There are many document DRM solutions available in the marketplace, and they all use different technologies to control document access and use. Many technologies are just not secure and they are certainly not suitable for secure document sharing.
Here we cover how Locklizard differs from other PDF DRM & Document Security software with stronger security, simple management, and significant cost savings.
PDF password protection systems are freely available and enable you to encrypt a PDF with a password and additionally apply PDF restrictions (stop editing, printing, copying). Users enter the password used to protect the PDF to decrypt and view it.
There are only 3 things you need to know about protecting PDF files with passwords:
To remove all restrictions users can use a free PDF password recovery tool, Google Drive, a Mac, or just a PDF reader that does not honor the controls.
So clearly PDF password protection is pretty useless as a means of protecting PDF files and controlling document use.
More information on Adobe PDF password protection and other poor security mechanisms can be found here PDF security weaknesses.
Secure Data Room systems require users to login to a web portal to view ‘protected’ documents in a browser.
Most companies make a big thing about how secure their data (server) systems are (protected by firewalls etc.) but that is just diverting people from the real issue of how good (or not) their document protection is.
There are many issues with secure data rooms:
To try and counteract the fact that the login process is insecure (i.e. login details can be shared), some secure data room systems use 2FA as an additional verification measure – this could be a key code sent to a cell phone, a QR code that is scanned, or a link sent to an email address. However there is nothing to stop users passing this information on to others as well.
Since users find 2FA rather annoying if they are not benefitting from it in any way, some companies make this process easier by storing a cookie on the users device so they only have to authenticate again when the cookie expires. This however makes the system less secure since users can edit cookies and copy them from one device to another – ‘Cookie Quick Manager’ (a Firefox plugin) for example lets you edit cookies (change expiry dates) and backup and restore single cookies on to other devices. Other systems like Google Authenticator enable users to backup individual codes and transfer them to other devices.
The graphs and data might look great, but they are totally meaningless. Here you have to understand what or who you are actually tracking – anyone who has the login details.
You cannot rely on IP addresses since users regularly change them (they are dynamically allocated by ISPs); users can use a proxy to access the Internet (included with many anti-virus software); or use a VPN that has a dedicated IP address (so everyone sharing that VPN logs in using the same IP from different locations).
Most of these systems say they support multiple file types. In reality they convert files to HTML or PDF format on upload. That is why users can only download PDF files and why printing is often not aligned correctly (if files are converted to HTML).
Plugins are just not safe. We do not use plug-ins to other applications for several reasons:
Some PDF DRM solutions actually force users to turn off security in Adobe Reader for their plugins to work – if a user’s system is hacked because of this, then who is held legally responsible?
Locklizard PDF DRM security cannot be compromised by plug-ins because we prevent all plug-ins from being loaded so that no vulnerabilities can be introduced.
ERM systems (e.g. (Microsoft RMS, Adobe LiveCycle ES, etc.) are mainly for internal company use for secure document collaboration across multiple file types.
For an analysis on Microsoft RMS security see How secure is Microsoft RMS?