Symphion CEO Jim LaRoe was recently featured in Dark Reading’s “Ask the Expert” series to address a question many organizations are still avoiding:
Managed printers are still unprotected. What needs to change at the leadership level to effectively secure printers?
Jim’s answer starts with a simple but uncomfortable reality: managed is not the same as protected.
Most enterprises “manage” printers for uptime, toner, and cost per page. That is not security. Printers routinely make up 20–30% of endpoints, handle highly sensitive data, and often remain the softest path to compromise because no one truly owns their protection.
In the article, Jim highlights several structural problems:
- Ownership vacuum: Printer endpoints are typically influenced by supply chain, IT operations, and security, but not clearly owned by any of them. With no accountable owner, there are no policies, no controls, and no metrics for protection.
- Blind spot in the budget: Without a dedicated printer security line item, efforts become temporary projects rather than durable controls. Security language is often buried in RFPs and managed service contracts without clear, enforceable outcomes.
- False confidence from “management”: Managed print services optimize for service delivery and cost, not cyber hygiene. Factory defaults and weak configurations often remain in place because true protection adds cost and complexity.
- Complacency and distraction: While teams focus on the “new hotness,” attackers take the path of least resistance: default credentials, open services, and endpoints no one is watching.
Jim argues that leadership and governance must change before the technical stack can succeed. He outlines a concrete set of actions:
- Assign a single printer endpoint security owner under the CISO and communicate that across security, infrastructure, and supply chain
- Define, in policy, what “protected” means for printer endpoints – identity and access, change governance, and monitoring
- Fund printer security as a continuous control, not a one‑time project
- Bake cross‑OEM compatibility, automated compliance reporting, and security outcomes into procurement and managed service agreements
- Integrate printers into risk registers, audits, pen tests, and tabletop exercises
- Measure coverage and drift with regular executive reporting, tying exceptions to accountable owners
- Jim’s litmus test for leadership is straightforward:
Could a reasonable auditor verify that your print endpoints are protected with the same rigor as laptops and servers – without a hero, without a meeting, and without vendor spin?
If the answer is no, the gap is not just technical; it is organizational.
Read the full Q&A on Dark Reading here: What Organizations Need to Change When Managing Printers