Safeguarding classified information

How to securely safeguard classified information & what solution to use to do it

Classified information can be safeguarded by using Locklizard to stop sharing, copying, editing, and printing.  Automatically expire and revoke access, and track use.

Movies make classified information sound exciting, but those who work with it every day will know that’s rarely the case.  Though the phrase conjures images of top-secret documents, most classified information does not fall into this category.

Though the system varies, generally classified information falls into one of three categories:

• Official:

  The majority of documents will be classified as official.  Anything that relates to public sector business, operations, and services will most likely fall into this category.  This includes emails between colleagues, intranet posts, supplier contracts, production, and non-production, etc.

• Secret:

  Secret documents are rare.  The classification usually applies only to information that could compromise the security or prosperity of the country should it fall into the wrong hands.  It’s information that could be the target of nation-state hackers – military capabilities, secretive international negotiations, etc.

• Top secret:

  Top secret documents, if released, would “directly and immediately” threaten a nation’s national security if leaked.  The threshold for classifying a document as top secret is very high.  Examples of historic top-secret documents include those pertaining to the enigma machine in WW2, soviet spies, the US UFO program, or satellite intelligence capabilities.

Of course, while these are the basic categories of classified information, there can be subcategories and additional stipulations, such as official-secret, information that cannot be read by non-citizens, etc.

Managing all of these documents with differing requirements and people that can access them is challenging.  A “top-secret” clearance doesn’t mean somebody can access all top-secret documents – they still need to show a legitimate purpose for needing to do so.

Access, then, needs to be controllable on an individual level.  Not only that, a single document may contain information that is of a mixture of classifications – in such a case, non-removable redactions are required.  And, on top of all that, a classification is not static.  Someone may reclassify documents or specific material within documents due to current events, classification errors, or because they are no longer considered sensitive.

  Protecting information from unauthorized disclosure

Due to these factors, the demands on document protection software are high.  There are very few systems that can do all of these things effectively – and insecure solutions like Adobe Acrobat password protection certainly can’t.  Primarily, there are three types of solutions that can adequately control the flow of documents.

  Access control systems

Access control systems like Windows Active Directory (AD) consist of a set of services that run on Windows server and manage access to networked resources such as computers, files, and printers.  They can usually be bundled with services to encrypt sensitive documents in transit and at rest to meet confidentiality requirements.

However, while most top secret or secret information should not be shared with outside parties, the vast majority of information with official classification may need to be.  Modern governments outsource a lot of work to contractors and the details of those contracts can be classified.  Access control systems are internal.  They have no mechanism to securely share information with those outside of your system, even if they have valid clearance.

  Secure collaboration tools

Secure collaboration solutions promise to let you have your cake and eat it, too.  They claim to be able to allow authorized users to co-create documents while preventing unauthorized ones from copying, sharing, editing, and printing.  This is basically a pipe dream.  It is not possible to use SharePoint to share with external users securely without additional protection, nor Google Docs, Box, or other services.  The document controls they utilize are easy to bypass and users can just share their log-in credentials with others.

  Enterprise Rights Management system

Document Rights Management systems such as Azure RMS can be a good solution to restrict the flow of classified documents.  It’s a cloud-hosted policy-driven system that lets organizations classify documents and create policies that determine what document protection is applied.

It has several advantages over Active Directory RMS, such as support for mobile devices, cloud authentication, and document tracking and revocation.

However, it still shares some of the same drawbacks.  It is costly and complex to set up and expensive to maintain.  It’s only useful for protecting documents from Windows applications, with support mostly for Microsoft’s Office suite and some limited Adobe support.  It’s also not built for external sharing.  Though users can be more easily added to the system if they have a Microsoft account or are using Azure AD authentication, this won’t work for every contractor or third party.

  DRM systems

DRM systems like Locklizard Safeguard provide comprehensive PDF protection with far less complexity and overhead.

How it works

Organizations can group documents into different “publications” (classifications) while maintaining the ability to modify users’ rights on an individual basis (allow some to print, but not others, etc.).

Unlike other solutions, there’s very little configuration to speak of.  All key management is handled transparently and securely by the system, and the document is protected locally after creation with AES 256-bit encryption and anti-editing, printing, copy/pasting, and screenshotting measures.

To access the document, users require an administrator to grant them access in the Safeguard Admin system – adding a user automatically sends a license file along with a link to download the Safeguard Secure Viewer application.  To access the document, the user needs to activate the license on their device, at which point it cannot be used by anybody else.  They then need to open the document in the Secure Viewer application, which enforces the document controls.

The encryption keys are securely and transparently relayed from the licensing server to the user’s device and housed in an encrypted keystore that they cannot modify or share.  The documents’ contents, meanwhile, are only ever decrypted in memory, making it very difficult to extract their information.

With Safeguard, then, organizations can properly safeguard sensitive information while maintaining external sharing capabilities and the ability to send classified information securely via email.

  Protecting classified information from unauthorized disclosure

Locklizard Safeguard offers a variety of functionality well-suited to protect official, secret, and top secret documents:

  Destroy classified information with expiry

According to the UK’s Ministry of Justice, it must be possible to irreversibly erase or destroy classified data from all systems.  When destroying paper copies of documents, it may be enough to track down each copy and burn it.  Digital document destruction is much more complex.  There is no limit to the number of copies that can be made.  You would have to track a document down to every email sent, every upload to a cloud service, every backup, every folder, USB drive, etc.  It’s just not feasible, especially when documents are being stored offline.

A better method is to destroy the classified information with expiry.  Locklizard Safeguard lets you revoke documents manually, or automatically after a certain number of days, on a specific date, after a certain number of prints, or after a certain number of views.  We can achieve this on both a global and per-user level and works regardless of where the user has stored the document.

  Lock documents to devices and locations

As well as controlling access via single-use (or a set number of uses) license files, Locklizard lets organizations lock documents to specific IP addresses and locations.  This is important because secret and top-secret information must only be shared with defined recipients through secure infrastructure.  Locking documents to specific devices and locations ensures that a third party will not be able to view the file even if it is extracted from a secure location.

  Offline capabilities

Secret and top-secret information should be stored on computers and networks that are physically isolated from the internet and other networks.  Though PDFs protected with Locklizard cannot be opened by unauthorized users, this is still important due to the risks of spyware and other malware.

For use cases such as these, Locklizard offers various options for offline access.  You can check with a remote server whether the machine is allowed to view the document:

• Only when it is first opened
• After a set number of days
• On each open
• After x days and never again
• Never, using fully offline USB protection

The final option is powered by Safeguard Portable, which loads files and a secure PDF viewer onto a USB stick so that nothing has to be downloaded or online.  The files will not work if transferred to another device or USB stick.

  View and print logging

Organizations can properly safeguard classified information with Locklizard by tracking when and where users open and print files, as well as the devices and operating systems that are in use.  Admins can therefore check for unusual usage and revoke access to the document if necessary.  This only works if online access is allowed, and so is most suitable for official documents.

   Irremovable, dynamic classification watermarks

As well as taking physical and technical measures to protect information, organizations must make sure personnel are aware of their responsibilities.  Secret, Top Secret, and Official watermarks are a common way of reminding employees of their commitments.

Unlike most document watermarking systems (Word, Adobe Acrobat, etc.), Locklizard watermarks cannot be removed, and you can optionally use dynamic watermarks with user identifying information.  Rather than having to manually add user information to each document for every user, dynamic watermarks automatically insert this information at view or print time.  Watermarks can be different depending on whether the document is being viewed digitally or in physical form and can be placed anywhere on the page, including behind or on top of different layers of content.

  The best choice for safeguarding classified information

Protecting classified information from unauthorized disclosure is difficult.  Though few solutions have the capabilities to provide all of the elements required, the two that stand out are (ERM Enterprise Rights Management and (DRM Digital Rights Management) systems.

Compared to traditional ERM systems, Locklizard Safeguard DRM is simpler to set up and manage and better geared towards external sharing.  Organizations can share sensitive and classified documents securely without insecure password or plugins, while enforcing access, location, expiry, and usage controls.

A combination of strong encryption, licensing, and DRM controls ensure that only authorized users can access documents and that their contents can not be extracted and shared with others.

If your business needs the best solution for protecting classified information from unauthorized disclosure, take a free 15-day trial of our PDF DRM software.

  FAQs

What does classified information mean?

Classified information refers to any material that a government body believes to be sensitive and in need of protection.  Exactly what should be classified and what should not varies depending on the country and government body.

Where should DoD employees look for guidance on safeguarding classified information?

DoD employees should look at the NIPSOM manual and Executive Order 13526 for information on safeguarding classified information.

How do you safeguard classified information if you’re a contractor?

Contractors should get in touch with the relevant government body to determine the steps they must take to safeguard classified information.  Beyond document protection with solutions like Locklizard, there will be certain physical and technical requirements the contractor must abide by when handling sensitive information.

Can Adobe Acrobat protect classified information?

No. Adobe Acrobat uses insecure password protection to attempt to prevent the opening of encrypted documents.  Its editing and printing controls are even worse and can be removed in seconds with free online tools.

Is it possible to send classified information securely via email?

Yes. Documents with the official classification are sent via email every day.  They must, however, meet certain standards, using strong encryption to protect them in transit and at rest.  Locklizard allows organizations to do so whilst also preventing unauthorized sharing, copying and editing, after the document reaches its destination.

Which level of classified information could cause damage?

Any level of classification could cause damage.  Official documents could cause damage more broadly, whereas secret and top-secret documents will cause damage to the country’s security or prosperity.

Is it illegal for journalists to publish classified information?

In many cases and countries, the publication of classified information by journalists is protected by freedom of press legislation.  The bottom line is that should classified information leak, no matter how sensitive, a media blackout is far from guaranteed.

Should I remove the metadata from my classified document?

It’s a good idea to remove any identifying metadata and annotations from your document before publication to protect the creator, provide less context about the document’s lifecycle, and ensure no notes containing confidential information are left over from the collaboration process. You can read our blog on how to remove metadata from a PDF for information on how to achieve this.