Is dataroom security adequate for secure document sharing?

Data room security & secure document sharing.

Many companies look to online data rooms or virtual data rooms for securing documents with third parties.  But are they as secure as they appear?  If you are looking to share documents securely in the cloud then be careful what you are buying.

Data room security

So you think your documents are safe in a secure data room?  Companies that offer these services state that they ‘enable enterprises and outside collaborators to come together and share sensitive information easily and securely’.  Well easily might be true, but securely is another matter. Many companies quote high security credentials or use terms such as ‘world-class security’ (whatever that means?), telling you that your data is stored on high security servers and encrypted with military grade encryption, that their systems are ISO certified, compliant with various standards, and there are multiple back-up systems protecting your data.  Well that certainly sounds secure, but it is really marketing hype that masks the real security issue.  Your documents being hacked or stolen from a server is the last of your worries if the document security system in place has major pitfalls.

So what is it they are not telling you about just how secure your documents really are?

The not so secure data rooms

The ability to share documents securely online with total ease of use is a security conundrum.  The easier things seem to be the greater the actual weaknesses.

Uploading documents

Firstly, to have your documents made available in a secure data room for viewing online, you must upload your unprotected files to a server.  What happens to those unprotected documents – are they backed up anywhere, are temp files created, and what happens if the encryption process fails?  These are all areas of concern because if a data room server is hacked it might just be that your unprotected documents will be too.

Viewing documents securely

In order for users to view your secure documents they must navigate with their browser to a URL and login to a portal (or alternatively click on a link to a specific document).  Users have to be online to download a document (they can later be viewed offline) and enter a username and password each time to access the system.  Below we examine the failures of this approach.

  1. The login process
    A login process that relies on entering a username and password as a method of protecting documents is a not a great method as a basis for document security.  If I have a username and password to login to a system there is nothing stopping me sharing this information with someone else.  They can then log in to view any secure documents I am authorized to view.  There is nothing you can do to prevent this because credentials are not locked to a device – they can be used on any device that has a browser installed.  So although a username/password login process may be convenient for the user (assuming they don’t mind remembering yet more login details), it is not advisable as an entry point for a document security system.
  2. Locking documents to locations
    Some secure data room systems say they can lock documents to a specific location.  However, users can circumvent this by using a browser proxy.  On the other hand, with installed viewers, you can lock documents to specific devices – this makes it much more difficult for users to share secure documents (especially over the Internet) because they have to share the physical device.  Documents locked to devices can be additionally locked to country and IP locations to further enhance security and prevent document leakage.
  3. Zero installation
    Since secure data rooms don’t require users to install any software to view secure documents, there is nothing installed on the client device to control the operating system environment.  This is where the problem begins.  No software installed on the device means the system has to rely on browser technology such as Java and JavaScript and the obfuscation of this code to try and hide it from the user.  Also, many companies don’t allow Java/JavaScript technology to run in the browser due to high security risks – previous exploits of this technology have enabled hackers to run scripts in the browser to record information and take over a user’s computer.  Adobe even recommend that you disable JavaScript in Adobe Reader due to the fact that it is deemed unsafe and is a known security risk.
  4. Stopping screen grabbing
    You can’t stop screen grabbing if there is no software installed on the device.  The best you can do with Javascript is to prevent the use of certain keys (such as printscreen), but this does not prevent users using third party screen grabber applications to take screenshots of your secure documents.
  5. Printing to PDF, XPS and other file formats
    If you allow printing then users can print your secure documents directly to PDF and other file formats.  This is because the browser environment has no control over the printer driver.  The safest option is therefore to not allow users to print documents in a secure data room but this may not be a convenient option.  And whilst you can watermark printed documents with user credentials, some file formats may not support these.
  6. Browser security
    Just as many companies have produced alternatives to the Adobe Acrobat PDF Reader, companies can also produce their own browsers which users can use to view your secure documents.  These browsers however may not obey the DRM controls you have applied because there is no reason for them to.  This is a current issue for Adobe Acrobat which is based on an honour system rather than a security based one when allowing DRM and other plugins to interact with its system.
  7. Offline use
    Having users always online (i.e. connected to the Internet) is great for document revocation – you can revoke users and documents instantly.  It may not be so great however for users – if a user needs to view your secure documents when travelling, what then?

Usability vs document security

When using a secure data room to host your documents you need to consider how confidential your documents are and what risks you are willing to live with.

Web browser viewers are much easier for users because they don’t have to install any software.  But they do have to login each time to view your protected documents and remember yet another set of credentials.

Installed viewers on the other hand only require the user to install the software once and then click on a link to register.  Documents are then transparently opened in the viewer if the user has been granted access.

An installed Viewer is the most secure option for secure document sharing.

Locklizard have implemented a full range of secure viewers (Secure document Viewers – which are best), allowing the best overall security solution to be matched to document requirements.  This is a step forward to allowing publishers to develop more thorough security profiles to match document sensitivity.

If you want to further explore what document security issues you need to think about for secure document sharing then see PDF DRM Security – 10 things you should know.