Sensitive documents involve content that may be detrimental to you or your company if they should fall into the wrong hands. Unfortunately, cases of this happening have been on the rise since the advent of the digital age. This is because flash drives the size of your fingertips now exist and they can carry more information than some computers. Not to mention BYOD. And, since employees tend to come into the office with these devices, what is to prevent them from walking out with your trade secrets on them?
A common strategy is to use encryption. Using encryption means that you must also give your employees and other authorized parties the means (or decryption key) to decrypt the files. However, once a file has been decoded, then the user has complete access to the file and can do what they want with it, including sharing it (along with the encryption key) with others. So, encryption is only part of the solution for document protection and stopping sensitive documents from falling into the wrong hands.
Instead of solely using encryption, you should employ DRM to ensure continuous control of every file that is created and shared internally and externally with your organization. If you are wondering how DRM can prevent document theft and subsequent leakage, below are a few ways.
Preventing manipulation of the document
Authorized users can usually do a lot with the documents in their possession if there are no controls governing their use. For example, they can copy them, change the content, and forward them to a few of their buddies. This can all be prevented using DRM.
Consider the copying of a file. With DRM, users are unable to copy and paste anything within a protected document due to the controls preventing this. The same is the case for highlighting and selecting any portion of a particular file and use of the 'Save As' option (which is not made available) so a protected file cannot be saved as an unprotected version. If a user copies a protected file then it will be of no use to anyone else unless they have been authorized to use it.
Print control
A while back, people could still print a file, scan it and create another insecure PDF. A DRM system makes this process much more difficult to do. If the administrator decides users cannot print copies, then nothing they do will allow them to print the documents they receive.
However, it may sometimes be paramount to enable a third party to print a version or two. What then? A good document DRM system will allow you to display a dynamic watermark on a document every time someone opens or prints it. With their personal information in the watermark, a user will be less likely to share a copy of the printed file as you can identify the leak and sue them for it.
Revoking access
Scorned employees may leave your company or seek personal gain from confidential documents. So, being able to revoke the access of an individual at any given time may be advantageous when you feel the risk is high. Red flags indicating a possible breach will also be more evident as document DRM systems enable you to monitor how various parties are using your documents. In this way, you can react in time to revoke access.
Location Control
Sometimes a potential document thief values the information locked onto a device so much that they would go to the lengths of procuring that specific device. They could either offer the owner something in exchange for the device or steal it. If you are unprepared for such an eventuality, your secure documents might have already fallen into the wrong hands.
However, you can luckily also lock document access to a specific location, such as your office building. This renders all documents taken out of the premises useless.
Encryption
If you are going to enforce document control and prevent document sharing then you need to make sure that encryption keys are not exposed to users (so they cannot be given to others). So passwords are out since a user can send that same passcode to other individuals along with the document that it opens.
Good DRM systems use public key technology so that the key required to decrypt a document is not given to an individual but transparently and securely relayed to an authorized device. The key is stored in encrypted form in a keystore which is locked to the device so that it only works on that device. This makes it impossible for users to share keys with others over email or the web.
Conclusion
To stop sensitive documents falling into the wrong hands you need more than just encryption.
Document DRM systems use several security methods including encryption, DRM and licensing controls to enforce only authorized document access and control use. These persistent controls are the best you can do to protect your documents and your organization from IPR theft. Make sure you use them early on, and you can prevent any negative consequences that arise due to document leaks.
