NORTH AMERICA:  
800 707 4492
UK & EUROPE:  
+44 (0) 1292 430290
sales@locklizard.com
Locklizard
  • Products
    • DRM software
      • Safeguard PDF Security
      • Safeguard Enterprise
      • DRM Software Features
        • Restrict PDF use
        • Watermark PDF
        • Expire PDF
        • Revoke PDF
        • Disable Print
        • Track PDF
    • Secure PDF Viewers
      • Viewer Overview
      • Viewer Demo
      • Web Viewer
      • USB Viewer
    • Add-ons
      • All Add-ons
      • Web Publisher
      • Safeguard Portable USB
      • Ecommerce API
      • Command Line
      • Own Branding
      • Custom Email
    • Purchase
    • Book a Demo
  • Solutions
    • Industry sectors
      • All Industries
      • Auctions
      • Engineering
      • Government
      • Healthcare
      • Libraries
      • Mergers & Acquisitions
      • Publishing Ebooks
      • Publishing Media
      • Publishing Standards
      • Membership Associations
      • Reports & Analysis
      • Tax Advisors
      • Training & Education
    • Vertical sectors
      • All Sectors
      • Board Documents
      • Internal Company Use
      • Large Publishers
      • Small Publishers
    • Business processes
      • Processes Overview
      • Secure Document Sharing
      • Sell Documents Securely
      • Document Retention
      • Prevent Document Leakage
      • Internal Document Control
      • Regulatory Compliance
      • Secure PDF Forms
      • Secure Data Rooms
      • Data Room Security
      • Application Integration
    • Business benefits
    • Regulatory compliance
      • Compliance Overview
      • NIST & DFAR Compliance
  • Downloads
    • Free 15 day trial
    • Viewers
      • Windows Viewer
      • Mac Viewer
      • iOS Viewer
      • Android Viewer
    • Writers
    • Manuals
  • Support
    • Support
    • FAQs
    • Guides
    • Videos
    • White papers
  • About Us
    • Contact us
    • Our customers
      • Customer Overiew
      • Case Studies
      • Testimonials
    • Our technology
      • What is DRM?
    • Blog
    • Why Locklizard?
      • Competitors
      • PDF DRM protection
      • Password protect PDF
      • Product Awards
  • Search
  • Menu Menu

Are Data Rooms Secure?

in Blog, Document Security, DRM, PDF Security

The Hidden Truth Behind ‘Secure’ Data Rooms – are they Snake Oil?

Secure data room systems don’t stop users sharing documents.  Here we cut through the hype and explain why they are useless for secure document sharing.

Secure Virtual Data Rooms & Data Room Security

Some people believe that smoking is not bad for you or that the earth is flat, while others equally believe that secure data rooms are a safe way to securely share files and documents.  Here we explain why that is just not true.

Is a secure data room really secure?

Like any marketing term, it all depends on how you define ‘secure’ and what parts of the system are deemed secure in order to obtain the ‘secure’ label.

There is only one question you need to ask a secure data room provider – “Does your system stop users sharing documents?”.

The truthful answer to that question will be always be No.  Authorized users can share their login credentials or links with other non-authorized users and therefore your documents.

Data Room Security – most secure virtual data room, highly secure data room and other meaningless jargon

Most ‘secure’ data rooms make a big thing about how secure their data (server) systems are with terms such as ‘most secure virtual data room’, ‘most secure data room’, ‘highly secure data room, etc.  It is completely meaningless.

Many secure virtual data room or v-rooms, cloud hosted secure data room or secure virtual data room systems publish their security credentials and certification credentials on their web sites to show you just how secure they are.  Something along the lines of:

ISO/IEC 27001:2013 is widely considered the gold standard in information security management systems.

That sounds important and secure right?  Does this mean it stops authorized users sharing your documents with non-authorized users?  Does any claim provided by a secure data room state this?  NO.

So why are these claims made?  They are there to make you believe their systems are fit for purpose (whatever that might be).  It is the equivalent of a food manufacturer concentrating solely on how healthy their cereal bar is because it contains 0% fat when it is 80% sugar.  Or a housing developer displaying a fire certificate for cladding on a house when it is situated in a flood plain and 12 feet away from a river.  In other words, you might be being a bit misled.

In other words, secure data rooms are not as secure as they might first seem.

Is encryption of data-at-rest in a secure room important?

Secure data room systems say they are secure because they store your data encrypted at rest on a secure backbone (e.g. AWS hosted server) that is itself certified.  That’s just as well since if your documents are being decrypted on the server before being delivered to the browser, that could mean thousands of temporary files containing your document content just sitting there in the clear.  You would therefore hope that the server hosting these could not be readily hacked and that temporary files are cleaned up (i.e. deleted) after use.

So yes, encryption of data at rest in a secure data room is important to stop hackers gaining access to your documents, but it is just one component of data room security.

Is it safe to store sensitive documents in the cloud?

If you have confidential or sensitive business documents you might want to question why you would want to upload them to someone else’s server as unprotected files.  Even if they are encrypted, what happens to your original unprotected documents – are they definitely deleted and are any temp files left over from the process?

A more sensible approach would to not let them leave your computer or domain to begin with, protect them locally and then distribute protected documents as you see fit (this may or may not include uploading them to a cloud server).  However this is not what secure data room systems allow you to do.

Can a data room that relies on a login & password ever be secure?

Here is where every secure data room falls apart.

Let’s face it, any system that relies on a login system where a username and password is manually entered is clearly not very secure.  If your objective of using a secure data room is for secure document sharing (i.e. making sure only specific users can open your documents) and yet users can share their login credentials with others (and therefore your documents) then that purpose has already been defeated.

Most secure data room systems don’t even bother limiting how many instances of the same user credentials are being used at the same time.  So for example, user ‘Jo Bloggs’ could be logged in 30 times from different locations at the same time and you would never know.

Can Two Factor Authentication (2FA) provide foolproof security?

Some secure virtual data room solutions claim that their system stops sharing by using 2FA as an additional security measure.  Even if you extend the login process with 2FA, users can forward that information to others – you cannot prevent this.  Some systems for example require users to enter their email address again when clicking on a link to a document – they then click on a second link to identify themselves as the email owner (this link is sent to the email address they enter) – but they can still give that second link to other users by forwarding the email.  The same is true of a PIN or any other form of secondary validation.

A much more sensible and secure approach to the login process would be locking documents to devices so they cannot be shared with others, but this is not achievable in a browser environment where no software is installed on the client.

Can document tracking provide accountability?

Ha I hear you cry, we can track what documents a user has opened and see if this is always from the same location (via the IP address).

If you have a lot of users using the system, that is a lot of tracking work to do.

You are also are assuming that only the authorized user (you are not actually tracking a specific user, just someone who has used those login credentials) has opened those documents.

And then there is the IP information and what that relates to.  Here we need to have a quick lesson in browser proxies and VPNs.  Most anti-virus software has a proxy installed as standard, enabling users to browse the web securely – just choose your location and the system will automatically assign a different IP address for you each time.  With VPN systems you get to choose a dedicated IP address (or static IP) and multiple users can use the same VPN.  So clearly the tracking data is not worth the paper it is written on – so it is therefore lucky that this information is just digital.

On a different note, many users regularly change IP address, and/or share the same IP address with many other users at the same time.  Also switching from wifi to mobile data changes a user’s IP address.  And most home internet connections change IP addresses daily.  So clearly IP tracking cannot be relied upon.

Are browsers effective in ensuring data security?

Not only are browser environments inherently slow (bad luck if you have either large or complex documents) they are also highly insecure.

They were not built with security in mind and code in the browser can be easily manipulated using third party plugins, JavaScript, and direct debugging (Developer mode).  So DRM controls you thought were being enforced (usually by the use of JavaScript) could be bypassed without you even knowing about it.  For an example of how insecure JavaScript-based browser controls are, see how easy it is to bypass Google Docs security

In addition, there is a limit to what you can control, and stopping screen grabbing and printing to PDF is not possible.

  • High Quality Screenshots
    Most users have some type of screen grabbing application installed on their computer. Whether this is a dedicated program such as Snag-it, a Paint editing program, or just Windows Snipping Tool.  All do a good job of taking high-quality screenshots of document content and secure data room systems can do nothing to prevent this with their limited control over the browser.
  • Printing to PDF
    There may be occasions when you want to allow printing so users have a physical copy of a document. The bad news if you let users do this from the secure data room system since they can just print to a file driver (say PDF) instead of a physical printer.  Any protection is automatically removed and users now have an unprotected PDF document to use as they wish or share with others.

Enabling offline use of documents can compromise data room security

Not everyone has access to the Internet 100% of the time so it should be expected that users will want to view documents offline.

Most secure data room systems enable you to let users download PDF files so they do not have to be connected to the Internet to view them.

However, the downloaded PDF files are either not protected (e.g. Digify, DocSend, etc.), or are password protected PDF files – see removing PDF password protection.  So you might want to question why you are using a secure data room solution to begin with if the end result is users being able to download unprotected PDF files.

Does using digital watermarks on documents provide any additional security?

Most secure data room systems enable you to add watermarks to your documents.  If however you let users download PDF files those watermarks can be easily removed using a PDF Editor such as Adobe Acrobat.  This is because they are added as a layer to the PDF file and that layer can be removed in one go.

So digital watermarks for downloaded documents don’t provide any additional security since you can no longer identify the user who shared your documents.

Secure Data Rooms usability issues

And that’s just the data room security issues.  Some of these systems are so poorly designed it is a struggle to manage more than a handful of documents and users.  For example, if you want to have a PDF file that expires at different times for different users you have to upload the file multiple times (one for each user) or create multiple links to the same file.  This quickly becomes unmanageable if you have lots of users and documents to share.  It is much simpler to use an existing document management system and just have secure PDF files made available in it.

So the moral of the story is, do not be fooled by the security credentials and security claims branded by secure data rooms – they are mere marketing hype.

Locklizard as a secure data room alternative

Locklizard provides actual secure document sharing, ensuring your documents cannot be shared with others regardless of their location.

Our document security software locks PDF documents to authorized devices so they cannot be shared, and enforces the same DRM controls for both online and offline documents.  Our secure PDF Viewers can be installed on Windows, Mac, iOS and Android.  They stop screen grabbing and printing to PDF and prevent watermarks being removed by PDF editing software.  There are no login credentials to enter (keys are transparently managed and securely transmitted and store without user intervention) so they cannot be shared with others.

Compared to secure data room systems, Locklizard provide an extensive range of PDF expiry controls, enabling you to protect a document just once yet limit individual access (different dates) for each user.  You protect PDF files on your local computer (no uploading of unprotected files to a cloud server) and can integrate protected PDF files into your existing systems just like any other file.

We don’t tie you into monthly pricing which can soon add up over a period of time, with annual and perpetual licenses both available.  You can choose to host with us or on premise in your own environment.

Locklizard’s PDF DRM security products enable you to share documents securely regardless of their location, enforcing access and use controls.  Stop sharing, piracy and theft of content by taking a free 15 day trial.

Tags: data room security, data rooms security, most secure virtual data room, secure data room, secure data room software, secure data room solutions, secure data room systems, secure data rooms, secure digital data room, secure virtual data room, virtual data room security
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Reddit
  • Share by Mail
https://www.locklizard.com/wp-content/uploads/2021/07/secure-data-room.png 288 479 jofletcher /wp-content/uploads/2015/02/logo.png jofletcher2021-07-14 17:21:172023-05-03 09:14:05Are Data Rooms Secure?

Free Trial

“Fantastic product… outstanding support.”

“We would recommend Locklizard to others”

“The clear leader for PDF DRM protection”

“Our ebook sales have gone through the roof”

“Simple & secure – protects IPR from theft”

Trusted by:

Protect IPR

See why thousands of companies use Locklizard to safeguard their documents and increase revenue streams.

  • Our Customers
  • Customer Testimonials
  • Customer Case Studies
  • Locklizard vs Competitors

Latest Posts

  • PowerPoint Watermark: add non-removable watermarks in PowerPointMay 19, 2023 - 10:56 am
  • How to lock a Word document & protect from editingMay 10, 2023 - 12:10 pm
  • What’s a watermark & why add one for copyright securityApril 28, 2023 - 12:16 pm
  • Secure file sharing, FTP, email & document sharingApril 20, 2023 - 1:11 pm
  • What is DMCA protected & Copyright protection?April 11, 2023 - 11:45 am
PDF DRM Features
  • Protect PDF files
  • Stop PDF sharing
  • Stop PDF copying
  • Restrict PDF editing
  • Add PDF watermarks
  • Disable PDF printing
  • Stop screenshots
  • Expire PDF files
  • Revoke PDF files
  • Lock PDF to devices
  • Lock PDF to IP
  • Track PDF opens

How To Guides

How to watermark PowerPoint
How to lock a Word document
How to santize PDF files
How to lock a Google doc
Prevent PDF security removal
Protect Word without password
Add a dynamic watermark
Password protect Google Doc
Add a watermark in Word
Make a PDF non editable
How to create a stamped PDF
How to prevent ebook piracy
Password protect a Word doc
How to protect a PDF securely
How to revoke document access
Change PDF security settings
How to disable printing of PDFs
Sell online courses securely
How to add security to a PDF
Encrypt a PDF without Acrobat
Share documents securely
How to prevent PDF sharing
Protect confidential documents
How to publish ebooks securely
How to restrict PDF editing
How to password protect a PDF
How to protect ebooks
How to sell Reports securely
How to make a PDF read only
How to send a PDF securely
How to watermark a PDF
How to lock a PDF from editing
How to encrypt a PDF
How to make a PDF expire
How to password protect a PDF
How to protect online courses
How to email a PDF securely

Try Safeguard today

Start protecting your PDF files and documents from sharing & piracy

PRODUCTS

DRM Software
Safeguard
Safeguard Enterprise

Add-ons

  • eCommerce API
  • Command Line
  • USB Protect
  • Web Publisher
  • Own Branding
  • Custom Email

Secure PDF Viewers

  • Web Viewer
  • USB Viewer

SECURITY FEATURES

Stop copying, editing, saving
Disable PDF Prints
Block Screenshots
Disable Copy Paste
Dynamic Watermarks
Expiry & Self Destruct
Revoke Documents
Device Locking
Location Locking
Track PDF Use

PRICING

Purchase & Pricing
Instant Quote

RESOURCES

FAQs
Locklizard Blog
Knowledgebase
Security Guides
White Papers
Viewer Demo
Videos

DOWNLOADS

Secure Viewers

  • Windows
  • Mac OS X
  • iOS
  • Android

Writers
Product Manuals
FREE Trial

DOCUMENT SECURITY

Share Documents Securely
Protect Online Courses
Stop Ebook Piracy
Document Encryption
Secure PDF Distribution
Protect Confidential Documents
Ebook DRM

Protect PDF Files

  • PDF Copy Protection
  • Lock PDF files
  • Encrypt PDF
  • Secure PDF
  • PDF DRM

INDUSTRY SECTORS

Training & Elearning
Publishing Ebooks
Publishing Standards
Online Libraries
Membership Associations
Engineering
Government
Healthcare
Mergers & Acquisitions
Secure Reports From Theft

  ABOUT US

About Us

Our DRM Technology

  • What is DRM?

Customers

  • Case Studies
  • Testimonials

Locklizard vs Competitors

  • Secure Data Rooms

Company Brochure

  CONTACT

sales@locklizard.com
support@locklizard.com

Business Hours:
Mon – Fri: 8AM to 5PM EST
Tel (US): +1 800 707 4492
Tel (UK): +44 (0)1292 430290

© Copyright 2004-2023 Locklizard Limited. All rights reserved.Privacy Policy|GDPR Policy|Cookie Policy|SITE MAP

Scroll to top