Security Whitepaper - YSoft SAFEQ Cloud | Page 6

SECURITY WHITEPAPER

SECURITY WHITEPAPER

Zero Trust Secure Edge
In the case of optional Edge components , Zero Trust needs to be applied on Edge devices too . Again , securing “ just ” services / applications running on the Edge dice is not enough .
Y Soft approach to Secure Edge using the Zero Trust principles provides the following capabilities :
Trusted and Secure Device Identity - Each device provides trusted bond with its associated cloud tenant for management . Such identity is sufficient for establishing trust and unique identification of the device . This identity includes , but is not limited to , secure establishment and storage of encryption and digital signing keys in specialized secure enclave on your device .
Trusted Path - Y Soft secure Edge devices provide trusted boot and trust path capabilities , which ensure that only trusted operating system can be booted and run on the device . This ensures decreased or zero attack surface and protection of customer privacy and data integrity .
Mutual Service Authentication - Once secure cloud and edge environments are established , all services and devices ( including optional authentication for MFDs – if supported by the MFD vendor ) are performed using mTLS industry standard protocol .
Cloud Manageability - All cloud and especially edge deployments are securely manageable from cloud , including seamless remote deployments and rolling / transitional updates and upgrades . Device 2 Cloud communication is secure , including mutual authentication .
Remote Wipe of Customer Data - All customer data hosted on Edge devices can be remotely wiped using the cloud management capabilities .
Data transfer
Print Job Data in transit : Workstation to Edge device & Edge device to the multifunction printer .
Because the Edge device is secure in your trusted network , all print job data stays safely within your company ’ s boundaries . Data is transferred via secured IPPS protocol for printers that support higher levels of data security . Support for legacy , unsecured protocols , such as LPR is also available , yet disabled by default .
Print Job Data in transit : Workstation to Cloud & Cloud to the multifunction printer .
Data is transferred via secured TCP or HTTPS protocol to cloud and downloaded by trusted multifunction printer using device authenticated HTTPS protocol from the cloud in context of user authenticated to the multifunction printer .
Scan Job Data in transit : Multifunction printer to Edge cloud
Scan data are transferred to the cloud services using device-authenticated ( with context of specific user ) WebDAV / S protocol .
YSoft SAFEQ Cloud - 6 - YSOFT . COM