Advanced UK and Zero Trust
We support your Zero Trust initiatives using the following best practises and suggestions to make implementation easier and more thorough. We do this by combining hardware, software, and processes.
The distributed workforce of today requires anytime, anywhere access to their IT infrastructure. Business data is becoming more accessible thanks to numerous digital transformation projects.
Critical business systems, which serve as the foundation of any business, are now interconnected with a wide variety of IoT devices.
Due to these trends, security professionals are under more and more pressure to support the modern workplace while minimising the security attack surface of the enterprise.
The use of zero trust has become a potent technique for granting authorised users and devices secure access while enhancing enterprise security posture.
We at Xerox have provided our customers with products and services that support Zero Trust initiatives because comprehensive security is one of our top priorities. There is nothing new about principles like “never trust, always verify,” “least privilege access,” “proactive threat detection and remediation,” “encryption,” and “security certifications.” They do, however, represent essential components of a successful Zero Trust security programme when used as part of a comprehensive security strategy.
The Xerox 5 principles of Zero Trust
1. Authenticate and control access
Summary
Summary
Make sure all user access is verified and start with the “no implicit trust” policy. Password protection is included with new Xerox® printers.
Implement role-based access controls for least privilege access and revalidation with enforced inactivity timeouts.
With the help of Xerox Managed Print Services, Xerox Workplace Suite, and Cloud, you can expand the capabilities of your device fleet.
Implementation
Implementation
Starting point: ensure all user access is verified and start with the “no implicit trust” policy.
The Admin account passwords on Xerox® Printers are secure and specific when they leave the factory. Role-based access controls can be put into place using local usernames, card-based authentication, PIN code access, and CAC/PIV secure authentication. With the use of inactivity timers and logouts, least privilege access and continuous revalidation can be enforced. Cloud identity providers (IdPs) like Ping Identity, Okta, Microsoft Azure Identity Services, as well as Xerox® Workplace Cloud/Xerox® Workplace Suite solutions, support multifactor authentication.
In order to provide a unified approach, Xerox® Workplace Cloud Print Management Solution and Xerox® Workplace Suite Print Management Solution extend the capabilities of Xerox® Printers across a fleet of devices. By requiring users to unlock printers with cards/badges, mobile devices, or PIN codes before accessing the printers’ available services, they enforce a “never trust” security posture.
Every time a new connection is made, Xerox® Managed Print Services enforces mandatory authentication at the user and system levels.
It creates user roles that are clearly defined for access, and it offers NIST 800-171R2 approved password management techniques.
Authorized printers on the network can communicate securely thanks to CA/Certificate Management.
2. Monitor and detect
Summary
Summary
Constantly keep an eye out for and identify security threats, both potential and actual.
Our printers feature McAfee whitelisting and firmware verification as anti-tampering measures.
Tools like reCAPTCHA are used by Xerox Workplace Suite and Cloud to identify and prevent brute-force entry attempts.
With the help of the Xerox® Printer Security Audit Service, we implement fleet-wide device management and configuration settings.
Implementation
Implementation
Starting point: continuously keep an eye out for and find security threats.
The firmware in Xerox® Printers is digitally signed, encrypted, and has firmware verification built-in to guard against attempts to tamper with the operating system’s code. Real-time malware monitoring by McAfee whitelisting rejects and alerts users to malicious activity.
The integrity of the system startup procedure is guaranteed by Trusted Boot.
To identify and counteract security threats, Syslog/Audit log data generation and integration with SIEM tools like LogRhythm, Splunk, and McAfee Security Manager are helpful. Cisco Identity Services Engine (ISE) enables us to identify and block the connection of unauthorised printers to your network.
To ensure seamless access and authentication, Xerox® Workplace Cloud and Xerox® Workplace Suite integrate with your ID management system. By doing this, synchronisation problems between the ID provider and the access control mechanism are avoided. We employ tools like reCAPTCHA to track and stop brute-force entry attempts at the local/device level.
Customers can set the frequency of security monitoring through Xerox® Managed Print Services. With the help of the Xerox® Printer Security Audit Service, we implement fleet-wide device management. By remotely establishing print and security policies, it is used to manage the configuration of the entire fleet in an intuitive manner. Additionally, it serves as the foundation for real-time, interactive dashboard reporting of data. Firmware updates and security patches are applied in accordance with the customer’s security policy.
3. Contain and remediate
Summary
Summary
Contain the threat in the event of a potential compromise and offer quick remediation to get rid of it.
Potential security breaches are limited by layers of security features, which also stop them from spreading to the fleet or the network.
In the event that printer security settings are altered, the Configuration Watchdog feature automatically fixes the problem.
The fleet of printers is kept in compliance with policy by the Xerox Printer Security Audit Service.
Implementation
Implementation
Starting point: Contain the threat in the event of a potential compromise and offer quick remediation to get rid of it.
At Xerox, we have created our printers with a security-first mindset to guard against threats. Further containing potential security breaches are layers of security features. The Configuration Watchdog printer feature, for instance, enables system administrators to set up to 75 security settings and proactively remediate (reset) them in the event that they are modified.
At the fleet level, Xerox® Printer Security Audit Services uphold policy observance and promptly fix any contravening hardware. We consult with the client, review configuration policies on a regular basis (to make sure they are current with security requirements), and offer ongoing security recommendations.
4. Protect both data and documents
Summary
Summary
Protect data and documents from intentional and unintentional disclosure by using software solutions and data encryption techniques.
256-bit encryption, digital signatures, and password-protected file formats are used to protect the data you store.
Using algorithms that have been approved by the U.S. DoD and NIST, data that is no longer needed can be deleted.
Content security is offered by Xerox Workplace Suite and Cloud, which also produce alerts and reports on data usage.
Implementation
Implementation
Starting point: To prevent intentional and unintentional disclosure of data and documents, use software solutions and data encryption techniques.
Our printers’ storage drives are secured with 256-bit encryption.
Using data clearing and sanitization algorithms that have been approved by the US Department of Defense and the National Institute of Standards and Technology (NIST), stored data that is no longer needed can be deleted.
A PIN or card release system is used to protect print output. We also use digitally signed, encrypted, and password-protected file formats to stop scan information from going to people who shouldn’t.
Our printers allow you to lock down the “to,” “cc,” and “bcc” email fields, restricting the domains that can be scanned, such as internal ones. Xerox® AltaLink® Printers use IR (Infrared) technology with the Imaging Security feature to identify and mark sensitive documents. This stops any unintentional duplication of them and generates alerts and audit logs to keep track of any attempts at duplication.
To lessen the attack surface on the network, unused network services can be disabled.
IP filtering can be used to limit network access to only authorised clients for device management, scanning, and printing. Data in transit is safeguarded by secure protocols like SFTP, HTTPS, LDAPS, and IPsec. To make sure that only the most secure protocols are permitted to communicate with the device, FIPS mode can be enabled.
Content in transit and at rest is encrypted by the Xerox® Workplace Cloud solution. A client’s own encryption key may be used to encrypt content kept in Xerox’s cloud. Clients can enjoy all the advantages of switching to cloud-based print management while maintaining control over who can access their data by using their own encryption management. The Xerox® Workplace Cloud and Workplace Suite solutions’ Content Security feature gives users the ability to identify pre-defined sensitive content and produce alerts and reports based on how that data is used.
The fleet’s data and document protection features are enabled, policy infractions are corrected, and compliance is reported using the Xerox® Printer Security Audit Services.
5. Automate security
Summary
Summary
For best results, simplify security procedures.
Automation brings simplicity and frees up security teams to concentrate their efforts on more crucial problems.
A small network of printers’ configuration and firmware updates are automated by the Fleet Orchestrator feature.
By automating compliance enforcement, the Xerox Printer Security Audit Service streamlines fleet management and presents data in an intuitive dashboard format.
Implementation
Implementation
Starting point: Streamline security policy for best results.
Automation leads to simplicity and allows security teams to focus on important issues. The Fleet Orchestrator feature of Xerox® Printers automates device configuration and applies firmware updates to a network of printers. This ensures compliance while reducing the burden on IT staff. With the integration of Cisco ISE and McAfee ePolicy Orchestrator, any printer can be automatically quarantined upon threat detection.
The above prevents damage to the printer, and protects the network and other endpoints. Xerox® Printer Security Audit Services use a centralized policy mechanism and device grouping to streamline fleet management with minimal effort. Compliance enforcement and validation is fully automated. Dashboards present fleet, policy, and device compliance information in an easy-to-read, graphical format.
Conclusions
A straightforward and enforceable security policy, supported by features and services that guarantee compliance, is essential for a successful security programme. Businesses of all sizes are quickly choosing the Zero Trust security model as their preferred one.
Businesses can safely grant authorised user access, reduce exposure in the event of data breaches, and automate responses to potential security threats by putting the Xerox security recommendations outlined in this brief into practise.
Related Articles
To own, or not to own?
It might feel like pay-per-use IT has come of age during the last 18 months, with even the most die-hard “we need to own our IT outright” companies forced to adopt subscription-based services to maintain productivity during the pandemic.
Keep your business and data safe
Protect your business from cyber-attacks with a culture of security and our IT defence checklist.
Productivity from Anywhere
By working in partnership, we can create solutions to meet the needs of a flexible working environment aligned with your individual challenges and goals.
Watch the Cyber Security Webinar
Learn how to create a culture of security in your business keeping your data and employees safe from cyber attacks.
How to Get Inbound and Outbound Post to Remote Workers
Yes, 20 years into the 21st century, something as old school as post is still a vital communications channel for businesses. So start optimising your inbound and outbound post as part of your digital transformation
Cybersecurity in 2024
Understand the key measurements your business should take to stay secure and resilient to cyber threats.