NORTH AMERICA:  
800 707 4492
UK & EUROPE:  
+44 (0) 1292 430290
sales@locklizard.com
Locklizard
  • Products
    • Our DRM software
      • Product Overview
        • Restrict PDF use
        • Watermark PDF
        • Expire PDF
        • Revoke PDF
        • Disable Print
        • Track PDF
      • Safeguard PDF Security
      • Safeguard Enterprise
    • Secure PDF Viewers
      • Viewer Overview
      • Viewer Demo
      • Web Viewer
      • USB Viewer
    • Add-ons
      • All Add-ons
      • Web Publisher
      • Safeguard Portable USB
      • Ecommerce API
      • Command Line
      • Own Branding
      • Custom Email
    • Purchase
    • Book a Demo
  • Solutions
    • Industry sectors
      • All Industries
      • Auctions
      • Engineering
      • Government
      • Healthcare
      • Libraries
      • Mergers & Acquisitions
      • Publishing Ebooks
      • Publishing Media
      • Publishing Standards
      • Membership Associations
      • Reports & Analysis
      • Tax Advisors
      • Training & Education
    • Vertical sectors
      • All Sectors
      • Board Documents
      • Internal Company Use
      • Large Publishers
      • Small Publishers
    • Business processes
      • Processes Overview
      • Secure Document Sharing
      • Sell Documents Securely
      • Document Retention
      • Prevent Document Leakage
      • Internal Document Control
      • Regulatory Compliance
      • Secure PDF Forms
      • Secure Data Rooms
      • Data Room Security
      • Application Integration
    • Business benefits
    • Regulatory compliance
      • Compliance Overview
      • NIST & DFAR Compliance
  • Downloads
    • Free 15 day trial
    • Viewers
      • Windows Viewer
      • Mac Viewer
      • iOS Viewer
      • Android Viewer
    • Writers
    • Manuals
  • Support
    • Support
    • FAQs
    • Guides
    • Videos
    • White papers
  • About Us
    • Contact us
    • Our customers
      • Customer Overiew
      • Case Studies
      • Testimonials
    • Our technology
    • Blog
    • Why Locklizard?
      • Competitors
      • PDF DRM protection
      • Password protect PDF
      • Product Awards
  • Search
  • Menu Menu

Are safe data rooms secure enough to share your sensitive data?

in Blog, Document Security, DRM, PDF Security

Data room security & secure document sharing.

Many companies look to online data rooms or virtual data rooms for securing documents with third parties.  But are they as secure as they appear?  If you are looking to share documents securely in the cloud then be careful what you are buying.

What is a safe data room?

A secure data room, or safe data room, is a cloud hosted document sharing system that provides some limited controls over how documents can be accessed and used online.

Document publishers upload PDF files and Office documents to a secure data room system where they are made available to users via a link – this may be a link to an individual file or a data room (a group of documents).

Security controls that can be applied are usually a watermark, an expiry date, and whether documents can be downloaded and printed.

Examples of secure data room solutions include systems such as Digify and DocSend, but there are hundreds available with some offering more security than others.

Data rooms are not as secure as you may think they are

So you think your documents are safe in a secure data room?  Companies that offer these services state that they ‘enable enterprises and outside collaborators to come together and share sensitive information easily and securely’.  Well easily might be true, but securely is another matter.

Many companies quote high security credentials or use terms such as ‘world-class security’ (whatever that means?), telling you that your data is stored on high security servers and encrypted with military grade encryption, that their systems are ISO certified, compliant with various standards, and there are multiple back-up systems protecting your data.  Well that certainly sounds secure, but it is really marketing hype that masks the real security issue.  Your documents being hacked or stolen from a server is the last of your worries if the document security system in place has major pitfalls.  There are many issues with secure data rooms including usablity.

So what is it they are not telling you about just how secure your documents really are?

The not so “safe” secure data rooms

The ability to share documents securely online with total ease of use is a security conundrum.  The easier things seem to be the greater the actual weaknesses.

What happens to documents after you upload them to the data room?

Firstly, to have your documents made available in a secure data room for viewing online, you must upload your unprotected files to a server.  What happens to those unprotected documents – are they backed up anywhere, are temp files created, and what happens if the encryption process fails?  These are all areas of concern because if a data room server is hacked it might just be that your unprotected documents will be too.

Loopholes in the ‘security’ of a secure data room

In order for users to view your secure documents they must navigate with their browser to a URL and login to a portal (or alternatively click on a link to a specific document).  Users have to be online to download a document (they can later be viewed offline) and enter a username and password each time to access the system.  Below we examine the failures of this approach.

  1. The login process
    A login process that relies on entering a username and password as a method of protecting documents is a not a great method as a basis for document security.  If I have a username and password to login to a system there is nothing stopping me sharing this information with someone else.  They can then log in to view any secure documents I am authorized to view.  There is nothing you can do to prevent this because credentials are not locked to a device – they can be used on any device that has a browser installed.  So although a username/password login process may be convenient for the user (assuming they don’t mind remembering yet more login details), it is not advisable as an entry point for a document security system.
  2. Locking documents to locations
    Some secure data room systems say they can lock documents to a specific location.  However, users can circumvent this by using a browser proxy.  On the other hand, with installed viewers, you can lock documents to specific devices – this makes it much more difficult for users to share secure documents (especially over the Internet) because they have to share the physical device.  Documents locked to devices can be additionally locked to country and IP locations to further enhance security and prevent document leakage.
  3. Zero installation = less secure
    Since secure data rooms don’t require users to install any software to view secure documents, there is nothing installed on the client device to control the operating system environment or to provide a secure environment (i.e. a controlled viewer) for a document to load in.  This is where the problem begins.  No software installed on the device means the system has to rely on browser technology such as Java and JavaScript and the obfuscation of this code to try and hide it from the user.  Either the PDF content has to be decrypted on the server, or the password sent with the PDF document to decrypt it – either way, this ensures a less secure environment that can be exploited by a hacker.
  4. JavaScript Security risks
    Many companies don’t allow Java/JavaScript technology to run in the browser due to high security risks – previous exploits of this technology have enabled hackers to run scripts in the browser to record information and take over a user’s computer.  For an example of how weak JavaScript-based browser controls are, see how easy it is to bypass Google Docs controls.  Adobe even recommends that you disable JavaScript in Adobe Reader due to the fact that it is deemed unsafe and is a known security risk – see PDF Security Issues.  And if companies block Java/JavaScript then your documents won’t load.
  5. Stopping screen grabbing
    You can’t stop screen grabbing if there is no software installed on the device.  The best you can do with Javascript is to prevent the use of certain keys (such as printscreen), but this does not prevent users using third party screen grabber applications to take screenshots of your secure documents.
  6. Printing to PDF, XPS and other file formats
    If you allow printing then users can print your secure documents directly to PDF and other file formats.  This is because the browser environment has no control over the printer driver.  The safest option is therefore to not allow users to print documents in a secure data room system but this may not be a convenient option.  And whilst you can watermark printed documents with user credentials, some file formats may not support these.
  7. Browser security
    Browser based viewers are easy to manipulate with script injections, in-line script editing, and browser plugins which can remove the security controls.

    Just as many companies have produced alternatives to the Adobe Acrobat PDF Reader, companies can also produce their own browsers which users can use to view your secure documents.  These browsers however may not obey the DRM controls you have applied because there is no reason for them to.  This is a current issue for Adobe Acrobat which is based on an honour system rather than a security based one when allowing DRM and other plugins to interact with its system.

  8. Offline use
    Having users always online (i.e. connected to the Internet) is great for document revocation – you can revoke users and documents instantly.  It may not be so great however for users – if a user needs to view your secure documents when travelling, what then?

    Most secure data room systems therefore let you choose whether you want to let users download documents or not.  However those documents have NO protection applied to them (so no expiry, print controls, tracking, etc.).  And watermarks in downloaded PDF files can be easily removed.

Is it possible to maintain usability while ensuring security?

When using secure deal rooms, data rooms to host your documents you need to consider how confidential your documents are and what risks you are willing to live with.

Web browser viewers are easy for users to use because they don’t have to install any software.  But they do have to login each time to view your protected documents and remember yet another set of credentials.

Installed viewers on the other hand only require the user to install the software once and then click on a link to register.  Documents are then transparently opened in the viewer if the user has been granted access.

An installed Viewer is the most secure option for secure document sharing.

Locklizard have implemented a full range of secure viewers (Secure document Viewers – which are best), allowing the best overall security solution to be matched to document requirements.  This is a step forward to allowing publishers to develop more thorough security profiles to match document sensitivity – you can create a properly secure data room while also enabling users to view documents both online and offline with full security.

If you want to further explore what document security issues you need to think about for secure document sharing then see PDF DRM Security – 10 things you should know.

 

Tags: data room security, document drm, document protection, document security, secure data room, secure deal room, secure document, secure document sharing, secure document viewers, secure documents, share documents securely, viewing documents securely
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Reddit
  • Share by Mail
https://www.locklizard.com/wp-content/uploads/2018/02/data-room-security.png 288 479 jofletcher /wp-content/uploads/2015/02/logo.png jofletcher2018-02-23 18:52:172022-12-09 22:46:58Are safe data rooms secure enough to share your sensitive data?

Free Trial

“Fantastic product… outstanding support.”

“We would recommend Locklizard to others”

“The clear leader for PDF DRM protection”

“Our ebook sales have gone through the roof”

“Simple & secure – protects IPR from theft”

Trusted by:

Protect IPR

See why thousands of companies use Locklizard to safeguard their documents and increase revenue streams.

  • Our Customers
  • Customer Testimonials
  • Customer Case Studies
  • Locklizard vs Competitors

Latest Posts

  • Amazon DRM & Kindle publishing is penalizing authorsMarch 10, 2023 - 6:51 pm
  • Adobe Experience Manager & Cloud Document SecurityFebruary 28, 2023 - 7:38 pm
  • How to prevent users removing security from PDF filesFebruary 20, 2023 - 7:40 pm
  • How to protect a Word document without a passwordFebruary 10, 2023 - 6:25 pm
  • Using Dynamic Watermarks to Protect DocumentsJanuary 31, 2023 - 7:13 pm
PDF DRM Features
  • Protect PDF files
  • Stop PDF sharing
  • Stop PDF copying
  • Restrict PDF editing
  • Add PDF watermarks
  • Disable PDF printing
  • Stop screenshots
  • Expire PDF files
  • Revoke PDF files
  • Lock PDF to devices
  • Lock PDF to IP
  • Track PDF opens

How To Guides

Prevent PDF security removal
Protect Word without password
Add a dynamic watermark
Password protect Google Doc
Add a watermark in Word
Make a PDF non editable
How to create a stamped PDF
How to prevent ebook piracy
Password protect a Word doc
How to protect a PDF securely
How to revoke document access
Change PDF security settings
How to disable printing of PDFs
Sell online courses securely
How to add security to a PDF
Encrypt a PDF without Acrobat
Share documents securely
How to prevent PDF sharing
Protect confidential documents
How to publish ebooks securely
How to restrict PDF editing
How to password protect a PDF
How to protect ebooks
How to sell Reports securely
How to make a PDF read only
How to send a PDF securely
How to watermark a PDF
How to lock a PDF from editing
How to encrypt a PDF
How to make a PDF expire
How to password protect a PDF
How to protect online courses
How to email a PDF securely

Try Safeguard today

Start protecting your PDF files and documents from sharing & piracy

PRODUCTS

Product Overview
Safeguard
Safeguard Enterprise

Add-ons

  • eCommerce API
  • Command Line
  • USB Protect
  • Web Publisher
  • Own Branding
  • Custom Email

Secure PDF Viewers

  • Web Viewer
  • USB Viewer

SECURITY FEATURES

Stop copying, editing, saving
Disable PDF Prints
Block Screenshots
Disable Copy Paste
Dynamic Watermarks
Expiry & Self Destruct
Revoke Documents
Device Locking
Location Locking
Track PDF Use

PRICING

Purchase & Pricing
Instant Quote

RESOURCES

FAQs
Locklizard Blog
Knowledgebase
Security Guides
White Papers
Viewer Demo
Videos

DOWNLOADS

Secure Viewers

  • Windows
  • Mac OS X
  • iOS
  • Android

Writers
Product Manuals
FREE Trial

DOCUMENT SECURITY

Share Documents Securely
Protect Online Courses
Stop Ebook Piracy
Document Encryption
Secure PDF Distribution
Protect Confidential Documents
Ebook DRM

Protect PDF Files

  • PDF Copy Protection
  • Lock PDF files
  • Encrypt PDF
  • Secure PDF
  • PDF DRM

INDUSTRY SECTORS

Training & Elearning
Publishing Ebooks
Publishing Standards
Online Libraries
Membership Associations
Engineering
Government
Healthcare
Mergers & Acquisitions
Secure Reports From Theft

  ABOUT US

About Us
Our DRM Technology

Customers

  • Case Studies
  • Testimonials

Locklizard vs Competitors

  • Secure Data Rooms

Company Brochure

  CONTACT

sales@locklizard.com
support@locklizard.com

Business Hours:
Mon – Fri: 8AM to 5PM EST
Tel (US): +1 800 707 4492
Tel (UK): +44 (0)1292 430290

© Copyright 2004-2022 Locklizard Limited. All rights reserved.Privacy Policy|GDPR Policy|Cookie Policy|SITE MAP

Scroll to top