FileOpen Document Security Blog

Revoke or expire document access with FileOpen DRM

Written by FileOpen DRM News | Sep 3, 2015 4:43:11 PM

Today we are very much digital citizens with the world’s information at our fingertips; we are always on, operating in real-time.  The amount of data we produce is staggering.  Every time we share, copy to the cloud, re-name, edit and redistribute a file, we are scattering data. Often times this choice is made out of convenience rather than security or future data management work-load.  To put this into context, I logged into my personal Google Drive this morning.  I found sensitive and proprietary information in documents shared with me from former co-workers, bankers, lawyers and agencies that was no longer of great importance to me, but could cause significant damage if stolen, given to a competitor or otherwise abused.  While my example may not make big headlines, there is ample cause for concern.  As of this morning, there are 39,100 PDF files indexed by Google that have “not for public release” in the title.

While all of these documents may not truly be a security concern, they are just a result of one Google search,  and do indicate the magnitude of each document owner’s data sprawl; which, as a whole adds up to a serious vulnerability.   A vulnerability that can lead to lower business productivity, loss of competitive advantage, irrecoverable data loss or compliance violations; which, after all, is a fundamental responsibility of a document owner

So what can be done to address this? 

FileOpen document security and rights management solutions provide military-grade document encryption along with granular access and usage controls, enabling the document owner to share documents without giving up control. Today we will talk a little bit about core functionality within FileOpen software that allows document owners to expire file access based on predetermined usage, timeframe or date.  Additionally we will show you how to revoke document access, Mission Impossible style.   

How to revoke document access with FileOpen DRM

If the document owner determines business conditions warrant a change in who can access a FileOpen-protected document; the owner can instantly revoke a specific user’s access or access to a specific document by all users.   All changes take effect instantly.

Let’s look at an example. You send out a proprietary research to a number of people then later discover a critical error. In the meantime, that document has been edited, renamed, and saved locally to hundreds of devices. As the document owner, you can revoke access instantly with a simple tick of a checkbox. Now none of the recipients will be able to open any copy of that protected document. You can then send out an updated copy without the embarrassing error.

Here’s another example. You protect sensitive legal information in a document and send it to business partners and select staff. After a falling out, you are no longer business partners with one particular company. You can revoke access for the users in that particular company alone. All other users can still access the document without interruption.

How to Expire Documents with FileOpen DRM

In addition to instant revocation, FileOpen software can be configured to expire document access on a predetermined date, after a given timeframe or after a certain count of opens or prints.    To demonstrate, let’s look at another example.  You are preparing my company’s quarterly financials and need to distribute early drafts to a small group of staffers and outside legal counsel.  All access to this draft is to cease on October 5st, the day before earnings are made public.  You start by creating a Group within the FileOpen PermissionServer; a collection of authorized users, your protected files, and the policies that govern the usage of those files.  Within the Group you specify the permissions that will govern the usage of the documents. For this situation, you will set an absolute expiration date of October 5, 2015. 

After preparing the permissions for the Group, you add all authorized Users into the same Group through a quick pull down menu. As a side note, this step could be automated depending on your use case or workflow requirements; FileOpen integrates with existing ADS/ SSO system, eCommerce systems, enterprise file-sync-and-share or learning management tool; making it easy for administrators to centrally manage users and permissions. 

The next step is to protect the draft documents and add them to the Group.  You simply drop the source files into a watched directory on your local machine and FileOpen software does the rest. 

 

An encrypted version of your source document is created and placed into a corresponding Encrypted folder on your machine.   The only thing left to do is to distribute the document to the authorized Users.

On October 5th all access to the protected drafts is cut off, no matter where authorized users have stored the document.  The only way this draft can be opened after the expiration date is if/when the document owner re-enables the document from within the PermissionServer by modifying the expiration date.

Would you like to learn more?  Request a demo.