secure dealing rooms

Secure Dealing Rooms

Secure Dealing Rooms: Secure Document Access & Sharing

Protect IP

Protect documents regardless of their location:

Stop unauthorized access
Stop sharing and distribution
No insecure passwords or plugins

Restrict Use

Set Expiry

Revoke Access

Watermark

Log Use

Comply Law

Benefits

Why Locklizard for secure document sharing?

Locklizard provides a stronger alternative to secure dealing rooms

No Passwords
There are no passwords or codes for users to enter so they cannot be shared. Keys are transparently and securely transferred to authorized devices and locked to those devices.

So unlike secure deal rooms, users cannot share access information, and therefore your ‘protected’ documents with others.
Secure Distribution
Full control over document distribution:
- Secure documents on your local computer – no uploading of unprotected files to a server. You therefore retain full control over unprotected documents and ensure they can never be exposed to the wrong people.
- Distribute secure documents just like any other file – upload them to a cloud server, your web site, send by email or distribute on CD, USB, etc.
DRM Controls
Wide range of DRM controls to ensure documents cannot be copied or shared and you retain full control over them at all times.
- Stop screen grabbing – stops users taking high quality screen grabs using screen grabbing tools. Cloud hosted secure dealing room systems CANNOT stop screen grabbing because they do not install any software on the client device.
- Stop printing (or limit the number of prints). If printing is allowed then we automatically prevent printing to file drivers (e.g. PDF files) – this is NOT possible to prevent with cloud hosted secure dealing room systems.
- Expire documents after a number of days use, views, prints, or on a fixed date.
- Revoke documents and user access instantly (regardless of where they are located).
- Allow offline use – no forcing of users to be online to view protected documents.
Device & location locking
Control the devices and locations your protected documents can be accessed from.
- Automatically locks document use to authorized devices to prevent sharing.
- Control the number of devices for each user that your protected documents can be used on.
- Lock use to locations to control where your protected documents can be used from (e.g. office only). This enables you to easily control BYOD use since documents on a mobile device will be available for use in the office but not when taken home.
Dynamic Watermarks
Add dynamic watermarks to viewed and/or printed pages. Dynamic variables are replaced by user data at print/view time.

You only have to protect a document once for all users rather than having to protect documents individually for each user in order to display unique user information (name, email, etc.).
Zero installation Viewers
Publish documents securely on USB devices for zero installation or for viewing in a Browser.
Simple to use
Our document security software is simple to use – secure documents by right clicking on them in Windows Explorer.

Manage users and document access via our web-based administration system.

Automate document protection, user management and document access with our command line and API tools.
Cost Savings
No charges per document or user – just a one off fee for unlimited documents and users.

Locklizard takes your document security seriously. Share documents securely without insecure passwords or plug-ins, and enforce access, location, expiry, and usage controls. Our DRM technology ensures documents remain safe no matter where they reside with US Gov Strength encryption, licensing, and DRM controls. Protected document content is decrypted in memory and no temporary files are used.

Using DRM in secure dealing rooms to control document access & use

Business requirements

In any enterprise there is information that has to be kept secret, but must be distributed, and therefore has to be identified with any recipient in the event that it is ‘leaked’.

Here we address two examples of this requirement, and show how to identify secure dealing rooms solutions that meet business needs. The first example is the control of board of management information, and the second is the control of information exchanged during mergers and acquisitions.

Sharing documents securely

The critical feature of both of the above scenarios is that highly confidential information has to be made available to people who are not necessarily to be ‘trusted’ because their personal future is not determined by maintaining the confidentiality of the information they are being granted access to. That is not to be interpreted in a negative fashion. Independent directors are an essential component guaranteeing the governance of an enterprise. Potential purchasers of an enterprise do not want to reveal secrets, unless, perhaps, they are jilted at the altar of acquisition.

So there’s the problem in a nutshell. There are many occasions on which you are obliged to share secrets with people who you cannot control, and you are obliged to take such steps as you reasonably can to reduce their ability to cause harm.

Whilst board minutes are only one example of internal documents that need to be strictly controlled on the one hand, and yet have to go outside of the control of the enterprise, they can contain material that, should it become public for any reason, could have a significant impact upon the share price and future status of the business.

In mergers and acquisitions, the stakes are, perhaps, just blindingly obvious. Information disclosed in this process is usually highly confidential, and misusing the knowledge of that information could be anything from commercially sensitive to requiring explanation to the share trading body of the country in which the enterprise is registered. Or to put it another way, inappropriate disclosure could result in people going to jail.

Types of secure dealing rooms solutions

The typical IT based solution relies upon access controls to prevent the unauthorized from gaining access to information. This may be achieved in a number of ways. For users connecting on an internal network it may simply be logon id and password that grants uncontrolled access to everything defined for that user.

Where outsiders have to be given access to information, IT departments create areas on servers, sometimes called rooms or dealing rooms, where information can be stored, and access controlled through the use of one or more specific logon id/password combinations, perhaps also using incoming IP address monitoring as a means of limiting the potential for people to give their logon details to others, thus defeating the access control.

This latter approach also allows a degree of monitoring of user activity through the use of cookies, and it can be made to appear more secure by using the SSL service to encrypt the information being transferred between the ends.

What neither of these IT approaches achieves is the ability to prevent the authorized user from taking copies of information to which they have legitimate access, and passing those copies on to others. They also do not provide any linkage that can identify the source of unauthorized distribution.

An alternative approach, especially for internal systems, could be to use a document collaboration system. These have various controls for describing controlled groups, and it may be possible to allow outsiders to have access by making outsiders appear to be insiders (rather like the IT solutions considered above). What is more problematic about this type of solution is that collaboration systems expect documents to be editable, and that there is some hierarchy of users where some approve documents. Commonly in the business cases described above, information is authorized before it is made available, recipients are not allowed to change anything, and some activities, such as printing, may need to be forbidden, or tightly controlled.

Finally there are DRM based solutions. These have significant benefits over the other solutions described, because they can allow authorized recipients to use information without having to grant them access either to internal networks or to servers. Where access is granted for limited periods of time this can be automated so that access automatically lapses without further administrative effort, or can be switched on and off again as suits the situation. These facilities are significantly different from administering ‘secure dealing rooms’. Finally, DRM solutions have additional features, such as being able to link the authorized user’ s identity to viewed images and printed images, to dissuade them from sharing information in an inappropriate manner, as well as preventing authorized users from being able to readily pass on copies of controlled information.

Cloud based secure dealing rooms

The most common type of secure dealing room in use today is the cloud hosted secure deal room. These enable companies to securely share confidential business documents with third parties without having to invest in infrastructure of spend time setting up access control systems. At first glance, cloud hosted secure deal rooms seem to be an ideal solution for secure document exchange with external groups. However they do have some major security issues.

Secure deal room security issues

All cloud hosted secure deal rooms rely on passwords for authentication. Passwords can be easily shared with other users so that means your confidential documents can be too.
Document content is decrypted on the server and then pass it to the client device using SSL. That might sound secure but browsers save content to temporary files (caching) to speed up rendering. So your unprotected documents could be recovered by users from the browsers temporary file location.
You have to upload your unprotected documents to the cloud server where they are outside of your control. In theory they are then encrypted and the unprotected version is deleted – but what if something goes wrong and your unprotected documents remain stored on a cloud server for possible future access?
Because documents are accessed using a browser, there is no security software on the local computer / remote device to enforce document controls. If you allow printing you therefore cannot prevent printing to file formats such as PDF or stop screen grabbing applications from taking high quality screenshots of content.

So, secure deal rooms for document sharing?

Secure dealing rooms were developed using the techniques of a central control system administered by IT departments. They achieved considerable success, although they did not prevent their users from being able to obtain copies of documents and pass them on without detection.

Cloud hosted secure deal rooms expanded on the need to share documents securely outside of the contraints of an internal IT system but also have major shortcomings. These password based systems have still not addressed being able to stop users sharing sensitive documents with others – they just provide better monitoring so you can see ‘who’ (what login details) has accessed what documents.

DRM solutions for documents that don’t rely on passwords or plugins provide a much more secure solution to document sharing and distribution. They provide better control over the use of documents, lock use to devices and locations so they cannot be shared, and provide better operational flexibility for those who have to set up and administer the secure distribution of sensitive information.

	Introduction to DRM
	DRM as a security mechanism
	History of Rights Management
	Should DRM have standards?
	Secure Dealing Rooms & DRM
	Personal DRM

	Security Learning Center
	Document Security Papers
	Information Security Glossary
	Regulatory Compliance
	Intellectual Property Theft
	Adobe PDF Security Issues
	PDF Plug-in Vulnerabilities
	Adobe Flash Security Issues
	DRM Security Issues