Safeguard PDF Security can provide many benefits to your company including:
Although the Locklizard DRM products appear to be focused upon publishers, this does not mean that Safeguard PDF Security can only be used in that context. Many of our customers use Safeguard PDF Security to protect internal documents that have controlled circulations, including being able to control their use by business partners where that is appropriate.
An enterprise is also a major publisher of information internally. In most instances internal publications are similar to those of a book or magazine publisher, but with one very important difference. Publishers publish their material to ‘the public’ and their work becomes subject to the international laws of copyright. Internal publications, whilst they may have some copyright elements, are more usually confidential documents and trade secrets.
Trade secrets are much more important, for the enterprise, than copyright documents. Trade secrets are used before patents are created. Trade secrets are used before formal reports are issued to the SEC or to analysts or banks, or lawyers. Although enterprises cover many confidentiality and secrecy issues in their contracts of employment they still need to implement adequate procedures and controls to support keeping a trade secret. If you are going to prosecute for either theft of a trade secret or theft of copyright information you are going to need proof that the person had access to the information so that you can show they had access.
When it is used internally, the publisher becomes the document manager or document administrator, and they (and their staff) have the responsibility for allocating users (rather than customers) and for protecting documents for circulation to users.
Internal user administration is achieved through a combination of normal logon account management (which runs outside of the Safeguard PDF Security features), for instance, to cease access to internal networks immediately if an employee leaves. Safeguard PDF Security controls may be used to revoke access to specific ‘publications’ if an employee changes job function or location, and may also be used to stop access from roaming users or users who are part of other businesses where normal access control mechanisms have no effect. If an employee leaves your organization then you can revoke their access to protected documents with immediate effect.
In many ways, internal document management is no different to running a publishing house, except perhaps that there is no accounting control for sales and customer management (unless you are using an outsourced administration model perhaps). Instead of customers you have departments or task forces or workgroups. These may align more with publication groups. The same goes for formal reporting groups, boards of management and investor relationships.
The concept of the publication remains valuable in the corporate context. But instead of publications being used as part of a subscription service, they should be considered to be regular reports, such as monthly accounts, management reports, departmental reports, or documents that must be circulated in a controlled manner to defined groups – sales support manuals, repair manuals, departmental briefing documents. These can all be considered to be ‘publications’ and the staff or users as ‘customers’ who are given access to the relevant schedules of information.
Instead of thinking about publications, think about the internal distribution requirements that you have for similar documents. These may be based around a research project or around a litigation or around the accounting function.
So as an administrator you will need to be able to allocate specific documents to internal groups who have a need to be able to use the document. Each of these groups is either an internal organizational unit, or one that is related to operational groups that the enterprise formally communicates with on a regular basis.
In any organization there are occasions when you will be required to provide access to some of your internal documents to external bodies (government officials, accountants, lawyers, court officials and so on). Often these documents are electronic rather than paper, and you want to be sure that only those who have been authorized to use them can do so. This may include being sure that after a certain time or date the documents will no longer be accessible.
Safeguard PDF Security controls are an ideal way of ensuring that whilst you are complying with granting lawful access to specific information, people other than those authorized cannot read or use that information. It also means that you have a record of all the documents that have been provided, know who has actually registered to use them and when.
Enterprise PDF DRM also enables you to audit user and document activity so you can see what actions were taken by administrators and who viewed and/or printed your documents, when and where.
Command Line allows an administrator to preset specific document protection rules and have them run as DOS commands. Documents can be automatically secured using command line so that they are protected in a consistent manner inline with your document protection policies. You can create batch files that non-Safeguard administrators can run, and/or have these run automatically against specific folders using Windows scheduler. Non-administrators can save files to these folders where they will be automatically protected with the document DRM controls you have specified.
Command line can significantly improve the automation of the system, prevent protection profile errors, devolve administrator responsibilities, and increase protection reliability for improved governance.
If you intend to use Safeguard PDF Security internally then it makes sense to use one of your existing servers (or a new one) to host the Locklizard administration system. The administration system can be hosted on a server that is currently in use by other software applications or you can host it on a server on its own. By hosting internally, all server communications are internal and the server is under your own control and you can automatically deny access to external users.
There are many systems (computer applications) that claim to provide control of internal documents, but before you can decide if they do, you need to know exactly what you consider to be documents, and what controls you actually want or need to apply to them to support your business processes.
If we look at international standards such as ISO 17799 (ISO 27001) Code of practice for information security management, we find that a control is something that you put in place in order to be able to describe what is required and measure if it is working (or not).
So internal document control needs something in the way of definition/specification in order to find out what it is that we are actually trying to achieve and how it is that we think we can achieve it.
Internal document control usually revolves around the need to make sure that only those who are approved can see and can edit documents. Often the most important consideration for internal document control is to make certain that the internal document cannot become an external document – see external document control. All too often there is no internal document control system to prevent internal documents from being copied and given to outsiders. Somehow or other it is expected that the ‘normal’ operating system controls are going to prevent users from being able to take copies of confidential documents and pass them on to others.
Also, ‘normal’ controls are supposedly able to prevent people from being able to copy the temporary files that applications such as Microsoft Word or Outlook/Express seem to leave littered across the landscape for almost anyone to see. Perhaps those are the really significant threats to internal document control – the fact that the normal applications all users make use of actually provides compromises to internal document control by making available uncontrolled copies of what would otherwise be controlled documents.
Therefore internal document control is not something that is actually that easy to establish. It is far easier to encrypt a finished document than it is to ensure that a user cannot obtain a copy of a document that is subject to internal document control.
Of course there are specialist systems that can apply internal document control to documents that are being created, reviewed, edited and approved. But the problem with these is that they remain outside the mainline tools that people use. Whether purists and IT security gurus like it or not the most popular (or perhaps more likely provided as part of how the computer arrived) tools in the IT stable come from Microsoft, and are therefore the ones that users are familiar with and have used before.
There are a wide variety of systems available for the control of internal documents.
These vary from the document management systems that control access, versions, import and export and authorization to those aimed more towards the modern concept of document collaboration – controlling input from multiple authors together with review and authorization. All these systems really rely on access control mechanisms for their effectiveness because in most instances digital rights management (DRM) type controls are not appropriate.
However in some cases DRM controls may also be required where it is necessary to control BYOD use and prevent people taking printouts or copies of documents and giving them to others (or having them stolen or misled). As a result other measures are needed where DRM controls are to be applied to internal document control.