Not so long ago, the consensus opinion was: “Macs for artists, Windows PCs for business.” In today’s world, we can confidently say that using Macs for business is not a laughable idea. Surveys find that more than 55% of corporations now use or permit the use of Mac computers. Macs have historically been more geared towards consumers and design professionals, and Apple has not focused on the enterprise market until recently. But over time, some users have come to prefer the Mac platform over traditional Windows PCs.
Unfortunately, supporting Mac workstations can be a challenge in the printing and scanning environment for those handle IT in your organization. If you don’t live and breathe IT every day, you may not realize what a headache it is to support the Mac. Strangely enough, some organizations aren’t even aware that Macs exists in their workspace – thanks in part to the Bring Your Own Device (BYOD) movement. However, the number of Apple devices has increased in corporations and these need to be supported and secured in the printing world.
What if I told you that LRS has figured out how to make it all work? We assist IT departments in global enterprises by supporting heterogeneous desktop fleets. Regardless of what hardware you use, we can ensure that all users will have the same user experience when it comes to printing and scanning documents. End users need the ability to print when, where, and how they want. At the same time, IT administrators expect their organizations’ print systems to be secure, scalable, and easy to manage.
We achieve this with the Personal Print Manager (PPM) solution. This product is flexible and now supports both native Apple silicon and the Intel chip architecture. PPM helps users stay productive and dramatically simplifies life for the help desk teams tasked with supporting end user print issues. By enabling IT self-service, the solution reduces the burden on your support staff. When IT support is required, technical personnel benefit from having a uniform set of print capabilities that spans multiple platforms.
Let’s briefly talk about the fun stuff… starting with security. Macs have a reputation for being inherently ‘secure’. However, no operating system is foolproof and while Macs can be secure, they’re not perfect. LRS developers remain very aware of paths to vulnerability and take steps to avoid becoming the target of malicious exploits. Some of these steps include the adoption of Zero-Trust security, avoidance of operating system print spooling mechanisms, and the adoption of industry best practices when writing product code such as data encryption at rest and on the fly for all inter-process data. Printing can be challenging in a Zero Trust environment, but LRS has the tools and experience to make this a reality.
My colleague Guy Tucker proclaims that “the premise of Zero Trust is that no data transaction should be trusted, regardless of where it originated. Furthermore, within each transaction, there should be proof of ownership.” Printed documents represent a way to expose data. Moreover, once data is printed, there is no real way to control the information that has been exposed. It is very important to check who is printing data, as well as what data is being printed. LRS knows that Identity and Access management systems are critical components to any enterprise security design. With this knowledge, we have incorporated techniques that let the Personal Print Manager solution securely authenticate users, devices, applications, and processes before granting authorization to access resources.
So how does LRS do this? When launching the PPM user interface, you are asked to login. The Personal Print Manager supports several options for performing remote authentication of users before allowing users to perform actions that retrieve or update remote resources, such as printer definitions, print jobs, or roaming profile settings.
If I were to sign on to the PC as an administrator, I would need to provide my credentials before I could print. When it comes to authentication, its invasive to allow an organization to use whatever methods and factors they want and control it from a single source. In the past, simple methods like Microsoft’s Active Directory (AD) or other LDAP methods were considered sufficient. Unfortunately, those were easily hacked and had zero flexibility in their structure. Now, companies want to use more than just a username and password to log in.
LRS has created a solution to become an OIDC provider for the world of Open ID Connect with the ability to integrate with other OIDC providers. Using the LRS/Gateway, LRS client software like the Personal Print Manager can run on Internet-only connected devices and still access print resources on a remote network. All communications into the LRS/Gateway, regardless of whether they come from a client or a local server-side application, are transmitted via HTTPS/TLS to ensure secure communications. If LRS/Gateway is using Active Directory, then the user data is immediately authenticated, and the verification is passed back to PPM. This verification is in the form of a Token that PPM can use for future requests. Each request will contain a ‘validation’ to print and certifies that I am who I say I am. If a company prefers to use another provider like Azure AD, Okta, Ping, etc., then the LRS/Gateway acts as a bridge to other identity sources and redirects authentication to that secondary source. It’s that simple!
Personal Print Manager supports single sign-on authentication. When enabled, users will automatically be logged in upon launching the Personal Print Manager user interface or performing other actions that require user identification, such as printing a job.
After logging in and authenticating, I can look at print policies that can be used to control many output options. For example, policies can dictate whether the company wants to incur the costs of color printing or specify whether I should really be printing that document in color, one-sided, or at all. These policies can prompt the user to confirm their desired actions, log the print attempt; block the print completely, or allow the user to override the request. These are just some simple examples; the full capabilities are much more extensive.
In addition, your organization can institute a Secure Print environment. This lets you send print data to a Personal Print Queue where it is held securely until you go to any nearby printer, authenticate at the device, and retrieve your jobs. The benefit: your sensitive documents are not left sitting in the printer’s output tray unattended. The jobs waiting in the queue and the jobs traveling from the source to the printer are constantly encrypted using standard IPP methods commonly used for printing across the Web.
Trust nothing, verify everything. Never stop trying to safeguard the valuable data contained in your documents. It’s possible today and LRS can spare you and your organization a lot of pain. Whether you’re using a Mac or a PC, find out more about Personal Print Manager today!