DRM Document Security, Secure Data Rooms & PDF Security solutions
Locklizard competitors providing DRM (Digital Rights Management), encryption & copy protection
There are many document DRM solutions available in the marketplace, and they all use different technologies to control document access and use. Many technologies are just not secure and they are certainly not suitable for secure document sharing.
Here we cover how Locklizard differs from other PDF DRM & Document Security software with stronger security, simple management, and significant cost savings.
PDF Password Protection
PDF password protection systems are freely available and enable you to encrypt a PDF with a password and additionally apply PDF restrictions (stop editing, printing, copying). Users enter the password used to protect the PDF to decrypt and view it.
There are only 3 things you need to know about protecting PDF files with passwords:
- you need to give users the document open password (or master password) for them to open it
- users can share password protected PDF files and their password with others
- once users have the open password they can remove all restrictions
To remove all restrictions users can use a free PDF password recovery tool, Google Drive, a Mac, or just a PDF reader that does not honor the controls.
So clearly PDF password protection is pretty useless as a means of protecting PDF files and controlling document use.
More information on Adobe PDF password protection and other poor security mechanisms can be found here PDF security weaknesses.
Secure Data Rooms & Other Cloud Document DRM systems
Secure Data Room systems require users to login to a web portal to view ‘protected’ documents in a browser.
Most companies make a big thing about how secure their data (server) systems are (protected by firewalls etc.) but that is just diverting people from the real issue of how good (or not) their document protection is.
There are many issues with secure data rooms:
- You have to upload your unprotected documents to a third-party server in the cloud outside of your control. While documents are encrypted, you have no control over what happens to the unprotected documents you uploaded – if anything goes wrong with the process are any temporary files left behind?
- To view ‘protected’ documents, users have to login with an ID and password. There is nothing preventing them from giving this information to others. This can defeat the whole purpose of preventing document sharing.
- In most systems, the same login credentials can be used at the same time on multiple devices.
- Users can screen grab high quality document content using screen grabbing tools.
- If printing is allowed, users can print to PDF files and other unprotected file formats.
- Usually documents are decrypted on the server and delivered to the client in plain text. That is a lot of tempoary files sitting on the server unprotected. Also browsers create their own temporary files so it is possible for users to extract the plain text files.
- You cannot distribute your protected documents as you see fit or easily integrate protected documents into your existing systems – users have to login to a data room with a fixed layout that you cannot change.
- Document controls are limited (e.g. an expiry date and time) and are set at the file, data room or link level. For example, if you want 10 documents to expire at different times for each user, then you have to create 10 files, 10 data rooms, or 10 links per user. It soon becomes unmanageable.
- Costs can rapidly esculate – you are tied into monthly pricing which can soon add up over a period of time.
- Generally there is no option to host on-premise in your own environment.
Two-factor authentication (2FA)
To try and counteract the fact that the login process is insecure (i.e. login details can be shared), some secure data room systems use 2FA as an additional verification measure – this could be a key code sent to a cell phone, a QR code that is scanned, or a link sent to an email address. However there is nothing to stop users passing this information on to others as well.
Since users find 2FA rather annoying if they are not benefitting from it in any way, some companies make this process easier by storing a cookie on the users device so they only have to authenticate again when the cookie expires. This however makes the system less secure since users can edit cookies and copy them from one device to another – ‘Cookie Quick Manager’ (a Firefox plugin) for example lets you edit cookies (change expiry dates) and backup and restore single cookies on to other devices. Other systems like Google Authenticator enable users to backup individual codes and transfer them to other devices.
The graphs and data might look great, but they are totally meaningless. Here you have to understand what or who you are actually tracking – anyone who has the login details.
You cannot rely on IP addresses since users regularly change them (they are dynamically allocated by ISPs); users can use a proxy to access the Internet (included with many anti-virus software); or use a VPN that has a dedicated IP address (so everyone sharing that VPN logs in using the same IP from different locations).
Multiple file type support
Most of these systems say they support multiple file types. In reality they convert files to HTML or PDF format on upload. That is why users can only download PDF files and why printing is often not aligned correctly (if files are converted to HTML).
Plugins are just not safe. We do not use plug-ins to other applications for several reasons:
- plug-ins may conflict with one other
- plug-ins may be used to compromize security plug-ins
- the applications being plugged into were not designed to operate in a secure manner, and it is not possible, as a plug-in, to control what the application can do, so any ability to compromise the application will also compromise the security.
Some PDF DRM solutions actually force users to turn off security in Adobe Reader for their plugins to work – if a user’s system is hacked because of this, then who is held legally responsible?
Locklizard PDF DRM security cannot be compromised by plug-ins because we prevent all plug-ins from being loaded so that no vulnerabilities can be introduced.
- Read PDF Security Plug-ins for further information.
- See also PDF Security Issues for a list of poor implementation vulnerabilities.
Enterprise Rights Management Systems (ERM)
ERM systems (e.g. (Microsoft RMS, Adobe LiveCycle ES, etc.) are mainly for internal company use for secure document collaboration across multiple file types.
- They use full-blown PKI systems to operate so are complex and time consuming to set up.
- They require system administrators to create complex policies to govern document use.
- They are focused on internal company use (i.e. not for protecting revenue generating content) since key management is an issue.
- They assume that documents to be controlled are inside the domain.
For an analysis on Microsoft RMS security see How secure is Microsoft RMS?
How Locklizard compares to our competitors
Our PDF DRM software is simple to use and requires no prior setup to become operational.
Locklizard has taken a different approach to document security by avoiding known security weaknesses and complex implementation.
How our system works:
- We use our own installed secure PDF Viewers – so we have full control over the environment and can enforce DRM controls
- Key management is handled transparently by the licensing server and Viewer software, so there are no complex keys to generate, distribute, manage, or for users to pass on to others
- No uploading of unprotected documents to servers where they could be compromized – protect documents on your desktop and distribute protected PDFs just like any other file
- We lock documents to devices so they cannot be shared, and optionally to locations so you can control BYOD use
- We prevent screen grabbing and printing to PDF files and other unprotected file formats
- DRM controls are expansive and flexible – you protect just one file for all users and control access on a user basis – so you can have the same file expire at different times for different users – see PDF expiry
- Offline documents contain the same level of security as online ones
We provide perpetual licenses for long-term use saving you thosands over competitor offerings.
Our prices are for unlimited use – we don’t charge per document or user.
You can host on-premise (on your own servers) or use our AWS hosted systems.