We have seen a lot of problems with Adobe vulnerabilities. Adobe has been getting beat up with all the negative publicity in the past few months. Apple is restricting access to Adobe on their devices. Has anyone tried their remote desktop sharing? I wonder if some vulnerability will be release in that application. What is the real problem with electronic document sharing and what are some of the solutions? Adobe is just an example; the whole industry of electronic documents is finally coming into its own.
Problems with Electronic Documents
How are people accessing electronic documents and how are they signing them and verifying them? Well there are multiple companies out there touting secure signature applications for documents. When do you use these companies? Some questions to ask include:
1. When and how do you determine the importance of the document?
2. Have you implemented a data classification scheme for electronic documents?
3. Who has the right to sign and read these documents?
4. How do you track usage and distribution?
5. Is there a time frame associated with the life of the document?
6. Can you prevent screen scraping of the secured document?
7. What is the “hackability” of the secure document?
Signing an electronic document can be a challenge for the technology challenged. Some documents might trigger antivirus or malware protection applications. If some intrusion detection applications can read a document or data loss prevention applications do not have access, you could be blocked from that document. Convenience of use is a major hurdle for the adoption of secure documents.
Printing, modifying, viewing, and deleting these documents require all kinds of levels of authorization that is probably difficult to manage. If you can have a location based “bomb” in the document for when it left the organization domain, that would be an interesting play on data loss prevention. We know client side options are easily broken, how do we change the mentality of secure document management?
I do not see how secure documents make too much sense in any public forum. Its not worth the effort to worry about secure documents outside of a strictly controlled corporate environment. Different forms of watermarking have their place in identification but not much in control.
The most likely areas are in Research and Development, Legal, Banking and Healthcare. These should be the quickest to adopt a secure framework for electronic documents. Some industry standards need to be followed and a process developed that all companies can follow. This would make it into all the data loss prevention applications eventually and really provide some security.