Revoke or expire document access with FileOpen DRM

Posted by FileOpen DRM News

Today we are very much digital citizens with the world’s information at our fingertips; we are always on, operating in real-time.  The amount of data we produce is staggering.  Every time we share, copy to the cloud, re-name, edit and redistribute a file, we are scattering data. Often times this choice is made out of convenience rather than security or future data management work-load.  To put this into context, I logged into my personal Google Drive this morning.  I found sensitive and proprietary information in documents shared with me from former co-workers, bankers, lawyers and agencies that was no longer of great importance to me, but could cause significant damage if stolen, given to a competitor or otherwise abused.  While my example may not make big headlines, there is ample cause for concern.  As of this morning, there are 39,100 PDF files indexed by Google that have “not for public release” in the title.

While all of these documents may not truly be a security concern, they are just a result of one Google search,  and do indicate the magnitude of each document owner’s data sprawl; which, as a whole adds up to a serious vulnerability.   A vulnerability that can lead to lower business productivity, loss of competitive advantage, irrecoverable data loss or compliance violations; which, after all, is a fundamental responsibility of a document owner

So what can be done to address this? 

FileOpen document security and rights management solutions provide military-grade document encryption along with granular access and usage controls, enabling the document owner to share documents without giving up control. Today we will talk a little bit about core functionality within FileOpen software that allows document owners to expire file access based on predetermined usage, timeframe or date.  Additionally we will show you how to revoke document access, Mission Impossible style.   

How to revoke document access with FileOpen DRM

If the document owner determines business conditions warrant a change in who can access a FileOpen-protected document; the owner can instantly revoke a specific user’s access or access to a specific document by all users.   All changes take effect instantly.

Let’s look at an example. You send out a proprietary research to a number of people then later discover a critical error. In the meantime, that document has been edited, renamed, and saved locally to hundreds of devices. As the document owner, you can revoke access instantly with a simple tick of a checkbox. Now none of the recipients will be able to open any copy of that protected document. You can then send out an updated copy without the embarrassing error.

Here’s another example. You protect sensitive legal information in a document and send it to business partners and select staff. After a falling out, you are no longer business partners with one particular company. You can revoke access for the users in that particular company alone. All other users can still access the document without interruption.

How to Expire Documents with FileOpen DRM

In addition to instant revocation, FileOpen software can be configured to expire document access on a predetermined date, after a given timeframe or after a certain count of opens or prints.    To demonstrate, let’s look at another example.  You are preparing my company’s quarterly financials and need to distribute early drafts to a small group of staffers and outside legal counsel.  All access to this draft is to cease on October 5st, the day before earnings are made public.  You start by creating a Group within the FileOpen PermissionServer; a collection of authorized users, your protected files, and the policies that govern the usage of those files.  Within the Group you specify the permissions that will govern the usage of the documents. For this situation, you will set an absolute expiration date of October 5, 2015. 

After preparing the permissions for the Group, you add all authorized Users into the same Group through a quick pull down menu. As a side note, this step could be automated depending on your use case or workflow requirements; FileOpen integrates with existing ADS/ SSO system, eCommerce systems, enterprise file-sync-and-share or learning management tool; making it easy for administrators to centrally manage users and permissions. 

The next step is to protect the draft documents and add them to the Group.  You simply drop the source files into a watched directory on your local machine and FileOpen software does the rest. 

 

An encrypted version of your source document is created and placed into a corresponding Encrypted folder on your machine.   The only thing left to do is to distribute the document to the authorized Users.

On October 5th all access to the protected drafts is cut off, no matter where authorized users have stored the document.  The only way this draft can be opened after the expiration date is if/when the document owner re-enables the document from within the PermissionServer by modifying the expiration date.

Would you like to learn more?  Request a quick demo or get a free 14-day trial to test expiration and revocation for yourself.

 

How to Protect PDFs without Passwords

Posted by FileOpen DRM News

How many times per day do you have to remember your username and password to access an application or Web page? According to a recent TeleSign study, consumers have an average of 23 online accounts, and more avid Internet users have a much higher number.  In my own experience, as of noon today, I’ve already logged into 9 different applications - all of which have required username and password authentication. To make matters worse, I had to reset a password to a website I hadn’t used in a while.  That said, we at FileOpen know just how frustrating it is to manage what seems is a never ending list of credentials in your head.  So today’s post will cover how you can protect your high-value documents without some of the inherent pain points and security issues associated with username and password authentication. 

blog-call-out

The problem with passwords

Passwords are the most common way users confirm their identities.  However, passwords are also considered a weak form of authentication.  The truth is that there’s nothing wrong with passwords; the problem is the user. Users experience what is known as password fatigue; they select passwords that are too simple, too predictable, they re-use the same passwords across systems, they fail to change their passwords on a regular basis, and much to our disbelief, users log credentials in notebooks usually kept alongside their machine.  As you can see, the Personal Internet Address & Password Log Book retails for $6.49 and is currently a #1 Best Seller on Amazon. 

Amazon-Best-Seller-Password-Log

In addition to password fatigue, users fall victim to cybercriminal’s phishing and spoofing scams.  And finally, what is to keep a user from lending their credentials to someone else?

 

FileOpen Approach: Securing documents, without passwords

FileOpen document security software offers businesses a variety of authentication modes designed to alleviate the pain and insecurity of traditional username and password authentication. 

The first out-of-the-box mode of authentication is device or machine authentication.  With this mode, users authenticate once by opening a FileOpen Registration PDF on their desktop, laptop or iOS device with the FileOpen Client.  Once opened, the FileOpen Client sends a list of machine identifiers, unique to that user’s device, to the governing PermissionServer which then logs the information within the user’s profile as a registered device.  After opening that registration PDF, all subsequent access requests by that user are permissioned by validating the user’s machine identifiers with the governing PermissionServer.  This means the whole identification process is invisible to the user and is exactly the same as opening a non-protected PDF file.  All permissions are obtained from the document owner’s PermissionServer in real-time, and are specific to that user’s device. Permissions are not portable in any way that the user can control; permissions are locked to the original device. 

FileOpen_Registration_PDF

The FileOpen software may also employ additional means of authentication.   FileOpen integrates with existing ADS/ SSO systems, eCommerce systems, enterprise file-sync-and-share or learning management tools. These options make it easy for administrators to centrally manage users and permissions, without requiring users to manage yet another password.  In addition, custom configurations can be deployed to support cookie-based authentication, domain authentication, and user log-in authentication. 

 

While businesses truly dread the challenges and problems posed by passwords, it still remains a core authentication and security technology. And, as mentioned above, we don’t believe passwords are the root of the problem, we believe it’s the human element.  With that being said, FileOpen does support username password authentication and includes features to ensure security.  These features include:

  • Device limits: Owners may designate the maximum allowable count of devices that user may access a protected document from.  The smaller the number the more secure the system.
  • Revocation:  Allows owners to instantly disable access by document, user or user’s device.
  • Tracking:  Logs all access and usage by document or user ─ even failed access attempts.  This information includes device / machine identifiers, user login, host name, IP address as well as date and time.
  • Viewing Requirements:  Allows document owners to limit document access to specific operating systems.
  • Usage Controls:  Prevent or restrict copy/paste, printing, editing, saving and screenshots.

 

Want to learn more?  Start a free 14-day trial to see how you can start protecting your PDFs, without passwords. 

FileOpen Viewer for iOS (v2.4.0)

Posted by FileOpen DRM News

 

We are pleased to release the latest version of the FileOpen Viewer for iPad®/iPhone®.  The app updates like any other app you are accustomed to.  If you don’t have automatic updates enabled you will need to manually press "update" from the AppStore.  
 

ios-1

What's New in Version 2.4.0

  •          Updated to support wider range of PDF files
  •          Improved decryption speed
  •          Added support for location services and device identification
  •          Small bug fixes and enhancements

This update replaces version 2.3.4 posted to iTunes in Jannuary 2015.

Client-side vs. Web-based document security

Posted by FileOpen DRM News

The more things change, the more they stay the same

In the early 1990’s client server architectures were ubiquitous. Businesses managed their own servers, software, and productivity tools for their workforce.  In the 2000’s, the growing adoption of the Web introduced new opportunities and serious new threats to the IT landscape. Businesses responded by installing more infrastructure; typically more hardware in the data center. The idea was to establish a perimeter around the business to keep hackers out and intellectual property (IP) in. Fast forward to 2010, the world had completely changed: Web access was ubiquitous. Social media, collaboration tools, file sync-and-share, and mobility (BYOD) were unstoppable forces.  However, the more things changed the more the need to protect sensitive, regulated or corporate IP stayed the same.

client_side_file_encryption

Today businesses have embraced this new era, accepting easy-to-use, always-available productivity tools delivered to everyone in their workforce, anywhere in the world, on all their devices, in real time.  By doing so, these companies not only realize a broad array of capabilities but a distinct cost savings of no longer maintaining servers and software in-house.  However, the downside is that centralized, perimeter-based security solutions no longer make sense.  

So, the question becomes: do you trust security measures provided by third party Web-based service providers, or do you apply client-side security to persistently protect your IP? 

Client-side vs. Web-based document encryption

With Web-based encryption, documents are encrypted by the sender, at the server, so that only the receiving party can decrypt them. This approach is designed to keep files safe during transfer, but both ends are often left vulnerable.  For example, in October 2014, Dropbox was a victim of a sender side breach.  Dropbox users had their usernames and passwords released on Reddit, giving millions of Internet users access to the contents of their accounts. Because the content stored in the cloud was not encrypted, any user with credentials could access that content.

client-side-file-encryption

Had those same documents been encrypted prior to being uploaded to Dropbox, the damage would have been significantly reduced. With client-side encryption your documents are always protected; only authorized users can access the content no matter how the document is obtained or where it is stored.  The same goes for your third-party service providers, with client-side encryption your Web App providers have “zero knowledge” of your content; meaning they can’t access or disclose your company’s private information.  Client-side encryption is the only option that offers that kind of security.

In addition to security, client-side tools have definite business benefits.  With client-side encryption tools your workforce is equipped to apply document encryption on the machine they use to author high-value documents.  It is always available; empowering your workforce to easily apply document security measures without opening a browser, remembering credentials, or additional steps.   Furthermore, having the encryption App local to the machine increases the likelihood of it becoming part of the user’s daily routine; a constant IP protection reminder, if you will. 

FileOpen Solutions

At FileOpen, we have been building document security solutions for our customers since the early 90’s.  We were the first Adobe Technology Partner to build a third party plug-in to control access and usage of PDF documents.  The solution consists of three basic components; document encryption tools, a permissioning server to govern access and usage, and a versatile set of clients and viewers.  Customers have the option to host their own permissioning server, RightsServer, or leverage a hosted version, RightsManager.  Both solutions offer true client-side document encryption tools. Put simply, we don’t ask you to upload your source documents to our server for encryption. 

FileOpen offers several configurations for client-side encryption to meet varying business needs.  At the most basic level, users simply drop their unprotected documents into a monitored directory on their machine.  That action initiates the encryption process and within seconds an encrypted version of the same document is placed into a directory of the user’s preference.  The file can then be distributed by any means available.  If appropriate there is an option to mirror the output folder to many popular file-sync-and-share sites through oAuth or other APIs.  In addition to our basic directory monitor interface, FileOpen software can be configured to programmatically encrypt all documents created on a given machine or server, as they are created or on-the-fly, as the documents are being requested. 

 

Want to learn more? Contact us if for a quick demonstration or start a free 14-day trial.

 

 

Topics: document encryption, security, DRM advice, DRM mistakes

FileOpen Client 0963 for Adobe Acrobat/Reader (WIN)

Posted by FileOpen DRM News

We have released an updated FileOpen Plug-in for Adobe Acrobat and Reader for Windows, Build 0963.   This new client implements support for the latest Adobe Acrobat/Reader and includes minor bug fixes and enhancements.  This update replaces the Windows 0962 release from July 6, 2015. 

FileOpen Client 0963 is backward-compatible to Adobe Reader/Acrobat 9.  We recommend that you encourage users to upgrade to the 0963 client.

Topics: FileOpen plug-in, Client Release

FileOpen Client 0962 for Adobe Acrobat/Reader (WIN)

Posted by FileOpen DRM News

We have released an updated FileOpen Plug-in for Adobe Acrobat and Reader for Windows, Build 0962.   This new client implements support for the latest Adobe Acrobat/Reader. Specific improvements include:

  • Support for SHA-2 password hashing.
  • Updates to the FileOpen Broker.
  • Additions to application whitelist affected by screenshot prevention measures.
  • Support for print command, shrink to fit. 
  • Various bug fixes and enhancements.

This update replaces the Windows 0958 release from April 2015.

FileOpen Client 0962 is backward-compatible to Adobe Reader/Acrobat 9.  We recommend that you encourage users to upgrade to the 0962 client.

Topics: FileOpen plug-in, Client Release

Two Lesser-known FileOpen Features: Screen Capture Prevention & Watermarking

Posted by FileOpen DRM News

Document security is one of the most important challenges faced by businesses today.  Your documents contain your company’s proprietary, confidential or regulated data and are likely the most valuable things on your computer or network. FileOpen document security and rights management software not only allows businesses to set up strict access and usage controls to documents, it also provides additional layers of security to prevent or deter the unauthorized redistribution of the data in your documents.

Today we will take a look at two lesser-known features available in FileOpen software that protect your all-important data; screen-capture prevention and user identifying watermarking.

Screen capture prevention

For our most security conscious customers FileOpen offers screen-capture prevention in environments where possible; more specifically Windows operating systems.  FileOpen has obtained a  Code Signing (Class 3) Digital ID giving permission to run services at the kernel level, including monitoring for a screen capture event.  Once an event has been identified, our app hides the content of the protected document.  The screen shots below illustrate a FileOpen-protected document with and without screen capture prevention enabled. 

FileOpen-protected-documentFileOpen-protected PDF, viewed in Adobe Acrobat/Reader DC with the FileOpen Plugin, without screen capture prevention enabled.  Image captured with the Windows Snipping tool.

FileOpen-screen-capture-preventionFileOpen-protected PDF, viewed in Adobe Acrobat/Reader DC with the FileOpen Plugin, with screen capture prevention enabled.  Image captured with the Windows Snipping tool.

To be clear, we do not claim that FileOpen guards against all methods of screen capture; it is always possible for a determined adversary to use a camera or to transcribe content manually. Nothing is 100% secure unless it is 100% unusable.  That said, FileOpen screen-capture protection adds real value by preventing screenshots in environments where it can do so without impacting the recipient’s ability to use the document as intended. 

User identifying watermarks

In addition screen capture prevention FileOpen offers user identifying watermarks. Watermarks can be applied on-screen and to printed copies of protected documents and can be different watermarks in the two cases.  These watermarks are a defensive mechanism addressing the human element; a recipient is far less likely to disseminate content where they are identified as the source.

Watermarks can be configured as needed and can be edited with immediate effect. They can contain static and variable information (for example, the recipient email address, IP address, user host name, print driver and the date and time of view/print). For this reason, different users will see the same document with different watermarks.  FileOpen watermarks are supported  in PDF on Windows and Macintosh, in OPN on all supported devices, and in the FileOpen HTML5 rendition.

The screen shots below illustrate a FileOpen-protected document with user identifying watermarks.

FileOpen-user-identifying-watermarks-in-PDFFileOpen-protected PDF, viewed in Adobe Acrobat/Reader DC with the FileOpen Plugin. Both variable and static watermarks are present.

FileOpen-user-identifying-watermarks-Web-viewerFileOpen-protected PDF delivered in OPN format, viewed in Chrome without any clients or plugins.  Both variable and static watermarks are present.

Contact us today to learn more about the FileOpen document security or request a free 14-day trial.

 

 

Topics: document control, data protection, stop document piracy

What makes FileOpen document security & control different?

Posted by FileOpen DRM News

At FileOpen we understand that building out your security infrastructure can be a daunting task.  Every document security and DRM vendor claims their solution is bigger, better and faster than the others.  It is vital to evaluate these claims and potential issues before a solution is purchased.  We advise our potential customers to create a checklist encompassing their core requirements and desired results.   A checklist may start small and grow as you assess each solution.  To assist in this process we have put together a few questions based on what our customers have consistently identified as important differentiators, such as:

  • Security and encryption
  • Recipient ease-of-use
  • Day-to-day administration and permissioning
  • Flexibility and extensibility (integrations)

Security and encryption

This section covers issues pertaining to file-level security and encryption.  This encryption makes the contents of your files indecipherable to unauthorized individuals. Document encryption uses complex mathematical algorithms to convert documents into an information package that cannot be read until there is a positive client server interaction verifying user identity and permissions. So, if an unauthorized individual intercepts an encrypted document they will not be able to access and read it.

FileOpen gives you a choice of encrypting on-premise or in the cloud, so you never have to upload an unprotected file. Once the document is protected, it can be distributed safely through whatever mechanism or protocol is most appropriate.  Documents are secured at all times and can only be accessed after a positive client server interaction verifying user identity and permissions.

 
FileOpen
Other Vendor
  1. Does the solution offer local encryption so source files are never transmitted over the internet?
YES

 

  1. Are decryption keys stored within the document?
NO

 

  1. Can the permission data be stored separately from the document?
YES

 

  1. Can permission requests and data be encrypted as well as the document?
YES

 

  1. Can document controls be enforced even after being downloaded to the recipient’s device? Offline?
YES

 

 

Recipient ease-of-use

One of the biggest challenges of document DRM is making it easy for your users to share, access and work with protected files.  No organization wants to lose control of protected documents, or to place unnecessary barriers between authorized users and the information they need to do their jobs.  With FileOpen’s versatile client set you can define when, where and how users can interact with documents while still allowing users to use the productivity tools of their choice.

 

 
FileOpen
Other Vendor
  1. Does the solution provide protected files in standard file formats like Adobe® PDF, Microsoft® Word®, Excel® or PowerPoint®?
YES

 

  1. Does the solution provide a preview of protected document to authorized users without any software installation (plugins/clients)?
YES[1]

 

  1. Can protected files be accessed from mobile devices? 
YES

 

  1.  Are native applications required for mobile viewing?
NO[2]

 

 

Day-to-day administration and permissioning

This section covers issues pertaining to administering document access and usage controls.  These features allow you to securely share your files with others, while maintaining full control over who accesses them and how they can work with them. With FileOpen software, you control who can access your files by defining groups and including the users in these groups. For each group, you set specific usage policies, such as print restrictions, watermarks and offline capabilities. You then protect documents by assigning them to their respective groups, according to the permissions you want to grant. You can change a user’s or documents group membership at any time, with immediate effect.

 

 
FileOpen
Other Vendor
  1. Can the solution control printing, copying and saving of the file?
YES

 

  1. Does the solution provide user-identifying watermarks on document view and print?
YES

 

  1. Does the solution provide the ability to grant offline access? Configure how long offline access is permitted?
YES

 

  1. Does the solution provide an out of the box, easy-to-use authentication scheme?
YES

 

  1. Can the administrator of the solution remove access to specific documents, users or user’s device?
YES

 

  1.  Does the solution provide access to activity reports by user, document and failed access attempts?
YES

 


  1. Can the solution be configured to automatically apply permissions to documents? Provision users?
YES[3]

 

 

Extensibility & flexibility

This section is designed to help you find an integration-friendly solution; one that enhances and extends current investments.  At FileOpen, we work with customers evolving standalone solutions into infrastructure that protects and controls documents as they are created or on-demand. Our extensive list of services and APIs allow any person or system within an organization to protect documents and permission authorized users.

 
FileOpen
Other Vendor
  1. Can the solution be implemented on-premise? Or as a Software-as-a-service (SaaS) solution?
YES

 

  1. Can the solution be configured to protect files as they are created?  In batches?  On-demand?
YES

 

  1. Are there specialized services for eCommerce?
YES

 

  1. Does the solution integrate into cloud-based sync-and-share systems like Dropbox?
YES

 

  1. Does the solution extend current directory services? Does it support mixed-mode authentication?
YES

 

  1.  Can the solution connect to existing NAS?
YES

 

Creating a vendor checklist can be a difficult task but after reviewing your company’s polices you should be able to create a list that will help you decide which solution will conform to your company’s security requirements.  Contact us today for more information on how FileOpen solutions stack up or sign up for a free 14-day trial and see for yourself.

[1] The FileOpen Plugin/Client is required to securely collaborate within native publishing tools like Adobe® Acrobat®, Microsoft® Word® and Excel®
[2] While not required to preview a FileOpen-protected document in a browser, native iOS and Android Apps are freely available and provide a larger feature set.
[3] FileOpen offers extensive APIs to connect document and user permissioning to almost any third party system.  

 

Topics: document control

Simplifying File Sync and Share Security

Posted by FileOpen DRM News

File sync and share is an essential part of doing business today.  It’s likely your employees use multiple tools to sync files across personal and corporate devices, including phones, tablets and laptops; sharing files and folders with friends, family, colleagues, prospects and customers.  Employees have embraced the cloud, but likely without considering the necessary security precautions.  We know we should be wary of moving our high-value or confidential documents to an external server; however it is often the easiest way to get the job done  file-sharing-internet-traffic

Put simply, most file sharing services lack the tools IT needs for administration, control and visibility. At present, most cloud vendors don't even offer document-level security or DRM.  Eventually this may change, but when it does it is almost certain that each vendor will implement DRM differently.  Files uploaded to different sync and share systems will be encrypted differently by each vendor and therefore not portable in encrypted form between systems.  This will lead to yet another burden on IT teams as they will have to interact with each vendor’s administrative tools to manage or audit protected file usage.  In contrast, files encrypted using a DRM implementation like FileOpen will be encrypted in the same way regardless of which cloud system they are stored on, will remain encrypted at all times regardless of how they are delivered to the intended recipient, will not be readable by employees of any cloud service, and will provide a single interface to control usage across all such distribution channels.

With this in mind, here are four reasons to add a layer of FileOpen security to your current file sharing services.

  1. Minimal change to process:  Once FileOpen software is installed on your machine there are only two changes to your process.  Instead of uploading or syncing source documents to your file sharing service, you upload the FileOpen-protected version.  You then only need to add the intended recipients to and authorized group within a Web-based PermissionServer.  If one of those users accidentally forwards the document to the wrong person, it can’t be opened or viewed. Moreover, DRM enables you to instantly revoke access to a previously authorized recipient, if necessary, or even to one of their devices if misplaced or stolen.
  2. Enforce acceptable use policies:  Advanced DRM solutions allow you to control exactly how a recipient uses your document, adding layers of security to the most sensitive documents. Restrict or expire privileges on a need-to-know basis. Different organizations, and levels within them, can be granted unique sets of permissions on the same document.
  3. Apply detailed watermarks: As a final measure of security, watermarks can ensure the traceability of sensitive documents by overlaying key information about the user, such as their name, date, time, printer and location. Watermarks can provide the “smoking gun” in determining where and when a document was leaked, and aid authorities in enforcing compliance with privacy regulations.
  4. Enable secure, but uncomplicated access: At the core of any failed security initiative is an overly complex, hard-to-use solution. FileOpen eliminates such hurdles with the FileOpen Viewer, which provides access to protected documents through Web browser with no plugins or desktop software required.  It also provides Android or iOS user’s access on their smartphones and tablet through native applications. 

To learn more about FileOpen software and how we can add a layer of security to any file sharing service visit our document security solutions page or request a free 14-day trial.

Topics: document security

FileOpen Client 0958 for Adobe Acrobat/Reader (WIN)

Posted by FileOpen DRM News

We have released an updated FileOpen Plug-in for Adobe Acrobat and Reader for Windows, Build 0958.   This new client implements support for the latest Adobe Acrobat/Reader. Specific improvements include:

  • Support for Adobe Acrobat Reader DC on Windows.
  • Updates to the screenshot prevention mechanism.
  • Modifications to disable "Save As" functionality in Reader X; related to Adobe PSIRT Incident 3124.
  • Improved support of French error messaging.
  • Additions to application whitelist affected by screenshot prevention measures.
  • Correction to dialog displayed when a printer is rejected. 
  • Various bug fixes and enhancements.

This update replaces the Windows 0954 release from February 2015.

FileOpen Client 0958 is backward-compatible to Adobe Reader/Acrobat 7.  We recommend that you encourage users to upgrade to the 0958 client.

Topics: FileOpen plug-in, Client Release, Adobe Reader 11