drm

Digital Document Protection

Protect confidential & business sensitive documents: stop sharing, theft

Protect IP

Protect confidential & sensitive documents regardless of location:

Stop unauthorized access
Stop sharing and distribution
Strong US Gov strength encryption, DRM and licensing controls

Restrict Use

Set Expiry

Revoke Access

Watermark

Log Use

Comply Law

Benefits

Free Trial & Demo

“Fantastic product… outstanding support.”

“We would recommend Locklizard to others”

“The clear leader for PDF DRM protection”

“Our ebook sales have gone through the roof”

“Simple & secure – protects IPR from theft”

Trusted by:

Confidential & sensitive document protection – protect digital & electronic documents

Stopping document leakage, sharing & theft

Every company has sensitive and confidential documents that they need to share securely both inside and outside their organization. Exposure of such documents to unauthorized users could cause a company potential harm (revenue loss, brand reputation, fines, etc.), so the need to protect sensitive and confidential documents and stop sharing and leakage is a high priority.

There are many document security solutions available commercially that are sold to address the protection of confidential and sensitive documents and to stop sharing and document leakage, but how do they stack up?

Data Leakage Prevention or DLP solutions

DLP solutions consist of a set of security software tools to stop document sharing and leakage by preventing users from sending sensitive and confidential documents outside the corporate network. DLP is effectively an extension of the old access control systems with added encryption and endpoint protection (i.e. disabling USB ports or monitoring or blocking printing).

You need to either configure a system manually and/or let the DLP system use your rules to classify documents as confidential etc. so that documents on servers or networks can be monitored accordingly and the correct policies (which you have created) and your controls are applied. This may be, for example, stopping copying of documents to USB devices or ensuring confidential and sensitive documents (containing key words or creators) are encrypted and can only be decrypted by authorized users.

Generally, documents moved outside the internal network cannot be decrypted because of the inability to gain access to the DLP’s key management system. While this ensures documents remain safe inside the enterprise it raises issues if users need to work on or with information outside the network or if organizations need to disclose sensitive and confidential documents securely with third parties.

DLP systems also have other weaknesses, such as:

if a user is authorized to open a document they can copy/paste and screen grab content using third party screen grabbers or copy using remote sessions.
to work with specific applications (e.g. Outlook) they require users to install plugins. Plugins have their own problems such as sometimes failing to work after the host application has been updated or clashing with other plugins. Interfaces are often undocumented.
they can also be costly in terms of initial deployment (the time taken to configure the system since configuring policies is a lengthy and complex process) which may not be practical if there are just a handful of confidential and sensitive documents that need protecting or that should not leave the enterprise.

So DLP systems have their use as long as confidential and sensitive documents are to remain within the corporate network. However, in practice this will usually not be the case.

Access control

The most common file access control system is Windows Active Directory (AD). This consists of a set of services that run on Windows server to manage access to networked resources (computers and other devices, such as printers, on a network).

Confidential and sensitive documents are not held encrypted but AD can work in conjunction with AD RMS (Active Directory Rights Management Services) to encrypt content such as email and Word documents.

Again, it is an internal system (there is no concept of sharing confidential and sensitive documents securely with third parties that do not use the same system or domain) and it only works with Windows devices.

File Encryption

Encrypting files to prevent unauthorized access is at the heart of every document security system. Many organizations use encryption to protect files at rest (in storage) and when being sent to others or for archiving.

Sending sensitive and confidential documents securely by email is commonplace in most organizations and for those that don’t want to get into the complexities of setting up a Windows-based Certification Authority, public key infrastructure and issuing certificates, there is always the ability to password protect attachments.

However, encryption can only go so far in protecting information. Once an authorized user has access to an encrypted file they can decrypt it – and then do what they like with it since there are no controls in place to prevent copying and sharing.

Enterprise Rights Management & Cloud based rights management

Windows has a couple of Document Rights Management systems for organizations to choose from. Either AD RMS or Azure RMS. AD RMS is an onsite solution hosted on an organization’s own servers whereas Azure RMS is hosted by Microsoft in the cloud.

Azure rights management (Azure RMS) is probably the most commonly deployed cloud-based RMS for Windows systems. And it is great as long as you only need to protect documents generated by Windows applications (limited support is provided for some Adobe applications). It still uses Windows Active Directory but this is now cloud based and is called Azure AD.

Azure RMS is a policy driven system and works in the same way as a DLP, in that you have to classify documents and create policies in order to enable document protection. Initial deployment and ongoing configuration can therefore be both time consuming and costly.

Azure RMS has several advantages over AD RMS:

you do not have to configure additional servers
it supports mobile devices
authentication is performed in the cloud rather than on an internal network
provides document tracking and document revocation

Azure RMS has been built as an internal document system rather than one designed for sharing sensitive and confidential documents with third parties, but external users can be added more easily to the system if they have a Microsoft account or are also using Azure AD for authentication. This does, however, compel external users to sign up using a Microsoft approved account, and their organization may not wish them to install external mail accounts on the desktop.

Locklizard Enterprise Rights Management

Locklizard have taken a simplified approach to protecting confidential and sensitive documents that requires less management overhead and protects information and its use throughout its life cycle.

There are no policies, public key, or directory systems to configure. You apply document controls (such as stopping printing, expiry, etc.) when documents are protected using a simple tabbed interface and assign user access via a simple to use administration system. All key management is handled by the system and there are no insecure passwords or plugins. A wide variety of document controls can be implemented and changed on-the-fly for individual users. For example, you can protect a document with zero prints (so no one can print it) and then enable individual users to print it. Similarly, you can set a document to expire on a specific date, but change this date for specific users. The key document controls – stopping sharing, copying, editing, etc. – remain part of the document and are always enforced regardless of where your documents are located.

Locklizard locks the use of confidential and sensitive documents to authorized user’s devices and you can further prevent use outside authorized locations (e.g. the office). This enables you to control the use of sensitive and confidential documents on BYOD where they could potentially be used by others in locations not under your control.

Locklizard enables you to share sensitive and confidential documents securely with third parties with confidence that you have full control over their access and use at all times. You can track and monitor document use and instantly revoke access when required.

What is the best document protection for confidential & sensitive business documents?

In conclusion, there are many different types of document security systems available to protect digital or electronic documents that are confidential and sensitive in nature. DRM significantly extends the old IT controls and provides a much finer grained control over the ability of the user to make use of a document.

You need to bear in mind:

how many documents you really need to protect
whether sharing documents securely with third parties is a must
how much control you need over document use
whether document activity should be logged
how long the system will take to implement
how much ongoing maintenance is required

Then implement the simplest document protection solution that works best for you.

Why Locklizard to protect sensitive & confidential business documents?

Locklizard provides a stronger alternative to password security, file encryption & deal room systems. It is less complex to setup than Microsoft & Adobe RMS, provides additional security, and is easier to maintain.

No Passwords
There are no passwords for users to enter so they cannot be shared. Keys are transparently and securely transferred to authorized devices and locked to those devices.

Users cannot share access information, and therefore your protected documents with others.
Secure Distribution
Full control over document distribution:
- Secure documents on your local computer – no uploading of unprotected files to a server where they could be compromized. You retain full control over unprotected documents and ensure they can never be exposed to the wrong people.
- Distribute protected documents just like any other file – upload them to a cloud server, your web site, send by email or distribute on CD, USB, etc.
DRM Controls
DRM controls give you full control over document use:
- Stop screen grabbing – stops users taking high quality screen grabs using screen grabbing tools.
- Stop printing (or limit the number of prints). If printing is allowed then we automatically prevent printing to file drivers (e.g. PDF files).
- Enforce printing of colour documents in black & white or grayscale.
- Expire documents after a number of days use, views, prints, or on a fixed date.
- Revoke documents and user access instantly (regardless of where they are located).
- Allow offline use – no forcing of users to be online to view protected documents.
Device & location locking
Control the devices and locations protected documents can be accessed from.
- Automatically locks document use to authorized devices to prevent sharing.
- Control the number of devices for each user that your protected documents can be used on.
- Lock use to locations to control where your protected documents can be used from (e.g. office only). This gives you full control over BYOD use since documents on a mobile device will be available for use in the office but not when taken home.
Dynamic Watermarks
Add dynamic watermarks to viewed and/or printed pages. Dynamic variables are automatically replaced by user data at print/view time.

You might want to do this for example if you allowing printing and want to make sure that if photocopies are made that they clearly identify the user who was originally given access.

You only have to protect a document once for all users rather than having to protect documents individually for each user in order to display unique user information (name, email, etc.).
Simple to use
Protect sensitive and confidential documents by right clicking on them in Windows Explorer.

Manage users and document access via our web-based administration system.

Automate document protection, user management and document access with our command line and API tools.
Cost Savings
No charges per document or user – one set price for unlimited documents and users.

Locklizard takes your document security seriously. Share sensitive and confidential documents securely without insecure passwords or plug-ins, and enforce access, location, expiry, and usage controls. Our DRM technology ensures documents remain safe no matter where they reside with US Gov Strength encryption, licensing, and DRM controls. Protected document content is decrypted in memory and no temporary files are used.

	Document security
	Sharing documents securely
	Document tracking & control
	Protect sensitive documents
	Data loss prevention
	PDF plugin security
	Document watermarking
	Powerpoint security
	Library Ebook DRM Security

	Security Learning Center
	Document Security Papers
	Information Security Glossary
	Regulatory Compliance
	Intellectual Property Theft
	Adobe PDF Security Issues
	PDF Plug-in Vulnerabilities
	Adobe Flash Security Issues
	DRM Security Issues