Today we are pleased to announce our membership in the IBM PartnerWorld® as a validated technology partner. Together, IBM WebSphere® Commerce and FileOpen will bring innovative e-commerce services and document security solutions to serve the global community of IBM WebSphere Commerce partners and customers.
WebSphere Commerce customers can now leverage the built-in integration with FileOpen DRM to stop piracy and retain revenues from documents sold online. The integration with IBM WebSphere Commerce provides full automation between the payment process, the issuing of document access and enforcement of document permissions.
The FileOpen WebSphere integration works by granting paying users access to purchased documents while denying privileges to those who have not purchased. Additionally, the FileOpen Document Security Module enforces granular access controls such as document expiration, saving of local copies, and the imposition of user-specific watermarks. From a paying user perspective, there is no interruption of service. In fact, with FileOpen's lightweight clients, paying users may not even be aware that documents are secured. Documents open in standard document viewers, within a Web browser or in a native Android or iOS app. Notwithstanding the ease-of-use, forwarded documents will not authenticate and cannot be viewed by unauthorized users.
“The advantage of FileOpen Document Security is that it takes the headache out of selling documents online. The document owner simply hosts the protected document on the Web store and can rest assured that only the paying user can access the document,” said Sanford Bingham, CEO & President, FileOpen Systems Inc. “The integration allows publishers to focus on increasing sales, instead of wasting time manually setting permissions and keeping databases in sync.”
- Control access: Apply local AES-256 bit encryption to protect documents from piracy.
- Retain revenue: Stop the forwarding of documents — absolutely no unauthorized access.
- Support mobility: Deliver documents securely to PCs, iPad, iPhone, and Android... instantly.
- Enforce policy: Control how recipients use information even after delivery.
- Monitor activity: Track how often documents are used, by who.
For more information see the IBM WebSphere Commerce Validated Technology Partner Listing or request a personalized demonstration.
We are pleased to release the latest version of the FileOpen Viewer for iPad®/iPhone®. The app updates like any other app you are accustomed to. If you don’t have automatic updates enabled you will need to manually press "update" from the AppStore.
What's New in Version 2.3.1
- Improved persistent device identifiers.
- Support for most legacy and recent watermark syntax.
- Various bug fixes.
This update replaces version 2.3 posted to iTunes on 1/13/2014.
Are the major cloud providers growing too fast to pay attention to file security?
According to research released by IHS Technology this month, spending for cloud infrastructure and services will reach about $174.2 billion in 2014, up 20% from 2013. The cloud promises enterprises cheaper and faster data storage and delivery, but what are the implications of so much data being held by a small handful of dominant cloud providers? Amazon, Box and Dropbox have already been ripe targets for ambitious hackers, and have been slow to offer additional layers of file security to safeguard their customers’ data. Furthermore, files being uploaded and shared in the cloud have no security in transit or after being shared with another user.
FileOpen has been watching the trend toward cloud storage, and recently introduced support for secure file sharing in the cloud via Dropbox, Box, ShareFile, and others. FileOpen’s cloud support works by giving publishers a unique, private URL which displays a custom view of a folder in their cloud storage account. Publishers add FileOpen-encrypted files to the folder and share the custom URL with their intended recipients. When the user attempts to open the target file, which may be PDF, OPN, or one of the MSOffice file types, they are authenticated seamlessly via the FileOpen RightsManager/RightsServer back-end and the file displays on the user’s device.
For publishers already using FileOpen encryption on their files, our cloud support provides a new, simplified way of delivering files to users and an alternative to maintaining a complex distribution infrastructure. Access to secured files through the cloud can also be integrated to a publisher’s website via an HTML frame, displaying the file inline so it appears served from the publisher site, while it is actually retrieving the file from the cloud folder.
For those already using Dropbox or other cloud providers to share documents, FileOpen can add a layer of strong security, both in the cloud, in transit, and after delivery to the end-user, which none of the major cloud providers can offer. As with any FileOpen-protected file, whether shared through the cloud or by other means, access can be granted, modified or revoked at any time, to any device, even after delivery. Recipients of FileOpen-secured files accessed through the cloud don’t experience any degradation of the normal viewing experience—no password entry is necessary.
Check out our page on adding a layer of FileOpen security to file sharing in the cloud or request a personalized demonstration.
FileOpen Viewer for Android (v2.4)
We are pleased to release the latest version of the FileOpen Viewer for Android. The app updates like any other app you are accustomed to. If you don’t have automatic updates enabled you will need to manually press "update" from the Google Play.
What's New in Version 2.4.
- Enhanced visuals and user interface.
- Support for most recent server protocol.
- Document re-sizing and other various bug fixes.
This update replaces version 2.2 posted to GooglePlay in October 2013.
Today a report published by U.K.’s Information Commissioner’s Office (ICO) highlighted the data protection challenges and privacy risks agencies face when dealing with sensitive personal information. While the ICO’s study was limited to the foster care system, their findings highlight the importance of protecting sensitive personal information across all social services.
Risks and Penalties
- Highly sensitive personal information concerning foster carers and looked after children is routinely emailed between agencies and local authorities for the purpose of arranging foster care placements without encryption. The lack of such safeguards increases the risk that the information could be inappropriately accessed.
- The majority of agencies visited did not encrypt mobile devices used to process, store or transport personal data. This included items such as laptops and USB sticks. If lost or stolen, any such devices containing sensitive personal data could be easily accessed.
- Fostering agencies often require carers to provide them with updates about looked after children but they do not provide secure methods such as VPNs by which to do this. Sensitive personal information is therefore processed on home computers and stored in the ‘cloud’ in ISP or webmail accounts (Hotmail, Gmail etc.).
- Some agencies allow their staff to carry out work involving sensitive personal data on their home computers instead of providing appropriate remote access to their network, an encrypted memory stick or a work issued encrypted laptop on which to save their work.
- Adequate data protection/information security training is not provided by agencies to their staff.
John-Pierre Lamb, ICO Group Manager in the Good Practice team, said, "The worst breaches of the Data Protection Act can lead to a monetary penalty of up to £500,000, but when you consider the sensitivity of the information this sector is responsible for, the human cost could be far more significant.”
How to Get Compliant
Nowhere is the need for privacy more important than in protecting personal information about children in need and the foster families who help them. Minimizing this threat doesn’t necessarily mean rigid, cumbersome security measures of the past. A few best practices that could prevent a breach of this nature:
- Secure sensitive documents: Using a DRM solution like FileOpen RightsManager allows you to grant permission to only certain users. If one of those users accidentally forwards the document to the wrong person, it can’t be opened or viewed. Moreover, DRM enables you to instantly revoke access to a previously authorized recipient, if necessary, or even to one of their devices if misplaced or stolen.
- Enforce usage and retention policies: Advanced DRM solutions allow you to control exactly how a recipient uses your document, adding layers of security to the most sensitive documents. Restrict or expire privileges on a need-to-know basis. Different organizations, and levels within them, can be granted unique sets of permissions on the same document.
- Apply detailed watermarks: As a final measure of security, watermarks can ensure the traceability of sensitive documents by overlaying key information about the user, such as their name, date, time, printer and location. Watermarks can provide the “smoking gun” in determining where and when a document was leaked, and aid authorities in enforcing compliance with privacy regulations.
- Enable secure, but uncomplicated access: At the core of any failed security initiative is an overly complex, hard-to-use solution. FileOpen eliminates such hurdles with the FileOpen Viewer, which provides access to protected documents through Web browser with no plugins or desktop software required. It also provides Android or iOS user’s access on their smartphones and tablet through native applications.
Contact us for more information or to get a personalized demonstration.
In the latest of a series of damaging leaks in Hollywood, the LA Times has reported that Quentin Tarantino has decided to shelve plans to film The Hateful Eight after the confidential script was circulated far beyond the small circle of actors to which Tarantino initially sent it. Tarantino is quoted by Deadline as saying “I finished a script, a first draft, and I didn’t mean to shoot it until next winter, a year from now. I gave it to six people, and apparently it’s gotten out today.” Evidently one of the actors under consideration for a role shared the document with his agent, who then passed it along to “everyone in Hollywood.”
Other prematurely leaked scripts in recent years include the script of Breaking Bad, Entourage, The Fifth Estate, The Avengers, among others. Many of these leaks happened without malicious intent by the responsible party, but they can be extremely damaging to creative projects that rely on an air of secrecy to attract a top-notch cast and ensure marketability as it enters production. In the days of printed copies, controlling copies of a script were somewhat easier, but increasingly scripts are being shared in digital form, most often without any encryption or with easily shared document passwords.
A Hollywood Primer on DRM in Three Steps
- Secure your scripts using a real DRM solution, not passwords: Document passwords can easily be passed along with confidential documents. Using a DRM solution like FileOpen RightsManager allows you to grant permission only to certain contacts. If one of those contacts forwards the document, it can’t be opened or viewed. Moreover, DRM enables you to instantly revoke access to a previously authorized recipient, if necessary, or even to one of their devices if misplaced.
- Place usage restrictions on your scripts: Advanced DRM solutions allow you to control exactly how a recipient uses your document, adding layers of security to the most confidential documents. Restrict or expire printing privileges, log the time and location of each print attempt, embargo or expire access to an absolute date or after a certain number of days (or even minutes!), and specify how many devices on which a user can view a document.
- Apply detailed watermarks: As a final measure of security, watermarks can ensure the traceability of high-value documents by overlaying key information about the user, such as their name, date, time, printer and location. Those in possession of a physical copy of the document are far less likely to share or sell a document with their identity displayed on each page. FileOpen RightsManager allows admins to set unique watermarks that appear on both the digital and printed document, or only on the printed version.
Contact us if you would like to learn more about how the film industry uses FileOpen DRM.
The FileOpen team is excited to announce our third webinar in a monthly series: "Is BYOD the weak link in your document security strategy?". Join us on Tuesday, November 19 at 10:00 am Pacific/1:00 pm Eastern to see why leading corporations choose FileOpen to secure their documents in the era of BYOD.
Managing the BYOD (Bring Your Own Device) phenomenon can be challenging, but with the right security policies and technology, you can strike the right balance between enabling mobility and security.
Discover how organizations in your industry use FileOpen DRM to:
- Support corporate “bring your own device” (BYOD) initiatives
- Authenticate users and protect documents on PCs, Mac OSx, iPad, iPhone, and Android
- Securely share documents by email or via the cloud (e.g. Dropbox)
- Expire or revoke document access at any time — even after delivery
- Keep users happy with a hassle free user experience
- Track when and where your documents are being viewed, and for how long
Have a question you would like us to answer during the presentation? Ask below!
We are pleased to announce that the FileOpen Viewer for Android is now freely available in Google Play. The new FileOpen Viewer app will enable licensees of FileOpen’s suite of DRM solutions to share documents securely with end-users on Android devices such as the Google Nexus, Motorola Droid X, and Samsung Galaxy; in addition to Apple iOS devices such as the iPad and iPhone. We will continue to support users on Windows 7, 8, Vista, XP; and Mac OSX, 10.5 or later.
Leveraging FileOpen’s core document security technology, the new FileOpen Viewer for Android not only protects files from unauthorized sharing, but also enforces granular access controls such as document expiration, saving of local copies, and the imposition of user-specific watermarks. The app operates in essentially the same way as the FileOpen plug-in for Acrobat/Reader, authenticating each open and print command with the publisher’s server. When permission is granted, the FileOpen Viewer for Android displays the document, which can then be used according to the permissions set by the publisher.
Documents accessed by the FileOpen Viewer for Android are encrypted with industry-standard 256-bit AES encryption, and cannot be opened by users without explicit permission from the publisher’s server. Authentication may be linked to a session login to the publisher’s server or device registration, which can be emailed to the user.
This expansion of FileOpen's product line advances our mission of enabling secure document distribution to the broadest possible range of devices and platforms, maximizing security for our customers while reducing end-user hassles and tech support issues. For more information please read the full press release or check out the FileOpen Viewer for Android Web page.
BYOD (“Bring Your Own Device”) has invaded the workplace, whether sanctioned or supported by your IT department, and is clearly here to stay. According to a study by iPass and MobileIron, 81 percent of companies now allow employees to bring and use their own devices. What company wouldn’t want reduced hardware and subscription costs, with the promise of increased employee efficiency and productivity? Studies show mobile-equipped employees tend to work more hours each week than non-mobile-equipped employees. Employees also prefer to use their personal device over a corporate-issued device. The challenge is to accommodate the reality of BYOD without foregoing data security or introducing chaos to your IT systems.
Here at FileOpen, we work with thousands of customers delivering documents securely to millions of users worldwide. We have found the most successful implementations of a BYOD strategy are accomplished by businesses that are as progressive as their users and agile in their efforts to provide a flexible yet secure work environment. In this post we’ve pulled together a summary of the key components of their successful implementations.
Build a comprehensive BYOD policy
BYOD or mobile device security policies vary by industry as well as within specific verticals. Common goals are to make sure BYOD is aligned with the company’s current strategy, retaining employees by supporting flexibility, and offsetting equipment costs. While keeping these goals in mind, define the types of data that should be accessible and the risks that accessibility may pose. A few considerations:
Allowable devices: Minimum requirements and level of support by device
Allowable activities: Access to the corporate network, corporate data and Web applications
Legal & HR considerations: Clear lines of demarcation between corporate and employee data and liability
Employer controls: Agreements giving the company authority to implement controls, such as encryption, access controls, monitoring and the “right to wipe”
Educate employees about the risks of BYOD
The most important next step is education; which includes explaining to each employee how BYOD would work for them and what potential risks could be to the organization as a result of their behavior. If employees understand that the policy is not only designed to protect corporate data but their personal information as well, they are more likely to adhere to corporate controls.
Get the right file protection technology
It goes without saying that a company that engages in the BYOD approach without ramping up its protective measures is putting its security in jeopardy. The devices are easily replaceable, but what they contain is not. That’s why successful businesses implement technology that focuses on securing the data at the source rather than the endpoint, ensuring the safety of data regardless of its location. For document specific protection, our customers appreciate that our FileOpen solutions directly embed access rules into documents, which are enforced by whichever device and viewer the user happens to be on. Using the FileOpen RightsManager dashboard, they can quickly and easily make changes to access policies, even after the user has downloaded the files.
Monitor and track usage
Essential to any BYOD security framework is the ability to monitor and track usage across all devices. Most organizations do not track data effectively and hope their employees strictly follow policy. Companies should consider the use of a content security tool that comes equipped with monitoring features to detect abnormal usage and provide a level of accountability. For instance, if an employee loses a device with sensitive information and doesn’t report it to IT for a week, the IT team can analyze if any documents had been viewed in the interim, and immediately revoke access.
BYOD is here to stay…
At the end of the day, BYOD is a net positive for organizations as it promotes more responsiveness, more accessibility for workers, and higher worker satisfaction. Whichever strategy you adopt for dealing with BYOD, the key is to secure your sensitive data while still providing the end user the freedom and flexibility to use devices to enhance their productivity.
For more from FileOpen see our whitepapers and register for our upcoming webinar, covering document security for BYOD strategies on November 19, 2013.
In our last post, Minimizing Insider Threats: The Rogue Employee, we looked at how organizations can implement effective security measures to thwart a determined effort to leak private information. But insider threats are not limited to employee sabotage. With the accidental click of a button, a well-intentioned employee can cause a disaster of rogue-employee proportions. One may argue that there’s a fine line between deliberate data loss and unintentional data loss. Even if we’re all prone to making mistakes, isn’t it the responsibility of IT administrators to prevent an accidental leak of data that easily could have been prevented with the proper safeguards?
Accidental data loss has the potential to divulge trade secrets and intellectual property, strain client relationships, and ultimately compromise your revenue. So what’s a CIO to do? To minimize the risk of an unwitting disclosure, let’s identify and remedy four common threats:
1. Outgoing Email With Wrong Recipient – Encrypt, encrypt, encrypt. Last September we witnessed the calamity an accidental data loss can bring when the Georgia Department of Labor accidentally emailed the Social Security numbers of more than 4,000 individuals. Labor officials later requested the 1,000 email recipients “please delete the email and attachment immediately.” It can happen to the best of us. Implementing a DRM solution, like FileOpen RightsManager, assures that only authorized users can view a document. FileOpen's RightsManager is closely integrated with Microsoft Outlook so you can email documents securely and know they can't be forwarded or shared. Store your sensitive information in secure documents in lieu of email bodies and spare yourself the “please delete” email.
2. BYOC (Bring your own cloud) – Share files securely. According to a new survey from Usamp, 41% of employees admit to using unsanctioned services like Dropbox, Box and Google Docs on mobile devices to share files. The estimated annual cost to remedy the data loss is about $1.8 billion. Once documents are encrypted, prevent or circumscribe document sharing with permission policies that preclude forwarding, expire access, and monitor document access. Need to remotely access documents outside of the LAN? With a secure file hosting service like FileOpen Viewer, you can still use Dropbox and Box to host your documents, but be certain that only users you specify can view them.
3. Unfettered document access – Control printing and enforce a machine limit. As discussed in our first installment of Minimizing Insider Threats, enforcing a “need to know” policy is imperative in preventing an internal data breach. Once employees are limited to the least number of documents required to do their job, enforce a “need to print” policy. Printing sensitive documents opens a world of vulnerabilities, since unauthorized copies can’t be tracked. Minimize these threats by controlling who can print which documents, and how many times - if any at all. Applying watermarks can ensure the traceability of sensitive documents by overlaying key metadata, such as the username, date, time, and location of printing, to any printed copies. Also, on how many machines does employee X need to access document Y? Her office workstation only? Multiple machines around the office? To prevent an employee from accessing sensitive information on unsecure networks, enforce a machine limit and ensure that she may only access the document from a specified number of machines.
4. BYOD – Instantly Revoke Access. BYOD is here to stay. According to a recent Gartner study, by 2017 half of employers will require employees to use their own devices for work. The convenience of BYOD also brings the concomitant risk of physical data loss. So how can we assure data security on a device that we’ve lost? Simply applying passwords to documents is not a scalable solution for BYOD. Using a comprehensive DRM solution that supports iOS and Android, you can link all of a user’s devices to their company login. If one of their devices is lost or stolen, the IT admin can instantly revoke all document access specifically for that device.
Encrypt, share files securely, control access, and revoke access. Share these tips and let’s help our IT admins get a better night’s sleep. Also, check out our whitepapers and demonstration documents to discover how FileOpen DRM can help you realize your security objectives.