Securing documents in the cloud

Document security in the cloud.

Everyone knows the ubiquity of the cloud – a big empty space just waiting for you to fill it up with all sorts of goodies that you want to be able to share with the right friends or business partners, or customers, and who may well equally want to share their information with you.

But not all friends are equally trustable.  And your business contacts may have different objectives from your own.  So maybe you should not trust that everyone will respect your confidence and treat your information securely.

Also, are you aware of the security services that the cloud provider you are using delivers?  Do they protect your documents, and if so, from who and what?  How do people gain access to your documents in the cloud?  Is there any method for making sure that people only get to see what they should, and how is that enforced?  Is information backed up, and if so, where and who has access?  This may matter a lot if you are using the cloud as an extended storage device or a portal for information distribution.

Why secure documents in the cloud?

So do you need any document security at all?  Well, if you don’t mind if documents you upload to the cloud can be all over the Internet, some versions being a little less accurate than when they set off, then you’re already good to go.  But if you’re reading this blog it’s likely you are wanting a bit of control, and you’d like to find out the ‘how to’ aspects of securing documents in the cloud.

The first thing to understand about the cloud model is that you are usually granting people that do not have accounts on your local network access to files you are storing in the cloud.  Whether they logon to a portal or are shown a ‘downloads page’ by an application, they are getting access.  So if documents in the cloud are not already secured they can take copies of them onto their own systems and then do what they want with them – like uploading them to Torrent sites.

Many suppliers will tell you that files on their cloud service are encrypted and that makes them safe.  But recipients have to have the decryption key or they cannot open the file.  Sometimes this ‘key’ is an identity field plus a password, and sometimes it is just the email address of the intended recipient.  Either way, the intended recipient can tell anyone else what those passwords are because they don’t lose any of their own security by disclosing the information (unless it would disclose their own personal information that they would rather was kept secret – sometimes called enlightened self-interest).

So that narrows the choice of security methods down.  Your requirement is to be able to decide who can actually see which documents, and what they are allowed to do with them.  Please note that this requirement runs counter to the Electronic Frontier Foundation (EFF) theory that there must be no controls limiting access to and use of information that gets published on the web.  There are some ideas that it must be impossible to have information that can be controlled, so that anyone has the right to study it (for personal use only – of course).

Only Digital Rights Management (DRM) technology has the ability to control exactly who is able to access documents, and what they are able to do with the content, if anything.

How does DRM work?

DRM starts off by encrypting documents to make sure that only those authorized can use them at all.  This is the basis of good security.  At the same time DRM takes the document controls that you want (stop copying, prevent printing, enforce document expiry, etc.), and binds them to the document so that they cannot be removed without destroying the document itself.

Document encryption is done before you upload to the cloud, so there are no concerns about attacks while documents are in transit or when stored in the cloud.  That way anything the service providers do is a bonus, but it is not critical if their encryption fails for any reason.

This gets you into generating and managing encryption keys, but select a DRM product that does all of that for you because it’s complicated and easy to get wrong.  DRM administration systems must not disclose cryptographic keys that can release the original documents, and must not send the keys along with the files so they cannot be easily attacked.  That tends to mean that special DRM document viewers are needed that have strictly controlled functionality so they cannot be hacked easily to allow content to be extracted.  Look out for a system that can prevent printing documents, and has no functionality for Save or Save As, so those features can never be used.

Other DRM controls that are valuable are:

  • when documents can be used (start and stop dates)
  • how often documents can be used (a number of views and prints)
  • if documents be used offline or must users always be connected to the Interent
  • the ability to revoke documents at any time
  • dynamic watermarks that identify users, which are automatically added on screen as well as in printed copies
  • restricting document use to specific country locations
  • restricting document use to an IP address or range (say an office location)

Having a range of granular document use controls is very important as the security requirements vary by the document content, not the group of people it is destined for.

Also look for controls that allow you to handle documents in groups or publications.  Typical groups of business documents are:

  • Board Papers
  • Monthly accounts
  • Sales distribution list
  • Manufacturing list
  • Franchisee distribution
  • Monthly sales forecast
  • Monthly markets analysis
  • Technical product training course
  • New edition(s) of analyses
  • Confidential data on competitors

and so on.

When you have protected your documents, you need to upload them to your cloud service in order to make them available to the intended recipients.

And finally you have to tell the administration system who gets to use which documents or groups of documents.  Customer/user records have to be set up establishing which documents or publications each individual gets to use.  What they can do with the documents they are being given access to has already been fixed, based upon the content of the documents.  This is a more pragmatic way of managing rights because it is the use of the content that is being controlled.  If there are different classes of use you need different versions of the document with different security profiles rather than trying to alter use controls through the definition of the user.  That leads to an impossibly complex system that is error prone both in implementation and administration.

Summary of cloud systems & document security

So cloud based systems can be exceptionally powerful in enabling the storage and access to information.  But they are not without their problems.

Document access control has to go a lot further than typical access control and encryption mechanisms if you are going to provide appropriate protection to the content of documents that you store and make available through the cloud.  DRM technologies with the granularity of features described, offer a pragmatic way forwards that allows you to take advantage of the conceptual benefits of cloud storage without exposing you to the potential security risks that cloud systems can create.