can be done at any printer within an organization to avoid sensitive documents falling into the wrong hands, further securing the print environment. Confidential data is protected from third party access thanks to user authentication at the printer. In addition, SSL-encryption of print data transmitted from the Personal Printing server to the client, protects sensitive information when it is transmitted over the network. The integrated Tracking Service provides a company with comprehensive information that can be used to analyze printing services usage. The information recorded is stored in an SQL database. Since this information includes details such as the document name and the printer used, it can be used to hold users responsible in case of a security breach. A welcomed addition to the software is the capability to use the ThinPrint Report Engine to easily analyze printing patterns and costs for individual employees, departments or entire branches using a graphical interface. This provides valuable information to assist with the efficient distribution of printing hardware and the ability to identify cost savings potential. Secure Printing August

8 Additional security options around printing include Cortado Instant Printer which adds useful features for users more concerned with locking down devices rather than restricting printing. When an employee uses a notebook with limited user rights, it is usually not possible to install additional applications. The problem occurs when a user needs to print and is unable to do so since printer drivers cannot be installed. Cortado s Instant Printer allows companies to keep limited users rights and still print since no printer drivers need to be installed, thereby keeping the devices secure. Users can print to any printer located in a Wi-Fi network, regardless of their location. Cortado Corporate Server offers the possibility to ensure security in the post-pc era through advanced mobile device management, secure cloud desktop features and full security and control options for IT professionals. 4.2 Secure, Centrally Managed Delivery of Centralized IT Services to BYOD/Post-PC Devices IT services security in the post-pc era can mainly be divided into four major categories: 1) Access to the services 2) Security during processing and transmission 3) Endpoint device security 4) True support for all platforms Access to Services Cortado is highly compatibility with associated applications and tracking systems since all actions are performed in a user context. Cortado fully integrates with the existing Microsoft Active Directory and all user rights are assumed and transferred. Cortado provides additional restrictions to Active Directory users logging in from non- PC devices. Access rights and functions can be further restricted for individual users or groups via the Management Console of Cortado Corporate Server. The solution provides a single point of access for all post-pc devices, making them easy to manage and monitor, while tracking user activities. It is important to make sure that password policies are in place and enforced for both the Active Directory passwords as well as for the devices connecting to Cortado Corporate Server. All major mobile device platforms already support password policies via Secure Printing August

9 Microsoft ActiveSync and Exchange. Employees can also control security features on their own from the User Self Service Portal, such as changing the password, remote wipe, and remote lock as well as locating the device. Additionally, devices access to the server should be secured by issuing certificates to ensure that only devices with valid certificates issued by the company can connect to a company server. Cortado s certificates ensure only authorized devices can connect to the server Security During Processing and Transmission Cortado provides security during processing and transmission through various methods. When using Android or ios, data is transmitted over a secure SSL-encrypted connection. Additionally, the BlackBerry Enterprise Server provides security via the MDS channel. Cortado s certificates ensure only authorized devices can connect to the server. Additional security is provided by a 2-factor encryption by combining a VPN with the already secure connection and Active Directory integration provided by Cortado Corporate Server. Additionally, Cortado only requires communication over port 443, with no additional ports required. Feature ios Android BlackBerry HTML5 Accessing the corporate network, including files and data Yes Yes Yes Yes Managing files Organize your folders and files with Cut, Copy, Yes Yes Yes Yes Paste, Rename, Delete, etc. Open In Load documents into other applications to view or edit Yes Yes Yes No Preview - View documents quickly without length downloads Yes Yes Yes Yes Printing - Print documents, s, websites, calendar entries, Yes Yes Yes Yes memos, and more Faxing Fax documents via the corporate fax server Yes Yes Yes Yes Sending as Directly send files stored on the corporate Yes Yes Yes Yes network without downloading first Scan-to-PDF / Scan & Copy Scan contracts, memos, white Yes Yes Yes No boards, etc with your mobile device s camera Encryption of local documents encrypt files stored locally on the ios device to prevent unauthorized access Yes No No No Endpoint Device Security Cortado provides endpoint device security for all mobile devices. This third step completes the security chain that began at the server and prevents unauthorized access to corporate information and services from or on the device. The solution encrypts the content on the device. For password security, Cortado uses secure password policies provided via ActiveSync or Active Directory. Additionally, a company can restrict locally storing a password. For ios devices, Cortado provides full local encryption with Secure Printing August

10 ios 4 or later and 256-bit AES encryption. Data storage on the mobile device is kept to a minimum thanks to centralized data storage on the server. In addition, Active Directory authentication secures access to the application and provides access to Cortado s services. Cortado s mobile device management encrypts device content, and requires minimum password strength True Support for All Platforms Cortado Corporate Server works across any platform (Android, ios, BlackBerry, HTML5, PC & Mac), including environments with combined platforms. In environments with ios, Android or BlackBerry Internet Server (BIS) the mobile devices connect directly to Cortado Corporate Server. Any and all communication between the devices and the Corporate Server is via a secure SSL-connection. In environments with BlackBerry Enterprise Servers (BES) with devices connected through the BES, Cortado Corporate Server stays behind the BES firewall as does the mail server. Communication between the client and the Corporate Server is over a secure MDS channel. Results Count 7 examples of what customers can achieve with Cortado s cloud desktop: 7.5% more sales 80% less data loss 1 hour of more productive working time per mobile employee each week 2 days faster invoicing 20% improved teamwork 10% faster projects 30% less back office tasks 4.3 Cortado Corporate Server Product Overview Unlike other options available, Cortado s cloud desktop services allow companies to avoid the limited secure container approach, which does not allow native access to corporate information and services from the device or the use of native applications to work with corporate information, imposing on the flexibility of how the device is used by individual employees. This limiting approach forces business users to access their files using cloud services or other file transport options which cannot be controlled by IT departments. With Cortado, these workarounds are unnecessary, putting control and management of devices back into the hands of IT administrators. By centrally controlling all data via Cortado Corporate Server, the key security issue associated with the post-pc era Secure Printing August

11 Cortado Corporate Server Addresses Important Areas of Security is resolved. Cortado Corporate Server offers faster processes, less demand on data center resources by using the local resources of the used devices, and delivers a centralized, private cloud IT infrastructure with print services, databases, file and fax server access to any device. With these improved functionalities, users are left feeling in control, while companies remain in the driving seat when it comes to managing devices used with corporate information and services. Mobile device management with Cortado Corporate Server is based on Microsoft ActiveSync, Apple Push, and Cortado s own MDM services. Together these provide an abundance of management functions that, thanks to adaptive MDM, is used to the best extent possible with each device according to its requirements and the environment. Administrators can use Cortado Corporate Server to both manage and roll out company-owned applications as well as to recommend apps from the public app stores. Linking to applications on the intranet, like CRM or time-tracking systems, can also be easily set up. All these resources are accessible to the user online via the Enterprise Resource Store. The web-based Management Console is easy-to-use for administrators and quickly accessible over the internet. The intuitive user interface leverages the latest HTML5 standards and is optimized for PCs and tablets. Supporting mobile employees who rely on fast assistance outside of business hours could not be easier. Cortado s solution provides a secure, centrally manageable platform to connect users and their devices with corporate resources. Thanks to enhanced security, there are reduced security risks. For example, with Cortado, users can leave laptops behind and also avoid storing documents on their smartphone, significantly reducing the risk of loss and security breaches. Cortado s software fully integrates into the devices, Cortado reduces the risk of data loss with a more cost effective solution, offering a superior user experience. This white paper, as well as many others on current IT topics can be downloaded at / whitepaper Do you have any questions? The Cortado Team will be glad to help you. Call us at or simply send an to info@team.cortado.com. A toll-free number is available for customers anywhere within the United States: , Mon Fri from 9 a.m (EST) to 4 p.m. (PST). Secure Printing August

12 Headquarters Cortado AG Alt-Moabit 91a/b Berlin, Germany Phone: +49 (0) Fax: +49 (0) Cortado Pty Ltd. Level 20, The Zenith Centre, Tower A, 821 Pacific Highway Chatswood, NSW 2067, Australia Phone: +61-(0) Australia USA (Colorado) Cortado, Inc Grandview Avenue, Suite 200 Denver, CO 80002, USA Phone: Fax: Cortado Japan 20th Floor, Marunouchi Trust Tower Main, Marunouchi Chiyoda-ku, Tokyo Phone: +81-(0) Fax: +81-(0) Japan A Brand of Names and trademarks are names and trademarks of the respective manufacturer.