Locklizard
  • Products
    • DRM software
      • Safeguard PDF Security
      • Safeguard Enterprise
      • DRM Software Features
        • Restrict PDF use
        • Watermark PDF
        • Expire PDF
        • Revoke PDF
        • Disable Print
        • Track PDF
    • Secure PDF Viewers
      • Viewer Overview
      • Viewer Demo
      • Web Viewer
      • USB Viewer
    • Add-ons
      • All Add-ons
      • Web Publisher
      • Safeguard Portable USB
      • Ecommerce API
      • Command Line
      • Own Branding
      • Custom Email
    • Purchase & Pricing
    • Book a Demo
  • Solutions
    • Industry sectors
      • All Industries
      • Auctions
      • Engineering
      • Government
      • Healthcare
      • Libraries
      • Mergers & Acquisitions
      • Publishing Ebooks
      • Publishing Media
      • Publishing Standards
      • Membership Associations
      • Reports & Analysis
      • Tax Advisors
      • Training & Education
    • Vertical sectors
      • All Sectors
      • Board Documents
      • Internal Company Use
      • Large Publishers
      • Small Publishers
    • Business processes
      • Processes Overview
      • Secure Document Sharing
      • Sell Documents Securely
      • Document Retention
      • Prevent Document Leakage
      • Internal Document Control
      • Regulatory Compliance
      • Secure PDF Forms
      • Secure Data Rooms
      • Data Room Security
      • Application Integration
    • Business benefits
    • Regulatory compliance
      • Compliance Overview
      • NIST & DFAR Compliance
  • Downloads
    • Free 15 day trial
    • Viewers
      • Windows Viewer
      • Mac Viewer
      • iOS Viewer
      • Android Viewer
    • Writers
    • Manuals
  • Support
    • Support
    • FAQs
    • Guides
    • Videos
    • White papers
  • About Us
    • Contact us
    • Our customers
      • Customer Overiew
      • Case Studies
      • Testimonials
    • Our technology
      • What is DRM?
    • Blog
    • Why Locklizard?
      • Competitors
      • PDF DRM protection
      • Password protect PDF
      • Product Awards
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu

Access controls, encryption or DRM for Document Security?

in Blog, Document Security, DRM, PDF Security

What Document security method is best?

There are three major classes of controls used by computer systems to protect access to information – Access controls, Encryption, and Digital Rights Management (DRM).  But which one is the right one for your requirements and why?

Document access controls

The traditional control mechanism in computer systems has been to apply access control to the files holding the information.  So you can stop people reading, writing, modifying, executing and deleting files, and that is well established and deeply embedded into operating systems everywhere.

But if someone has the right to read, then likely they can either copy the physical file or open the file and copy the content into another file or device.

And it is the content of the files that is important, the file is simply a container holding whatever you put in it – and it doesn’t care what it is.  You can call a file anything you like.  A real case of one size fits all.

But then, as a Mr Snowden (CIA retired) so aptly demonstrated, it’s all down to the content.  He had the ability to make the copies and then take them all away.  And, being an insider, he had the access.  And a body of experience says, it is the insiders who have all the knowledge of file contents, access to them, and ready ability to collect files and send them wherever they will, and they are the single biggest risk to the business.

So access controls, although essential in an operating system, do not go far enough in protecting the content of the files that they are used for managing.

Document encryption

The bedrock of data security for many years now has been the use of encryption to protect data from theft and also to prevent falsification and prove authenticity.  Encryption was around back before the time of Julius CAESar, and has had a lot of work done to improve it down the years.

Essentially, you encrypt something using a secret key.  Anyone who has that secret key can decrypt it.  Having decrypted it the recipient can do what they like with it because the encryption control has been removed.

This is very different from access control because having the ability to read or change the file doesn’t mean anything unless you can decrypt the file.  (Delete still works, but it’s not likely what you are wanting to do with the file.)  So encryption is providing a number of ‘new’ controls that are interesting and powerful, but do they achieve your requirements?

The single biggest problem with pure encryption is that the recipient is able to do anything they like with the file they have decrypted.  That is fine if you are a bank and you can control very precisely who gets to access which secret keys, and you are processing very defined file formats (SWIFT transfers, for instance) and you can control your local environment very carefully indeed.  Because once the content has been released from the encryption there is no control over the data beyond processing very promptly and deleting the uncontrolled copy before anyone gets the chance to steal it.

But encryption on its own is not able to fulfil more complex control requirements.

Document DRM (Digital Rights Management)

The DRM concept was initially created to enable sound and audio-visual (music and film) copyright owners to license the use of their products.  Although these were complicated they were essentially about licensing models on a pay per view type basis, and licensing distributers to ‘broadcast’ films and music under sub-licenses.  Amongst the big players in this league are Sony, Intertrust and Microsoft.

But document DRM is considerably more complex in a rather different way from the multimedia market.  It revolves around the specific content of a document rather than the abstraction of protecting a generic film being processed on DVD or streamed over the network.

Multimedia providers are only interested in the content of the file to the extent that they can claim a fee for publishing it, and that they display the right content warnings for the consumer marketplace.

Document publishers have far more to think about, including:

  • When is the first date it can be viewed
  • When does it stop being available
  • Can I stop access to it at any time, globally and user by user
  • How many times can a user read the document
  • Can I stop printing
  • How many times can the document be printed
  • Can I link documents together into licensable groups
  • Can I watermark viewed and printed copies
  • Can I stop redistribution
  • Can I stop simple screen grabbing and copying
  • Can I check if the document has been read or printed
  • Can I make the document display how I want
  • Can I enforce the locations from where the document can be used
  • Can I be sure it will look the same on different platforms and printers

As you can see, the demands for document DRM are significantly larger than those for a film (although maybe the film industry would like some of these?) and require a granularity of many controls in order to achieve the document publisher’s objectives.

In fact, the problem with encryption on its own was the fact that it could not address different risks outside of its ability to protect content from disclosure once it had been revealed.

So there are distinct demands that document DRM expects to achieve.  And it does it by building on what went before rather than trying to be disruptive and invent a new order.

Document DRM needs the file access mechanisms of the operating system.  And it also needs the use of encryption.  The critical features of content protection, authentication and verification of source are the building blocks.  But document DRM binds other more granular controls (such as those I listed above) to the document(s) so that the controls cannot be forged or changed, and can be applied.

And that brings you to the question of how does a document DRM system actually operate in order to meet the control specifications?

Firstly, document DRM must be able to work both online and offline (films are usually online using streaming).  So there must be enough controls embedded in the document to control it without it having to ‘phone home’ in order to operate.  There are purely online control models for documents and they can be appropriate for Internal Resource Management (IRM) where a corporate body wants to restrict use to within the corporate network but they may be less suitable when selling documents to unknown purchasers.

Secondly, document DRM controls must be capable of being reset – with the best will in the world things can always go wrong or get delayed and the controls limiting reading, printing and so on need to capable of being changed dynamically, as does the ability to stop (and restart) an authorised user from continuing to have access to one or more documents.  This is a more subtle control than typically used in film protection.

Thirdly, document DRM must be able to work with the commonest computing platforms used by both business and the consumer.  This may be achieved by using a common interface, such as the browser, which is fairly device agnostic (although you may not always get exactly the same document rendition on each platform, and formats such as PDF may go a long way in achieving device independent rendering and printing).  As an alternative the document DRM supplier may have custom viewers that can process DRM protected files and enforce their controls.  Browser based viewers demand that the user be connected to the Internet for the (cloud) system to function.  As a result, those systems can implement changes to controls immediately.  Installed viewers offer the ability to use controlled documents offline – not everyone is (or wants to be) permanently online, and publicly available WiFi is still not a universal feature (although some broadband suppliers ship routers with WiFi on and a public WiFi gateway installed on the device).

Fourthly document DRM should be able to work fully offline.  This would be using a USB or flash drive which would carry all the licensing, controls and DRM protected documents.  In this way the user would be completely independent of the supplier, and the documents on the device would continue to be available unless the device itself failed.  The life expectancy according to manufacturer Flashbay could be between 60 to 80 years in perfect conditions.  More likely it would be a few years given how they are normally handled.

Document Security conclusions

There is an expectation that computers have been controlling access for documents for years now, and it should be a done deal.  But it turns out that the normal computer access controls are primitive when compared with today’s requirements.

Encryption technology is needed as the foundations of a system for controlling access to and use of document (file) content.

But in order to provide a fully featured and overarching control structure you need to implement document DRM.  We have outlined many of the requirements placed on document DRM and some of the architectures needed if an implementation of document DRM is going to produce commercially useful results both for publishers and users.

So we conclude that if you need to protect the content of a file, not just the file itself, then you will need to have a document DRM system in place to enforce your controls.

Tags: document access control, document control, document drm, document encryption, document protection, document security, protect documents
Share this entry
  • Share on Facebook
  • Share on X
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Reddit
  • Share by Mail

Free Trial

“Fantastic product… outstanding support.”

“We would recommend Locklizard to others”

“The clear leader for PDF DRM protection”

“Our ebook sales have gone through the roof”

“Simple & secure – protects IPR from theft”

Trusted by:

Protect IPR

See why thousands of companies use Locklizard to safeguard their documents and increase revenue streams.

  • Our Customers
  • Customer Testimonials
  • Customer Case Studies
  • Locklizard vs Competitors

Latest Posts

  • Cloud Document Collaboration & Document SecurityFebruary 18, 2025 - 10:22 am
  • Stopping Screen Sharing & Recording of DocumentsJanuary 30, 2025 - 10:58 pm
  • ISO 9001 and Document SecurityJanuary 8, 2025 - 9:02 pm
  • How to expire links for file sharing and downloadsDecember 17, 2024 - 10:14 pm
  • Digital Libraries, Controlled Digital Lending & eBook DRMNovember 30, 2024 - 4:19 pm
PDF DRM Features
  • Protect PDF files
  • Stop PDF sharing
  • Stop PDF copying
  • Restrict PDF editing
  • Add PDF watermarks
  • Disable PDF printing
  • Stop screenshots
  • Expire PDF files
  • Revoke PDF files
  • Lock PDF to devices
  • Lock PDF to IP
  • Track PDF opens

How To Guides

How to stop sharing screen
How to expire download links
How to sell study notes
How to print to PDF
How to protect Autocad files
How to protect a document
How to unlock a protected PDF
How to expire Excel files
How to watermark in Excel
How to protect Excel files
Save a Google Doc as PDF
How to share a PDF online
How to insert PDF into Word
How to edit a protected PDF
How to convert ePub to PDF
How to prevent PDF download
How to share Google Docs
How to prevent PDF download
Enforce do not copy distribute
Share sell PDF in WordPress
How to remove a watermark
How to add security to PDF
Publish digital publications
How to share a PDF as a link
How to timestamp a PDF
Insert PDF into Google Doc
How to convert Word to PDF
How to convert PDF to Word
Share securely in SharePoint
How to encrypt email in Gmail
How to encrypt PDF files
How to recall unsend an email
How to watermark PowerPoint
How to lock a Word document
How to santize PDF files
How to lock a Google doc
Prevent PDF security removal
Protect Word without password
Add a dynamic watermark
Password protect Google Doc
Add a watermark in Word
Make a PDF non editable
How to create a stamped PDF
How to prevent ebook piracy
Password protect a Word doc
How to protect a PDF securely
How to revoke document access
Change PDF security settings
How to disable printing of PDFs
Sell online courses securely
How to add security to a PDF
Encrypt a PDF without Acrobat
Share documents securely
How to prevent PDF sharing
Protect confidential documents
How to publish ebooks securely
How to restrict PDF editing
How to password protect a PDF
How to protect ebooks
How to sell Reports securely
How to make a PDF read only
How to send a PDF securely
How to watermark a PDF
How to lock a PDF from editing
How to encrypt a PDF
How to make a PDF expire
How to password protect a PDF
How to protect online courses
How to email a PDF securely

Try Safeguard today

Start protecting your PDF files and documents from sharing & piracy

PRODUCTS

DRM Software
Safeguard
Safeguard Enterprise

Add-ons

  • eCommerce API
  • Command Line
  • USB Protect
  • Web Publisher
  • Own Branding
  • Custom Email

Secure PDF Viewers

  • Web Viewer
  • USB Viewer

SECURITY FEATURES

Stop copying, editing, saving
Disable PDF Prints
Block Screenshots
Disable Copy Paste
Dynamic Watermarks
Expiry & Self Destruct
Revoke Documents
Device Locking
Location Locking
Track PDF Use

PRICING

Purchase & Pricing

RESOURCES

FAQs
Locklizard Blog
Knowledgebase
Security Guides
White Papers
Viewer Demo
Videos

DOWNLOADS

Secure Viewers

  • Windows
  • Mac OS X
  • iOS
  • Android

Writers
Product Manuals
FREE Trial

DOCUMENT SECURITY

Share Documents Securely
Protect Online Courses
Stop Ebook Piracy
Document Encryption
Secure PDF Distribution
Protect Confidential Documents
Ebook DRM

Protect PDF Files

  • PDF Copy Protection
  • Lock PDF files
  • Encrypt PDF
  • Secure PDF
  • PDF DRM

INDUSTRY SECTORS

Training & Elearning
Publishing Ebooks
Publishing Standards
Online Libraries
Membership Associations
Engineering
Government
Healthcare
Mergers & Acquisitions
Secure Reports From Theft

  ABOUT US

About Us

Our DRM Technology

  • What is DRM?

Customers

  • Case Studies
  • Testimonials

Locklizard vs Competitors

  • Secure Data Rooms

Company Brochure

  CONTACT

sales@locklizard.com
support@locklizard.com

Business Hours:
US: 8AM to 17.00PM EST
UK: 9AM to 17.30PM GMT

© Copyright 2004-2025 Locklizard Limited. All rights reserved.Privacy Policy|GDPR Policy|Cookie Policy|SITE MAP

Link to: Securing documents in the cloud Link to: Securing documents in the cloud Securing documents in the cloudLink to: Controlling membership access with Document DRM Link to: Controlling membership access with Document DRM Controlling membership access with Document DRM
Scroll to top Scroll to top Scroll to top