Secure Document Sharing platforms
When people think about secure document sharing, they usually think about specific online file sharing and/or collaboration service. However, these platforms have various limitations, such as:
- documents have to be uploaded to a supplier’s server, which is not under your control.
- documents are generally viewed via a browser so there is limited screen grabbing prevention (if any) and limitations on the controls you can enforce.
- printing to PDF or other file drivers is not prevented so users can save documents locally to disk if you allow printing.
- users must always be online to view and print documents.
- users can share their login credentials with others without being detected.
- pricing is usually based on the number of user accounts and/or documents and can get expensive quite quickly.
Secure document sharing platforms such as Microsoft Azure Rights Management have mainly evolved from document collaboration systems, and often they have complex role-based permissions which are best suited to internal use. Admins must define formal access control structures (i.e. there is no concept of selling the documents and controlling their actual use).
However, most of the documents you need to share securely have gone beyond the concepts of collaboration (i.e. distributing reports, finance info, formal board minutes, formal procedures etc.), and in certain countries where internet connections are poor, users still need to store and view files offline.
Most importantly, however, companies need to decide whether they want to store their files on someone else’s internet-accessible server. A server that could experience outages or even be hacked and the documents extracted. Even if a document sharing platform is right for you, it may be necessary to find a solution where you maintain control of the files and don’t ‘give’ them to the security provider.
Share sensitive documents securely using encryption
Encrypting a document is fine if your objective is to secure the file at rest – i.e. you want to store documents securely either locally or in cloud storage. It can also be useful in transit when you’re sending a file to another user by email etc. and want to be sure that anybody who intercepts the email will not be able to read it.
Document encryption, however, has its limits. Once a file is decrypted, there are no access controls governing its use. If you send an encrypted document to another user – because you only want them to be able to view it – there is nothing to prevent them from sending the decrypted document to anyone they choose. In other words, it only provides protection if you trust the receiver completely. This is especially important to keep in mind if you are selling documents such as reports, ebooks, etc., and want to make sure that only those that have paid for them can use them. If you have confidential company information that must only be made available to specific employees, board members or third parties, being able to control usage is also key.
Sharing documents securely using DRM security
Document DRM adds a complementary layer of security on top of document encryption. With document DRM, files are encrypted to protect them in transit and at rest and then access and other controls are added to govern use. Basic document DRM controls prevent copying and document modification, stop or limit printing, and stop screen grabbing by preventing print screen and the use of screen grabbing tools.
To prevent unauthorized document sharing, document DRM systems use licensing controls to tie users and their devices to specific documents. This ensures the document owner can share documents securely amongst only intended recipients (unless of course, an authorized recipient is willing to give their tablet device, mobile phone, or laptop to someone else). Many document DRM systems also provide dynamic document watermarking – user details are displayed on a document when it is viewed and printed to discourage photographs of the screen, or if printing is allowed, to discourage printed distribution. Adding watermarks dynamically ensures the document only needs to be protected once rather than once for every single user.
More advanced document DRM systems enable documents to be shared securely in only authorized locations by limiting use to specific countries and IP address ranges. This ensures that users using mobile devices cannot open secure documents say, outside an office location, or in countries where usage is forbidden due to regulations.
Secure document sharing & expiry: sharing documents securely for limited time periods
Another advantage of using document DRM systems to share documents securely is the ability to automatically expire (and thus revoke) document use after a certain amount of time. This could be after a number of views or prints, a number of days, or on a fixed date. Ensuring information can no longer be viewed after a certain period is especially useful for M&A documents, where information is only required for a limited period or for documents that have a natural life span. See PDF expiry.
Document DRM systems also provide the ability to revoke documents instantaneously no matter where they reside – if information has been published by mistake, access given to the wrong person, or a chargeback has been made, you can instantly recall it.
Sharing documents securely with accountability – track & log document use
When sharing documents securely, it may be important to establish that an authorized user has viewed and/or printed a document – whether this is for legal/compliance reasons or to help identify leaks. Document DRM systems can help here by tracking document use and providing log files detailing when documents were opened and printed, by whom and when this occurred.
Conclusion: How to share documents securely
When sharing documents securely there are many issues that have to be considered.
- What kind of document control are you seeking to exert – internal use, internal and external, or purely external?
- Do you trust the recipients enough to know that they will not pass documents on? How much control do you want over your files when dealing with untrusted parties? Do you trust a Secure File Sharing company to protect and host your confidential or valuable documents on their servers? Do users always have an Internet connection available; and how much security is enough?
- Do you need to log what users are doing? Are you licensing the use of information content rather than sharing files at a peer-to-peer level?
For the simpler requirements, a collaboration system may offer enough controls – documents are in a constant state of flux. As you transition to selling documents or the distribution of private documents to remote environments where bespoke security is required, DRM is essential to maintain document content protection.