For many businesses, maintaining the confidentiality of their documents and preventing the unauthorized use of their data is crucial for securing their back-end strategies and adhering to their privacy policies. So, there should be no chance of recipients secretly keeping document copies for their own use or of confidential information reaching unauthorized third parties, not even through authorized recipients.
This is why your business needs to keep tabs, in the form of document security systems, on who can access your documents and to what extent and in what situations they can do so. Digital Rights Management (DRM) will help you here as it encrypts documents in such a way that only the intended recipient(s) can view them. It also helps to regulate what the authorized recipients can do with the documents. For this, the users must view the document in an app that decrypts the document, while obeying the applied DRM controls.
But, what security system should you invest in? How can you choose the most suitable document viewer among web, installed and plug-in viewers. Below, we provide insights into the various options available.
Web viewers for secure documents
This option is effective as most of the popular browsers run in a reliable manner, but that does not cover the restrictions that come along.
For example, browsers are only designed to display and not to handle. So, they may be unable to obstruct data duplication by other plug-ins which render a protected document to screen and convert it into a usable format later. You may not even realize when that happens. Some corporation standards now prohibit plug-ins from being loaded onto the system.
Also, restricting system-level functions (such as checking the use of specific keys or reading process lists to prevent certain applications from loading) may be impossible in browsers. In addition, total internet dependency (the user has to always be online) is yet another restriction to web viewers.
Allowing access based on an ID and password is quite a safe step back because multiple-access misuse is possible (i.e. users sharing their login details with others). To restrict this, some systems enable you to limit the number of simultaneous users and the number of users who can use one set of credentials. In this way, sharing the credentials will no longer guarantee access.
Installed viewers for secure documents
Installed viewers offer much stronger controls in terms of offline access to secured documents and code obfuscation. For example, to restrict the impact of hacking tools, code encryption and code obfuscation can make it difficult for hackers to gain access to the core code (for example, they could redirect the unencrypted output to a file by finding ways of injecting code into a run-time system if it were not protected).
Moreover, these viewers can lock into a specific machine identity and control licensing information for that particular machine. This makes the machine recognizable instead of doing a user identification each time.
Also, they enable you to detect the use of special keys, such as Print Screen. You can even identify running processes and be aware of any virtual printers.
Basically, they provide the securest of environments for viewing protected documents.
App plug-ins for secure documents
Using a native app (for example, MS Word in the case of word documents) and simultaneously running a plug-in that decrypts and obeys DRM controls is generally considered the simplest solution for securing documents.
However, the risk of another plug-in (which enables duplication of the content through extraction) being loaded is a major problem. The biggest issue however is that the document securing plug-ins often stop working whenever the native app is updated. So, while these plug-ins solve the problem of document security easily, they also have potential security and usability risks.
What document security system would be best for your business?
For offline use of documents, securing them with a Viewer that requires installation is the best option, provided that the credentials aren’t shared with other computers (i.e. a system that relies on passwords for document protection). If you opt for timed sharing of the documents (i.e. document expiry), you must ensure that the time and date cannot be interfered with to make the access to the document last longer than intended.
For online use of secured documents that are not too confidential, web viewers can be used. In this case, you will have to permit multiple usage of some login credentials, while you might have to restrict simultaneous usage of other credentials. You can also lock users to specific locations with country and IP restrictions. This is extremely useful when the users cannot install apps on their computers.
Some companies use both installed viewers (for most viewing) and browser-based viewers (for specific external users) for a more flexible approach to document security.
So, which option will you choose? Do you have any questions? Please feel free to leave your comments below.