Protect Sensitive Documents

Protect confidential & business sensitive documents: stop sharing, theft

  Free Trial & Demo

“Fantastic product… outstanding support.”

“We would recommend Locklizard to others”

“The clear leader for PDF DRM protection”

“Our ebook sales have gone through the roof”

“Simple & secure – protects IPR from theft”

Trusted by:

Confidential & sensitive document protection – protect digital & electronic business documents

  Confidential do not distribute: Stopping document leakage, sharing & theft of proprietary information

Every company has sensitive and confidential documents and proprietary information and data that they need to share securely both inside and outside their organization.  Confidential do not distribute documents need to be kept within the distribution list.  Exposure of such documents to unauthorized users could cause a company potential harm (revenue loss, brand reputation, fines, etc.), so the need to protect sensitive and confidential documents from disclosure and stop sharing and leakage is a high priority.

There are many document security solutions available commercially that are sold to address the protection of confidential and sensitive documents and to stop sharing and document leakage, but how do they stack up?

  Data Leakage Prevention or DLP solutions

DLP solutions consist of a set of security software tools to stop document sharing and leakage by preventing users from sending sensitive and confidential documents outside the corporate network.  DLP is effectively an extension of the old access control systems with added encryption and endpoint protection (i.e. disabling USB ports or monitoring or blocking printing).

You need to either configure a system manually and/or let the DLP system use your rules to classify documents as confidential etc. so that documents on servers or networks can be monitored accordingly and the correct policies (which you have created) and your controls are applied.  This may be, for example, stopping copying of documents to USB devices or ensuring confidential and sensitive documents (containing key words or creators) are encrypted and can only be decrypted by authorized users.

Generally, documents moved outside the internal network cannot be decrypted because of the inability to gain access to the DLP’s key management system.  While this ensures documents remain safe inside the enterprise it raises issues if users need to work on or with information outside the network or if organizations need to disclose sensitive and confidential documents securely with third parties.

DLP systems also have other weaknesses, such as:

  • if a user is authorized to open a document they can copy/paste and screen grab content using third party screen grabbers or copy using remote sessions.
  • to work with specific applications (e.g. Outlook) they require users to install plugins. Plugins have their own problems such as sometimes failing to work after the host application has been updated or clashing with other plugins.  Interfaces are often undocumented.
  • they can also be costly in terms of initial deployment (the time taken to configure the system since configuring policies is a lengthy and complex process) which may not be practical if there are just a handful of confidential and sensitive documents that need protecting or that should not leave the enterprise.

So DLP systems have their use as long as confidential and sensitive documents are to remain within the corporate network.  However, in practice this will usually not be the case.

  Access control

The most common file access control system is Windows Active Directory (AD).  This consists of a set of services that run on Windows server to manage access to networked resources (computers and other devices, such as printers, on a network).

Confidential and sensitive documents are not held encrypted but AD can work in conjunction with AD RMS (Active Directory Rights Management Services) to encrypt content such as email and Word documents.

Again, it is an internal system (there is no concept of sharing confidential and sensitive documents securely with third parties that do not use the same system or domain) and it only works with Windows devices.

  File Encryption

Encrypting files to prevent unauthorized access is at the heart of every document security system.  Many organizations use encryption to protect files at rest (in storage) and when being sent to others or for archiving.

Sending sensitive and confidential documents securely by email is commonplace in most organizations and for those that don’t want to get into the complexities of setting up a Windows-based Certification Authority, public key infrastructure and issuing certificates, there is always the ability to password protect attachments.

However, encryption can only go so far in protecting information.  Once an authorized user has access to an encrypted file they can decrypt it – and then do what they like with it since there are no controls in place to prevent copying and sharing.

  Enterprise Rights Management & Cloud based rights management

Windows has a couple of Document Rights Management systems for organizations to choose from.  Either AD RMS or Azure RMS.  AD RMS is an onsite solution hosted on an organization’s own servers whereas Azure RMS is hosted by Microsoft in the cloud.

Azure rights management (Azure RMS) is probably the most commonly deployed cloud-based RMS for Windows systems.  And it is great as long as you only need to protect documents generated by Windows applications (limited support is provided for some Adobe applications).  It still uses Windows Active Directory but this is now cloud based and is called Azure AD.

Azure RMS is a policy driven system and works in the same way as a DLP, in that you have to classify documents and create policies in order to enable document protection.  Initial deployment and ongoing configuration can therefore be both time consuming and costly.

Azure RMS has several advantages over AD RMS:

  • you do not have to configure additional servers
  • it supports mobile devices
  • authentication is performed in the cloud rather than on an internal network
  • provides document tracking and document revocation

Azure RMS has been built as an internal document system rather than one designed for sharing sensitive and confidential documents with third parties, but external users can be added more easily to the system if they have a Microsoft account or are also using Azure AD for authentication.  This does, however, compel external users to sign up using a Microsoft approved account, and their organization may not wish them to install external mail accounts on the desktop.

  Locklizard Enterprise Rights Management

Locklizard have taken a simplified approach to protecting confidential and sensitive documents that requires less management overhead and protects information and its use throughout its life cycle.

There are no policies, public key, or directory systems to configure.  You apply document controls (such as stopping printing, expiry, etc.) when documents are protected using a simple tabbed interface and assign user access via a simple to use administration system.  All key management is handled by the system and there are no insecure passwords or plugins.  A wide variety of document controls can be implemented and changed on-the-fly for individual users. For example, you can protect a document with zero prints (so no one can print it) and then enable individual users to print it.  Similarly, you can set a document to expire on a specific date, but change this date for specific users.  The key document controls – stopping sharing, copying, editing, printing, etc. – remain part of the document and are always enforced regardless of where your documents are located.

Locklizard locks the use of confidential and sensitive documents to authorized user’s devices and you can further prevent use outside authorized locations (e.g. the office).  This enables you to easily protect confidential documents in the workplace, controlling the use of sensitive and confidential documents on BYOD where they could potentially be used by others in locations not under your control.  By locking document use to machines and locations, Locklizard ensures your confidential not for distribution documents are tightly controlled.

If you want to allow users to print confidential documents then you can add dynamic watermarks with user identifiable information that are applied to printed copies.  This helps discourages users from sharing printouts with others.

Locklizard enables you to share sensitive and confidential documents securely with third parties and to protect confidential documents from disclosure. You have full control over document access and use at all times.  You can track and log document use and instantly revoke access when required.

  What is the best document protection for confidential & sensitive business documents?

In conclusion, there are many different types of document security systems available to protect digital or electronic documents that are confidential not for distribution and sensitive in nature.  DRM enables you to protect confidential documents and proprietary information and data regardless of its location.  It significantly extends the old IT controls and provides a much finer grained control over the ability of the user to make use of a document.

You need to bear in mind:

  • how many documents you really need to protect
  • whether sharing documents securely with third parties is a must
  • how much control you need over document use
  • whether watermarks, such as confidential watermarks, can be easily removed
  • whether document activity should be logged
  • how long the system will take to implement
  • how much ongoing maintenance is required

Then implement the simplest document protection solution that works best for you.

How to protect sensitive documents on your computer

How to protect sensitive documents

In Safeguard Secure PDF Writer, choose the document protection options you want to apply:

  1. Stop printing, allow printing or limit the number of prints.
  2. Add dynamic watermarks to viewed and or printed pages.  Dynamic variables replace actual user and system data when the document is viewed/printed so you only have to protect the document once for all users.
  3. Make the document expire  on a specific date, after a number of views, after a number of prints, or after a number of days from opening – access is automatically ceased.
  4. Stop screen grabbing (even from remote connections) applications and prevent use of Windows print screen.
  5. Log document views and prints.
Safeguard’s default protection
  • Stops users editing, copying and pasting content
  • Locks PDF files to specific devices so they cannot be shared with others
  • There are no passwords for users to enter, manage, or remove
  • You can revoke PDFs at any time regardless of where they reside

Once protected, distribute them just like any other file (email, web site, etc.).

Why Locklizard to protect confidential business documents & sensitive proprietary information?

Locklizard provides a stronger alternative to password security, file encryption & deal room systems.  It is less complex to setup than Microsoft & Adobe RMS, provides additional security, and is easier to maintain.

  • No Passwords

    There are no passwords for users to enter so they cannot be shared.  Keys are transparently and securely transferred to authorized devices and locked to those devices.

    Users cannot share access information, and therefore your protected documents with others.

  • Secure Distribution

    Full control over document distribution:

    • Secure documents on your local computer – no uploading of unprotected files to a server where they could be compromized.  You retain full control over unprotected documents and ensure they can never be exposed to the wrong people.
    • Distribute protected documents just like any other file – upload them to a cloud server, your web site, send by email or distribute on CD, USB, etc.

  • DRM Controls

    DRM controls give you full control over document use:

    • Stop screen grabbing – stops users taking high quality screen grabs using screen grabbing tools.
    • Stop printing (or limit the number of prints).  If printing is allowed then we automatically prevent printing to file drivers (e.g. PDF files).
    • Enforce printing of colour documents in black & white or grayscale.
    • Expire documents after a number of days use, views, prints, or on a fixed date.
    • Revoke documents and user access instantly (regardless of where they are located).
    • Allow offline use – no forcing of users to be online to view protected documents.
  • Device & location locking

    Control the devices and locations protected documents can be accessed from.

    • Automatically locks document use to authorized devices to prevent sharing.
    • Control the number of devices for each user that your protected documents can be used on.

    • Lock use to locations to control where your protected documents can be used from (e.g. office only).  This gives you full control over BYOD use since documents on a mobile device will be available for use in the office but not when taken home.
  • Non-Removable Dynamic Watermarks

    Add dynamic watermarks to viewed and/or printed pages.  Dynamic variables are automatically replaced by user data at print/view time.

    You might want to do this for example if you allowing printing and want to make sure that if photocopies are made that they clearly identify the user who was originally given access.

    You only have to protect a document once for all users rather than having to protect documents individually for each user in order to display unique user information (name, email, etc.).

    Locklizard watermarks cannot be easily removed (unlike Office and Adobe watermarks which can be removed in a single action) since we prevent PDF editing and stop screenshots.

  • Simple to use

    Protect sensitive and confidential documents by right clicking on them in Windows Explorer.

    Manage users and document access via our web-based administration system.

    Automate document protection, user management and document access with our command line and API tools.

  • Cost Savings

    No charges per document or user – one set price for unlimited documents and users.

Locklizard takes your document security seriously.  Share sensitive and confidential documents securely without insecure passwords or plug-ins, and enforce access, location, expiry, and usage controls.  Our DRM technology enables you to protect confidential documents and proprietary information with ease and ensures documents remain safe no matter where they reside with US Gov Strength encryption, licensing, and DRM controls.  Protected document content is decrypted in memory and no temporary files are used.  Protect confidential business documents from disclosure, prevent unauthorized distribution, and track and log authorized use.

See our customer testimonials or read our case studies to see why thousands of organizations use Locklizard PDF security to protect sensitive documents from unauthorized access and use.

Customer Testimonials