White Paper:
Secure Printing
and Mobile Devices
White Paper:
Secure Printing
Secure Printing and Mobile Devices
1 Introduction ... 3
2 The Importance of IT Security ... 3
3 Industry Overview ... 4
4 Printing and Mobile Security Solutions ... 5
4.1 Enterprise Printing ... 6
4.1.1 Access to and Control of Print Services ... 6
4.1.2 Security During Processing and Transmission ... 7
4.1.3 Access to the Finished Printout ... 7
4.2 Secure, Centrally Managed Delivery of Centralized IT Services to BYOD/Post-PC Devices ... 8
4.2.1 Access to Services ... 8
4.2.2 Security During Processing and Transmission ... 9
4.2.3 Endpoint Device Security ... 9
4.2.4 True Support for All Platforms ... 10
1 Introduction
For the majority of companies, information is their most valued asset. Access to in-formation must be restricted to authorized personnel to avoid it falling into the wrong hands, e.g. competitors or hackers. All company information is proprietary, and any compromise in security will negatively affect the company both in time spent rectifying the situation and could result in a loss due to reduced competitive advantage, nullify-ing the cost spent compilnullify-ing this proprietary information.
This white paper will outline the importance of such information security and the potential damage that can result through security breaches. Additionally, an industry overview of IT solutions is provided. Finally it is clarified how Cortado leverages mo-bile devices, existing infrastructure and its own technology to deliver secure printing, mobile device management and mobile corporate access for organizations of any size.
2 The Importance of IT Security
When using mobile devices or when a company has branch or remote offices, there is an increased possibility for security breaches. Several basic factors must be taken into account when securing information. The security must actually be secure; it needs to withstand intentional and accidental attempts to hack or break through firewalls or encryption. The security solutions must be manageable, cost effective, available for different platforms and simple enough to use so that it will be accepted by a general employee.
Consequences of security breaches range from slight security breakdowns to severe information loss. According to a 2009 survey by CNET1, a company spends on
aver-age $6.6 million overall and more than $200 per compromised record when security is breached. Most of the cost is due to lost business. The result is that IT and man-agement spends valuable resources to solve these security issues. Security breaches range from information falling into the wrong hands, such as printouts and hard copies going to the wrong recipient, to the company losing data and intellectual property.
1 Mills, Elinor. “Data Breaches costs $6.6 million on average, survey finds.” CNET. 2009. 20 Feb. 2012 <http://news.cnet.com/8301-1009_3-10153858-83.html>
On average, compa-nies spend more than $200 per compromised record, and a total of $6.6 million per security breach.
For example, in 2011, Sony’s PlayStation1 network was hacked. The network allows
online play between consoles, and due to the hack, the network was taken offline, affecting 70 million users. Additionally, hackers could have stolen a user’s personal data and credit card numbers2. In 20103, MasterCard, PayPal, and Visa were hacked
in a string of internet attacks. Most companies likely do not publish security breaches if they just affect internal business; only publishing security reports when consumers are affected. Therefore, it is difficult to pinpoint the number of companies affected and the amount of personal or corporate information that is compromised each year.
3 Industry Overview
Security must always be an end-to-end solution. In today’s post-PC world, most secu-rity-relevant processes begin at the core of a company’s private cloud, the data center. Cortado’s technologies offer added and increased security for two of the most important areas of a company’s operation:
1) Enterprise printing
2) Secure, centrally managed delivery of centralized IT services to BYOD / post-PC devices
1. Enterprise Printing
In today’s world of increasingly centralized IT, most notably virtual desktop environ-ments and centralized systems such as CRM or ERP, printing should also be a central-ized IT function that is securely delivered to the user.
In everyday business, printing remains one of the most critical functions. However, printing and print security is often overlooked. With companies increasingly under pressure to follow government regulations, generally increased scrutiny over privacy issues and the inherent desire to keep costs low, it is important to thoroughly analyze printing.
1 Thomas, Keir. “Sony Makes it Official: PlayStation Network Hacked.” PCWorld. 2011. 20 Feb. 2012 <http://www.pcworld.com/article/226128/sony_makes_it_official_playstation_network_hacked.html>
2 Kuchera, Ben. “PlayStation Network hacked, data stolen: how badly is Sony hurt?” ars technical. 2011. 20 Feb. 2012 <http://arstechnica.com/gaming/news/2011/04/sonys-black-eye-is-a-pr-problem-not-a-legal-one.ars>
3 CNN Wire Staff. “Pro-WikiLeaks hackers change target to PayPal.” CNN. 2010. 20 Feb. 2012
2. Secure, centrally managed delivery of centralized IT services to BYOD / post-PC devices:
Currently, consumerization and here-to-stay trends such as Bring Your Own Computer/ Bring Your Own Device signal the beginning of the post-PC era. These trends require a different approach by IT professionals to provide users with access to corporate information and comprehensive secure device management. As a result, companies need to meet user demand and provide employees with secure access from any type of device. The challenge is for IT to design a secure environment where users can integrate any type of device using remote access.
Using post-PC devices, such as smartphones and tablets, requires a radically new ap-proach to security and remote access. Container-based security solutions – whether it’s a closed off app on the device or a virtual, locked down Windows Desktop – are not the answer. What is needed is a secure, centrally-managed cloud desktop solution to mobilize IT and utilize the local intelligence of the user’s device.
4 Printing and Mobile Security Solutions
Cortado’s ThinPrint products provide companies with a secure printing environment, regardless of the set-up, printer or user location. ThinPrint management products include various software solutions to increase security. The ThinPrint Engine provides print data encryption for the secure delivery of print jobs for application servers. Thin-Print Tracking Service collects printing activity data for analysis. Thin-Printer Dashboard is a free solution that offers printer monitoring. Personal Printing is a secure Follow Me printing solution.
Cortado’s cloud printing solutions provide manageable, scalable and secure printing and are suitable for companies of all sizes, from traditional networks up to distributed, highly complex IT environments. Thanks to central print management, the printing cloud is kept under control. Print security is guaranteed by SSL-encryption of print jobs and authentication at the printer. Cortado Corporate Server, the complete cloud desktop solution for businesses, integrates mobile devices such as tablets and smart-phones into actual workflows. Users then have secured and convenient access to the services provided by IT infrastructure such as files, databases, printers, web apps, and authentication. Regardless of set-up, printer or location, ThinPrint products guarantee secure printing environments.
Cortado Corporate Server is not limited solely to the management of devices, users, and applications; instead, it provides a complete solution for secure and seamless integration of tablets, smartphones and notebooks into corporate IT. The solution cov-ers the entire lifecycle of mobile devices – from setup to management, monitoring and reporting, to support and blocking.
4.1 Enterprise Printing
Print security can be divided into three major categories: 1) Access to and control of print services
2) Security during processing and transmission 3) Access to the finished printout
4.1.1 Access to and Control of Print Services
With its centralized print architecture, ThinPrint solutions not only deliver print opti-mization to the entire enterprise but also control and track printer usage. ThinPrint features such as “Dynamic Printer Matrix” and “Map Additional Printers” ensure that users automatically receive the correct printers when logging on to their device. When using session-based desktops such as Citrix XenApp, XenDesktop, Microsoft Remote Desktop Services or VMware View, printers are also reassigned at every reconnect en-suring that, for example, doctors always have the closest printer mapped automatically as they move throughout a hospital. This greatly reduces the risk of users choosing an incorrect printer when selecting printers manually or accidentally printing to the wrong printer because they did not change their printer after changing workstations. Errors in printer mapping would leave potentially confidential printouts accessible to anyone, resulting in auditing and governance concerns.
The ThinPrint Tracking Service ensures that all user activity for printing is tracked and auditable. Recorded data includes anything from the user name, date and time, the printer the job was sent to and even the document name. The addition of the Personal Printing Server further secures the print environment but restricts use of printers only to authorized personnel with registered badges or mobile devices that are used to release the print job right at the printer.
Printer Dashboard can be used to monitor printers present in the environment. This helps locating unauthorized printers that have been installed outside of corporate con-trol, for example, to circumvent printers secured with Personal Printing.
4.1.2 Security During Processing and Transmission
ThinPrint can send print jobs over networks with 128-bit encryption, which ensures that even highly sensitive documents are completely safe from unauthorized access when printing via WAN connections. The software allows for an end-to-end encryp-tion right up until the print stage, regardless of which printer models are used. Unen-crypted print data can be easily captured and used to reveal the content of the print job. The data could then be modified and resent, for example, to manipulate checks or other personal data. This is not only a problem when sending print data over WAN connections but also leaves data vulnerable to attacks from within the organization.
4.1.3 Access to the Finished Printout
Thanks to ThinPrint’s extremely reliable methods of assigning printers to users, it is ensured that users always have the right printer available. This avoids unauthorized access to printouts that can occur when documents are sent to the wrong printer that is not within reach of the user leaving those printouts available for anyone with physi-cal access to that wrong printer.
When using more cost-effective shared printers rather than local printers, printing sen-sitive data becomes a significant risk. With Personal Printing, Cortado’s pull-printing solution, companies are able to print more securely and remain flexible at all times. Printing only begins once a user has initiated the printout at the printer through vari-ous authentication methods. This can be done at any printer within an organization to avoid sensitive documents falling into the wrong hands, further securing the print environment. Confidential data is protected from third party access thanks to user authentication at the printer. In addition, SSL-encryption of print data transmitted from the Personal Printing server to the client, protects sensitive information when it is transmitted over the network.
The integrated Tracking Service provides a company with comprehensive information that can be used to analyze printing services usage. The information recorded is stored in an SQL database. Since this information includes details such as the document name and the printer used, it can be used to hold users responsible in case of a secu-rity breach. A welcomed addition to the software is the capability to use the ThinPrint Report Engine to easily analyze printing patterns and costs for individual employees, departments or entire branches using a graphical interface. This provides valuable information to assist with the efficient distribution of printing hardware and the ability to identify cost savings potential.
Personal Printing combines user authen-tication at printers and SSL-encryption of print data to fully protect sensitive information. Attempts to modify unencrypted print data can come from both within and outside the organization.
Additional security options around printing include Cortado Instant Printer which adds useful features for users more concerned with locking down devices rather than re-stricting printing. When an employee uses a notebook with limited user rights, it is usually not possible to install additional applications. The problem occurs when a user needs to print and is unable to do so since printer drivers cannot be installed. Cortado’s Instant Printer allows companies to keep limited users rights and still print since no printer drivers need to be installed, thereby keeping the devices secure. Us-ers can print to any printer located in a Wi-Fi network, regardless of their location. Cortado Corporate Server offers the possibility to ensure security in the post-PC era through advanced mobile device management, secure cloud desktop features and full security and control options for IT professionals.
4.2 Secure, Centrally Managed Delivery of Centralized IT Services to BYOD/Post-PC Devices
IT services security in the post-PC era can mainly be divided into four major categories:
1) Access to the services
2) Security during processing and transmission 3) Endpoint device security
4) True support for all platforms
4.2.1 Access to Services
Cortado is highly compatibility with associated applications and tracking systems since all actions are performed in a user context. Cortado fully integrates with the existing Microsoft Active Directory and all user rights are assumed and transferred. Cortado provides additional restrictions to Active Directory users logging in from non-PC devices. Access rights and functions can be further restricted for individual users or groups via the Management Console of Cortado Corporate Server. The solution provides a single point of access for all post-PC devices, making them easy to manage and monitor, while tracking user activities.
It is important to make sure that password policies are in place and enforced for both the Active Directory passwords as well as for the devices connecting to Cortado Cor-porate Server. All major mobile device platforms already support password policies via
Microsoft ActiveSync and Exchange. Employees can also control security features on their own from the User Self Service Portal, such as changing the password, remote wipe, and remote lock as well as locating the device. Additionally, devices’ access to the server should be secured by issuing certificates to ensure that only devices with valid certificates issued by the company can connect to a company server.
4.2.2 Security During Processing and Transmission
Cortado provides security during processing and transmission through various meth-ods. When using Android or iOS, data is transmitted over a secure SSL-encrypted connection. Additionally, the BlackBerry Enterprise Server provides security via the MDS channel. Cortado’s certificates ensure only authorized devices can connect to the server. Additional security is provided by a 2-factor encryption by combining a VPN with the already secure connection and Active Directory integration provided by Cor-tado Corporate Server. Additionally, CorCor-tado only requires communication over port 443, with no additional ports required.
4.2.3 Endpoint Device Security
Cortado provides endpoint device security for all mobile devices. This third step com-pletes the security chain that began at the server and prevents unauthorized access to corporate information and services from or on the device. The solution encrypts the content on the device. For password security, Cortado uses secure password policies provided via ActiveSync or Active Directory. Additionally, a company can restrict lo-cally storing a password. For iOS devices, Cortado provides full local encryption with
Cortado’s certificates ensure only authorized devices can connect to the server.
Feature iOS Android BlackBerry HTML5
Accessing the corporate network, including files and data Yes Yes Yes Yes Managing files – Organize your folders and files with “Cut”, “Copy”,
“Paste”, “Rename”, “Delete”, etc. Yes Yes Yes Yes Open In “…” Load documents into other applications to view or edit Yes Yes Yes No Preview - View documents quickly without length downloads Yes Yes Yes Yes Printing - Print documents, e-mails, websites, calendar entries,
memos, and more Yes Yes Yes Yes Faxing – Fax documents via the corporate fax server Yes Yes Yes Yes Sending as e-mail – Directly send files stored on the corporate
network without downloading first Yes Yes Yes Yes Scan-to-PDF / Scan & Copy – Scan contracts, memos, white
boards, etc… with your mobile device’s camera Yes Yes Yes No Encryption of local documents – encrypt files stored locally on the
iOS 4 or later and 256-bit AES encryption. Data storage on the mobile device is kept to a minimum thanks to centralized data storage on the server. In addition, Active Directory authentication secures access to the application and provides access to Cortado’s services. Cortado’s mobile device management encrypts device content, and requires minimum password strength.
4.2.4 True Support for All Platforms
Cortado Corporate Server works across any platform (Android, iOS, BlackBerry, HTML5, PC & Mac), including environments with combined platforms. In environ-ments with iOS, Android or BlackBerry Internet Server (BIS) the mobile devices con-nect directly to Cortado Corporate Server. Any and all communication between the devices and the Corporate Server is via a secure SSL-connection. In environments with BlackBerry Enterprise Servers (BES) with devices connected through the BES, Cortado Corporate Server stays behind the BES firewall as does the mail server. Com-munication between the client and the Corporate Server is over a secure MDS channel.
4.3 Cortado Corporate Server Product Overview
Unlike other options available, Cortado’s cloud desktop services allow companies to avoid the limited ‘secure container’ approach, which does not allow native access to corporate information and services from the device or the use of native applications to work with corporate information, imposing on the flexibility of how the device is used by individual employees. This limiting approach forces business users to access their files using cloud services or other file transport options which cannot be controlled by IT departments.
With Cortado, these workarounds are unnecessary, putting control and management of devices back into the hands of IT administrators. By centrally controlling all data via Cortado Corporate Server, the key security issue associated with the post-PC era
Results Count – 7 examples of what customers can achieve with Cortado’s cloud desktop:
● 7.5% more sales ● 80% less data loss
● 1 hour of more productive working time per mobile employee each week ● 2 days faster invoicing
● 20% improved teamwork ● 10% faster projects ● 30% less back office tasks
is resolved. Cortado Corporate Server offers faster processes, less demand on data center resources by using the local resources of the used devices, and delivers a centralized, private cloud IT infrastructure with print services, databases, file and fax server access to any device. With these improved functionalities, users are left feeling in control, while companies remain in the driving seat when it comes to managing devices used with corporate information and services. Mobile device management with Cortado Corporate Server is based on Microsoft ActiveSync, Apple Push, and Cortado’s own MDM services. Together these provide an abundance of management functions that, thanks to adaptive MDM, is used to the best extent possible with each device according to its requirements and the environment. Administrators can use Cortado Corporate Server to both manage and roll out company-owned applications as well as to recommend apps from the public app stores. Linking to applications on the intranet, like CRM or time-tracking systems, can also be easily set up. All these resources are accessible to the user online via the Enterprise Resource Store.
The web-based Management Console is easy-to-use for administrators and quickly accessible over the internet. The intuitive user interface leverages the latest HTML5 standards and is optimized for PCs and tablets. Supporting mobile employees who rely on fast assistance outside of business hours could not be easier.
Cortado’s solution provides a secure, centrally manageable platform to connect users and their devices with corporate resources. Thanks to enhanced security, there are reduced security risks. For example, with Cortado, users can leave laptops behind and also avoid storing documents on their smartphone, significantly reducing the risk of loss and security breaches. Cortado’s software fully integrates into the devices, Cortado reduces the risk of data loss with a more cost effective solution, offering a superior user experience.
This white paper, as well as many others on current IT topics can be downloaded at www.cortado.com / whitepaper
Do you have any questions? The Cortado Team will be glad to help you. Call us at + 49 30 35 12 15 10 or simply send an e-mail to info@team.cortado.com.
A toll-free number is available for customers anywhere within the United States: + 1 - 866 - 279 - 83 65, Mon – Fri from 9 a.m (EST) to 4 p.m. (PST).
Cortado Corporate Server Addresses Important Areas of Security
A Brand of Cortado AG Alt-Moabit 91a/b 10559 Berlin, Germany Phone: +49 (0)30-39 49 31-0 Fax: +49 (0)30-39 49 31-99 E-Mail: info@team.cortado.com www.cortado.com Cortado, Inc.
7600 Grandview Avenue, Suite 200 Denver, CO 80002, USA Phone: +1-303-487-1302 Fax: +1-303-942-7500 E-mail: info@cortado.team.com www.cortado.com Cortado Pty Ltd.
Level 20, The Zenith Centre, Tower A, 821 Pacific Highway
Chatswood, NSW 2067, Australia Phone: +61-(0)2-84 48 20 91
Cortado Japan
20th Floor, Marunouchi Trust Tower Main, 1-8-3 Marunouchi Chiyoda-ku, Tokyo 100-0005 Phone: +81-(0)3-52 88 53 80 Fax: +81-(0)3-52 88 53 81 USA (Colorado) Australia Japan Headquarters
