How to Improve Corporate Network Security with a Zero Trust Strategy

Improve Corporate Network Security with a Zero-Trust Strategy
Improved security infrastructure is becoming increasingly important for many enterprise networks.

IT systems are under attack with increasing frequency. This is also confirmed by a study conducted by Bitkom in August 2021. According to that study, 59% of companies with employees working from their home offices have been affected by such attacks since the start of the pandemic. In 52% of cases, damage was caused as a result. Internal IT is therefore faced with the challenge of creating a more secure work environment. 

Previous security concepts were largely based on a VPN (Virtual Private Network). These VPNs, which are actually protected, have a major problem: as soon as someone has been able to gain access, this person has access to all the resources behind it. 

How Do You Increase Enterprise Network Security?

The zero trust concept has become increasingly popular in recent years, especially among government agencies and highly regulated organizations in the financial, healthcare, and judicial sectors. Recently, even US President Biden has prompted public institutions to create such an environment with Executive Order 14028. It is therefore advisable to supplement the existing VPN system with a more modern security concept.

What is Zero Trust?

In simple terms, zero trust is a security concept that requires the user to log in not only to a network but also to each individual application.

This makes it possible to regularly check the authorizations of the person accessing the network. If an attacker manages to infiltrate the network, they will fail when accessing the corresponding applications.

The prerequisite for this is that, when rights are assigned, each user is granted only those rights that are necessary to perform their tasks.

How Do You Implement a Zero Trust Strategy?

If you want to optimize a network using the zero trust concept, you can use network segmentation. This special case is also referred to as zero trust segmentation or micro-segmentation.

In this case, the network is subdivided so that it is possible to allow the user targeted access to network resources without making the entire network available to them. If this security concept is used, the user computers and the servers must be located in separate segments of the zero-trust environment.

Zero Trust in Home Office

There is another special feature to consider concerning the home office. Since no administrator should be responsible for the security of private networks, it is important to strictly separate the local home networks of employees from the company applications they use.

A VPN in shared use with a remote desktop approach is recommended for this purpose. The number of cases in which a combination of VPN and web applications is sufficient is increasing.

This allows the user to make their own choice of end device, and Chromebooks could also be used, for example.

What Do You Need to Consider When Connecting Other Devices, Such as Printers, in a Zero Trust Environment?

People who set up a zero trust environment can identify printers as a problem early on.

Here are common problems that arise when printers are used in a zero trust environment:

  1. In zero trust network segmentation, the printers and application computers are in separate segments. This means that printers cannot be easily accessed from the application computer.
  2. It is often not possible to connect printers directly to the home network, external ports, or local interfaces because they are prohibited from accessing the corporate environment at secure home office workplaces. 
  3. Prohibited access to the local hard drive also means that it is not possible to print from a web application without first creating a PDF.    

How Do You Securely Integrate Printers in Zero Trust Environments?

First, a secure connection must be established between the cloud and the printer. To be able to block other incoming connections, it must be ensured that the printer is not directly addressable from the Internet. 

Cloud printing solutions offer connector software or hardware for this purpose. For this purpose, ezeep Blue uses the ezeep Hub, which independently establishes the connection between the cloud and the printer and therefore represents the only point of contact for the printer. 

The hub, which is small enough to fit in any pocket, is simply connected to the same network where the printer is located. The hub is then registered in the ezeep Admin Portal using its Mac address and automatically connects the printer to the ezeep Cloud

The user can then access these printers via the ezeep App or an ezeep printer driver.

Order the ezeep Hub
Large, expensive print servers can be completely eliminated with appliances like the ezeep Hub. All print data is transferred encrypted with ezeep Blue.

Local Printing from a Protected Home Office

The ezeep Hub is also ideal for the home office, as it is small and has low power usage. Furthermore, no maintenance is required. Small and uncomplicated, it enables zero trust printing without the need for the PC and printer to access each other.

Since the ezeep Hub can be configured via the cloud and only needs to be added to the network, IT administrators can also send it directly to anyone in the home office. Native printing is also possible when using a remote desktop solution such as Azure Virtual Desktop. Once an ezeep account is created in the Azure Marketplace, all that is required is to install an additional client agent on the computer.

Printing from Web Applications

To enable web applications to print without storing files locally, ezeep Blue is equipped with an API that can execute print jobs from the backend of the web application. Furthermore, it can be made easier to use by embedding ezeep via the Javascript module ezeep.js.

Printing is also made easier for apps. By connecting ezeep and Zapier, automatic printing from countless apps is possible. Zaps are automated workflows. If you trigger a Zap, it starts the predefined actions and steps. If you integrate ezeep into a Zap, you can print automatically from apps.

Allow Printers for Authorized Access Only

To maintain the security of the zero trust environment, it is important to allow the use of a printer only with authorized access. Cloud printing solutions that require users to authorize themselves with the cloud printing service are recommended for this purpose. Here, two-factor authentication is particularly secure. These solutions do not allow direct access to the printer at any time. One example of this is ezeep Blue. As a cloud printing solution, ezeep sets up two-factor authentication via Active Directory or Google. 

Connector software/hardware also ensure that continuous authorization is provided using OAuth 2. For example, the ezeep Hub independently scans the network and enables the selection of the desired printer. This means that the printer can only be controlled by authorized persons, thus closing an often-forgotten security gap. Authorized use of the printer prevents malware from spreading throughout the corporate network or infecting the computers of employees.

Summary

The zero trust concept is indispensable in today’s world. When it comes to implementation, printers are often a problem case. Cloud printing services, such as ezeep Blue, solve this problem and enable the secure use of the printer. Administrators also benefit from ezeep Blue compared to the traditional printing environment, as ezeep is easier and more resource-efficient to manage.

With ezeep, you protect printers from attackers and unauthorized access to confidential documents. You can find a free trial of ezeep Blue on our website. 

Zero Trust Whitepaper small

Free Whitepaper on Zero Trust Printing

This E-Book (PDF) helps you to improve security in your print environment and discusses the advantages of Zero Trust.