Yes, Secure Mobile Printing in the Cloud IS Possible

Posted on February 27, 2014

Nevertheless, the industry appears to be converging toward a cloud-based approach, with vendors and buyers alike generally recognizing that a cloud approach is the only way to provide the full range of flexibility users require ? which means that security has attained critical status as when evaluating mobile print providers.

Is On-Device Encryption Necessary? Yes!

Once a decision is reached to use the Cloud, the first question on the evaluator's mind should be: "How secure is my document as it moves to the printer?" Within the overall category of cloud-based mobile print solutions, there are widely varying methods of document transport, and many different levels of security.

On-device encryption should be considered the Holy Grail of mobile print security for the simple reason that it's the only way to protect sensitive company information both at rest (being stored on the mobile device) and in transit to another device (such as a printer).

Data that isn't encrypted on the mobile device where it is stored is subject to man-in-the-middle attacks when it is "in transit" between the mobile device and the printer. And while nearly every vendor uses some form of encryption, many use only "transport layer" encryption, rather than performing full encryption on the mobile device.

Defining On-Device Encryption

The term on-device encryption means that the document is encrypted by the mobile device before it is transmitted to the printer. In a cloud printing system employing on-device encryption, each printer will have an associated keypair allowing asymmetric-key encryption. In simple terms, this means that each printer will have a private key that is kept secret, and a public key that can be advertised. The keys are linked such that when an encryption algorithm is applied to a data stream and the public key, the data stream can only be decrypted by an entity in possession of the private key.

Before a document is sent to a printer, an app using on-device encryption will obtain the public key associated with that printer, and use it to encrypt the document before transmission.

Consider the following scenario:

1) A vendor sells a cloud printing app that lacks on-device encryption but touts the app's use of HTTPS as a security measure, possibly using terms such as bank-level encryption or the like. The vendor relies on the HTTPS protocol to protect the document on its transit to the vendor?s cloud, and from there to the client's infrastructure (this is known as "transit layer" encryption).

2) A user prints a sensitive document using the app. The app dutifully sends the document to the vendor's cloud via HTTPS.

3) Even though the app behaved appropriately, there is a surprise: unbeknownst to the vendor or the user, a man-in-the-middle attack has compromised the app's connection to the vendor's cloud ? or, worse yet, the vendor's cloud itself has been compromised. In either case, the attacker is able to retrieve the document ? and because the document is not encrypted, the attacker has full access to its contents.

On-device encryption is the only solution that protects company data in this kind of attack, which is why Breezy built it into all Breezy secure mobile printing products. For more information on secure mobile printing, watch this video from Breezy, or download The Definitive Guide to Mobile Printing, a free ebook from Breezy.

Easy to deploy and manage

Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.