Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Do You Monitor Documents?

samzenpus posted more than 5 years ago | from the protect-yourself-at-all-times dept.

Security 237

JumpDrive writes "I have been presented with a problem recently, which I know others have probably faced. During the last month, one of our customers accused us of providing another customer with their specification. So the question arose: how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended. We don't want to be restrictive, because at times, we have people all over the place, but if one of our documents were opened in a foreign country, that would arouse suspicions. Most of our documents are made with MS office suite, and I have been thinking of working on a macro to ping a server, but that would require the user to enable the macros, and it would also require the insertion into about 1000 documents. But it's been difficult for me to find a solution that doesn't prevent someone in Omaha from opening a document for legitimate use and is not a solution that can easily be disabled or hacked around."

Sorry! There are no comments related to the filter you selected.

Microsoft Rights Management Server? (5, Informative)

Richard_at_work (517087) | more than 5 years ago | (#26229573)

See topic - MS do something which seems to be essentially *exactly* what you want, and since you are using MS Office, I would suggest giving it a try. []

DRM is snake oil (1, Informative)

MacDork (560499) | more than 5 years ago | (#26229767)

MS claims to do something which seems to be essentially *exactly* what you want

There, fixed that for you...

Not exactly (4, Informative)

DrYak (748999) | more than 5 years ago | (#26230343)

DRM is snake oil

DRM is snake oil in the way it's used to protect media from copy.
Because at the same time DRM is supposed to enable one to show the content (and thus give the key to the individual holding a copy) and exactly at the same time its supposed to stop unlicensed copies (thus preventing the exact same person using the exact same keys to copy the exact same media in a different way).
It's snake oil, because in the classical cryptographic triangle - A(lice) sending a crypted message to B(ob) without C(harles) snooping it - DRM makes B and C the exact same person.
Hence the contradiction, and hence DRM is doomed to eternally fail to protect media, no matter how contrived means are applied to it.

Here the reader ask a completely different question :
he wants A to be in the headquater, B to be an employee in Omaha, and C is some person doing industrial spying in Russia or China.

Some people are supposed to have the cryptographic keys to the documents, other people aren't supposed to have the keys.

In that circumstance, cryptography might help...

(Well, that's assuming that the thieve is an external person. Of course if that was an inside job, we're back at a situation that movies are in. But then the company has a much bigger problem of trust toward its employee to tackle first).

MS claims to do something which seems to be essentially *exactly* what you want

Well, the real problem is at the beginning of the sentence :

MS do something which seems to be essentially *exactly* what you want

Given their long history in term of computer security, you can count on MS to completely botch their solution...

Re:Microsoft Rights Management Server? (3, Informative)

pdp1144 (599396) | more than 5 years ago | (#26229865)

We use Concurrent Versions System (CVS). Track changes; make sure only the right people have the rights to get to what they need for their job / entertainment. []

Re:Microsoft Rights Management Server? (2, Funny)

liquidpele (663430) | more than 5 years ago | (#26229917)

Ha... I hit my staples easy button for you.

Re:Microsoft Rights Management Server? (4, Informative)

(H)elix1 (231155) | more than 5 years ago | (#26229955)

As does Oracle

Oracle Information Rights Management []

As does EMC, and a few others... Do shop around, as there are several products out there that can 'tether' assets - not just Microsoft Office documents too.

Other Options (5, Informative)

Anonymous Coward | more than 5 years ago | (#26229991)

EMC IRM [] (Formerly Authentica [] (yes, there is a typo in the summary))

Oracle IRM [] (Formerly SealedMedia)

Liquid Machines []

Adobe LifeCycle Rights Management []

Re:Microsoft Rights Management Server? (3, Informative)

Bootarn (970788) | more than 5 years ago | (#26230251)

Use GPG (GNU Privacy Guard). It's essentially PGP, but free. It uses assymetric encryption (Public and Private keys) up to 4096 bits of keylength, which is sufficient for most people. There are graphical frontends for Windows available, such as GPGee (shell extension).

If you encrypt a document using a customer's and your own public keys, only you and your customer can open it. It is extremely difficult (if not impossible) for other customers to open your documents. There's even support for digital signatures.

Active Directory Rights Management Services (5, Informative)

lukas84 (912874) | more than 5 years ago | (#26229577)

The best solution to your problem probably would be using Microsoft's AD RMS. []

AD RMS provides you with the ability to control licensing, opening, printing, etc. of documents. This will provide you with the audit trail you migh tneed.

Of course, you can still photograph every screen while scrolling through the pages, so it's essentially worthless in practice, but it might satisfy your customers demands for proper paperworks.

Yep, implementing AD RMS will be a heck a lot of work, and you'll surely need to adjust your internal processes in order to incorporate AD RMS.

What you're planning on doing is DRM: Which is, as all Slashdot readers know, impossible with a properly determined person. And in your case (industrial espionage), there are better people working on it than a few hackers that try cracking Blue-Ray in their spare time.

Re:Active Directory Rights Management Services (3, Insightful)

Anonymous Coward | more than 5 years ago | (#26229599)

".. And in your case (industrial espionage), there are better people working on it than a few hackers that try cracking Blue-Ray in their spare time.."

Alas...A good story, but I suspect there are very few industrial spies that are better at cracking DRM than the Blue-Ray hackers. Indeed, if there were any, DRM would be much harder to break.

And (and I speak from experience here), government has even less capabilityof clever cracking. It can throw a lot of money at a prpblem, but these problems are never solved in this way. They are solved the way Turing broke Enigma - get a brilliant eccentric years ahead of his time, put him in a relaxed setting, and wait...

Re:Active Directory Rights Management Services (0, Offtopic)

morgan_greywolf (835522) | more than 5 years ago | (#26229629)

The U.S. government has an entire agency dedicated to cracking cryptography -- it's called the NSA. Are you accusing the NSA of utter incompetence.

(Remember, the NSA is listening to you. Thanks, AT&T!)

Re:Active Directory Rights Management Services (2, Funny)

Anonymous Coward | more than 5 years ago | (#26229803)

(Remember, the NSA is listening to you. Thanks, AT&T!)

If they were competent, they wouldn't have involved AT&T.

Re:Active Directory Rights Management Services (1)

mpeskett (1221084) | more than 5 years ago | (#26230203)

So they saved themselves some work, that's not a sign of incompetence, actually that shows true competence.

Doing more than is necessary to achieve the same result, now that's incompetent.

Re:Active Directory Rights Management Services (2, Interesting)

andyh (5426) | more than 5 years ago | (#26229603)

The best solution to your problem probably would be using Microsoft's AD RMS.

Can this solution be used without an Active Directory environment?

There are plenty of organisations out there using other authentication, authorisation and trustee management mechanisms, just wondering what their options might be.

Re:Active Directory Rights Management Services (2, Informative)

lukas84 (912874) | more than 5 years ago | (#26229625)

Can this solution be used without an Active Directory environment?


There are plenty of organisations out there using other authentication, authorisation and trustee management mechanisms, just wondering what their options might be.

No idea, sorry. Adobe also offers some DRM with their Adobe Acrobat / Acrobat Reader Suite, but the question specifically stated that they used MS Office, for which AD RMS probably is the best bet.

Re:Active Directory Rights Management Services (5, Funny)

morgan_greywolf (835522) | more than 5 years ago | (#26229637)

Can this solution be used without an Active Directory environment?

No. AD RMS, as the name implies, requires an Active Directory implementation. Microsoft is all about doing it one way -- The Microsoft Way. You obviously require re-education. Quick. Send in the consultants!

Re:Active Directory Rights Management Services (1)

Marcos Eliziario (969923) | more than 5 years ago | (#26230263)

And if Novell had won the war for being the Directory Services for us all with Netware Directory Services, I bet we wouldn't see a Netware Rights Management System which would not require NDS. Duh!
You can use another RMS with AD at least. But it would be a bit of stretch to think Microsoft must have the obbligation to provide a product like that when it's not clearly on their business interests.
Alas, would Windows had became a niche product, I doubt there would be so much people interested on working with Samba, or whether netscape would have come with XPCOM.

RMS wouldn't help out (4, Funny)

aronzak (1203098) | more than 5 years ago | (#26229753)

RMS wouldn't be very cooperative. You'd have to try and convince him to drop his aversion of proprietary software.

not to mention... (0)

Anonymous Coward | more than 5 years ago | (#26229849)

according to RMS, your documents want to be free.

Re:Active Directory Rights Management Services (2, Interesting)

kabdib (81955) | more than 5 years ago | (#26229959)

"Worthless in practice" . . . not in my experience. Many leaks occur as people cut-and-paste or include more and more people in casual distribution ("Hey Joe, you might be interested in..."). Putting restrictions on a document helps this.

Security is a process, not a destination. Guarding against casual or thoughtless disclosure is a great mitigation; don't dismiss it because it doesn't solve the whole problem. No single thing will.

Impossible (0)

Anonymous Coward | more than 5 years ago | (#26229587)

The only way to control information is when you are the only one who has it. Once you transfer information to an other party, it will be out of your control.

You could introduce a system that prevent your customers access to the raw document files. i.e. allow them to open in through your "secure" document viewer, which doesn't provide a save option. But then they can still create a screenshot of the data (making a photo of the computer screen is also a screenshot).

The thing you are looking for is called DRM, which is broken by design.

document management system (0)

Anonymous Coward | more than 5 years ago | (#26229593)

Incoming document goes to a project manager who enters the document into an intranet document management system. Access to it are given to people that need to work on it and they can check it out, make changes, and submit it back in. Like how source code version control systems work.

In my company the incoming documents are converted into a wiki and access is given to people who need it. Once work is done on it it requires two different people (managers/experts) to review it and mark it as complete. Then it is converted back into a Word/Excel/PDF/Whatever document and sent to the client.

The wiki works well for documents that are not heavily formated.

Re:document management system (1)

Teun (17872) | more than 5 years ago | (#26229697)

This is indeed the way forward.
But what you didn't explicitly mention, you seem to take it for granted, is that all systems at some point have to rely on trust.
So the issue at hand is best, if not only, tackled at the HR and/or PO department, more technology has little effect.

Re:document management system (1)

drsmithy (35869) | more than 5 years ago | (#26229805)

In my company the incoming documents are converted into a wiki and access is given to people who need it. Once work is done on it it requires two different people (managers/experts) to review it and mark it as complete. Then it is converted back into a Word/Excel/PDF/Whatever document and sent to the client.

May I ask what software you are using for your 'wiki' ? We are looking for something with similar functionality (I can do without the document conversions) for our internal documentation, and the wiki software I've looked at so far hasn't been particularly good on the authorisation side. I had hoped to avoid going full-blown CMS/DMS, as we're only really after the "content approval" aspect.

Re:document management system (1)

nine-times (778537) | more than 5 years ago | (#26229875)

I agree with this post, or at least this aspect of it: there isn't really going to be a technical solution. You won't find a magic DRM that actually works, can't be broken, and tracks everywhere the file goes.

What you probably can do is develop a system that will restrict access to the files to only a few authorized people, and tracks who accesses it from that server when. So it would allow you to say, "Only people who are working on this account can access this document, and only [Person A], [Person B], and [Person C] have ever downloaded that document. The last person to download it was [Person B], who downloaded it on [some date]" What you won't be able to say is, "Once [Person B] downloaded it, the information in that document was transfered to [Person D]."

Part of the problem is, even if you're able to implement extremely good DRM, it still won't necessarily stop Person B from reading the document from his monitor, copying the information by hand to a piece of paper, and then sending that paper to someone else (i.e. the analog hole).

If these documents really must be secured, you're going have to have policies and a culture that secure them. Technology can help, but it can't really fix the problem.

File Monitoring (3, Informative)

jd142 (129673) | more than 5 years ago | (#26229597)

You don't say what operating system you are running on the clients (I'm assuming windows of some variety), what network os you are using, or where the files are stored.

However, you want to turn on file access monitoring. It's pretty simple if you have one file server and all the files are there because you only have to turn it on once. Here's a good start:

If you are running linux, was the second article in a google search.

Depending on the number of users and files, your logs can fill up quite quickly. You may also want something like SNARE to monitor workstations. They may be doing some server work this morning; I'm getting a time out on the web page.

The bigger question though is if your clients think you are cheating them, why will they believe your logs?

You may also want to get some books on windows and linux security monitoring.

With a cabinet (5, Funny)

AdamInParadise (257888) | more than 5 years ago | (#26229613)

I keep my sensitive documents in a locked cabinet. Never had an issue with a document opening itself in a foreign country.

Re:With a cabinet (1)

morgan_greywolf (835522) | more than 5 years ago | (#26229657)

Note that if these cabinet documents were electronically created, they need to be created locally on a PC (never on a server) and you need a good file wipe utility.

Re:With a cabinet (1)

AdamInParadise (257888) | more than 5 years ago | (#26229819)

That's why I write all my documents on blank paper with a Bic pen. Now I'll grant you that encrypting and decrypting those documents is a pain. Oh well, at least they are secure.

Re:With a cabinet (0)

Anonymous Coward | more than 5 years ago | (#26229783)

pff... who uses the .cab format anymore?

Watermarks (4, Interesting)

The New Andy (873493) | more than 5 years ago | (#26229615)

Watermark stuff where it is useful so you can see where copies of stuff have come from. Don't bother trying to track things you can't actually track (file viewing, opening, printing, etc).

The watermark doesn't even have to be high tech, it can just be a guid inserted at some point in the document, with a company policy that says when you can remove it (never?), when you should change it (when it crosses a boundary, like a departmental boundary) and how records should be kept (e.g. a central database of which event caused the creation of a new guid).

Re:Watermarks (2, Insightful)

windsurfer619 (958212) | more than 5 years ago | (#26230037)

What's to prevent someone from removing the watermark on a copy and then sending it off? I thought the idea of watermarking was to make it automatic and invisible to the ordinary user.

DDRM is what you asked for, not monitoring (2, Insightful)

Jack9 (11421) | more than 5 years ago | (#26229619)

DRM is broken by design.

Document DRM is even simpler to circumvent. Tiny cellphone/digital cameras. Screenshot much? Notepads? A really good memory is anti-ddrm. The best you can do is log access, but once it is accessed, there is no control over specifications. YMWNV.

Monitoring is exactly what he asked for (2, Informative)

daveschroeder (516195) | more than 5 years ago | (#26229719)

"how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended?"

"if one of our documents were opened in a foreign country, that would arouse suspicions."

"Logging access" is exactly what he's trying to do. The idea here would be at least knowing, and if you've only given a document to one external entity, you know you have a leak somewhere within that entity or your own organization. Simple managed watermarking can help to discover which.

And DRM in general may be broken, but it's not that black and white: DRM does prevent some casual theft of content, because it's a hassle...that's all anyone with a brain -- and who has paid attention to anything in digital media for the last decade and still employs DRM -- expects anymore.

Those who which to pirate content will ALWAYS be able to do so, regardless of any protections put in place. Perhaps someday those who favor DRM will realize that the losses from hassle to honest customers or prospective customers outweighs anything "gained" from having DRM in place.

But back to the issue at hand, which is a different one: an organization wants to track -- and potentially prevent, under some circumstances -- access to original documents representing proprietary data. A "DRM" model (like that employed by Microsoft Rights Management Server [] ) can help to accomplish this. Of course, once someone discovers it's in place, then any number of untrackable circumvention options, such as those you mentioned, can easily be employed. So, the best option for this case is passive tracking/logging.

Re:DDRM is what you asked for, not monitoring (0)

Anonymous Coward | more than 5 years ago | (#26229919)

Well, you could do something like the CIA did, where a slightly different document shows up to everyone who has access to it, so that if one leaks, you can know who leaked it. But that means a much larger budget.

Re:DDRM is what you asked for, not monitoring (0)

Anonymous Coward | more than 5 years ago | (#26230093)

Not sure why it has to cost much, but I'm sure it costs a lot when the CIA does it.

If you don't trust someone and you think they are sharing confidential information, give them something false but *very* juicy.

embed (1)

TheSHAD0W (258774) | more than 5 years ago | (#26229621)

Don't know how many document formats support it, but perhaps you could have an embedded image or other embedded information pointing at a file on a web server. All accesses would then be recorded on the server log.

Re:embed (1)

freddy_dreddy (1321567) | more than 5 years ago | (#26229789)

what if they pull the ethernet cable or disable the wireless ? You just get a warning, but the document is visible.

There is no solution (1)

AmiMoJo (196126) | more than 5 years ago | (#26229627)

What you are trying to do is what DRM has been trying to do for a long time: prevent unauthorised people opening a document on untrusted hardware.

The reason all DRM ultimately fails is because the system opening the document is untrusted. You simply can't have easy access outside your company with the ability to do things like print and prevent unauthorised copying, the two are mutually exclusive.

There are systems which do what you are asking, but they all rely on only trying to open the document within your company where you can control the software environment. At best they would let you find out if a document was say printed, copied to a USB stick or sent by email etc, but after the document leaves your company there is basically nothing you can do.

Document control (-1, Flamebait)

nurb432 (527695) | more than 5 years ago | (#26229633)

There are plenty of document control systems out there. ( both free and FOSS ) did you take even 5 minutes to search?

Re:Document control (5, Insightful)

Kneo24 (688412) | more than 5 years ago | (#26229681)

You have completely missed the point of Ask Slashdot. It's just not about doing a 5 minute search and randomly choosing one. The reason people ask this group questions like this is because they want more detailed information from people who have hopefully had hands on experience doing these things. What worked? What didn't? Why did it, or did not work? How was implemented? You may not be able to find that kind of information easily even if you know what to search for. And once you have that information, there are other people to give their insights on what that persons stories. It has the potential to be one big chain of helpfulness.

Sure, it's a cheap and lazy way of getting someone else to do some of your work for you, but it's not generally a bad thing. I know if I was completely clueless about some tech related problem, I'd probably ask here. Wouldn't you?

Re:Document control (1)

nurb432 (527695) | more than 5 years ago | (#26229843)

No i wouldn't come here FIRST. I would have done a little research on my own before i came to a (suspect) public forum to ask my question.

A little bit of upfront leg work isn't unreasonable to ask.

Citrix? (0)

Anonymous Coward | more than 5 years ago | (#26229639)

I used Citrix for a bit while working with my fathers company.

It might be completely useless for what you want, but thought I might suggest it.

Keep them in house? (1)

neurophys (13737) | more than 5 years ago | (#26229647)

When you let the documents out of the house, there are no way to prevent people from using the information. If the information was only available on a web-page with passwords and monitoring of user and IP-addresses you will at least have some control of the information.


Use Sharepoint (1, Informative)

akaina (472254) | more than 5 years ago | (#26229651)

Sharepoint is your best bet here.
The only alternative I can think of is checking your docs into your source control.

Re:Use Sharepoint (1)

slashbeard77 (1435781) | more than 5 years ago | (#26229995)

I can't believe that know one has yet to mention Document management. There are many good solutions on the market regarding document management systems. Some systems, are out of the box solutions whereas others are fully customizible (e.g. sharepoint). As mentioned previously, limiting access to the content is critical.

Share Point.. (0)

Anonymous Coward | more than 5 years ago | (#26229665)

I've used Microsoft Sharepoint for this in the past, it's not the greatest app, but it certainly helps for what you're talking about

DLP (1)

nighty5 (615965) | more than 5 years ago | (#26229667)

Protection of data is hard. There are many variables to consider.

The first step to understanding what data that requires protection is to perform a risk assessment. This will help identify information which may result in financial loss, corporate brand confidence in the event that the data is compromised.

It's important that this task has senior management sponsorship. Getting a sysadmin to "get on with it" is not good enough. It needs input from the business to understand the information that needs protection and also the funds to purchase the relevent software, hardware to provide the enforcement controls. Policies and procedures should be written to make it clear what should be done with the data, and also to illustrate to staff, guests, business partners what is acceptable.

Controls typically are installed on the desktop, servers and network in-line controls to capture information as it flows throughout the network.

In your direct question, there are a few options to protect the Word documents. But this is only a small set of the things you need to consider. Word does have some DRM controls and I'll leave it up to you to look into it. What is important to note is that Word format may not have all the necessary controls that you need, and you may need to compensate these with others.

If your company is serious about this, they really should get a security consultant involved to help you identify the risk areas, document the controls, and help with an architecture to protect the information across your enterprise environment.

A couple of security vendors do have some products on the market, but this area is still pretty young, but it is a growth area.

Google Data Loss Protection products from RSA and McAfee for a start.

Hummingbird DM5. (0)

Anonymous Coward | more than 5 years ago | (#26229679)

Widely used in the Legal Industry for collab, control etc.

Re:Hummingbird DM5. (3, Informative)

gristlebud (638970) | more than 5 years ago | (#26230069)

Hummingbird rocks, in my experience. It involves a fundamental shift in the way people create and access documents, since it doesn't work with network shares. It also means that you have to enter the meta-data associated with the files every time. However, it does have very strong permissions, access controls, and versioning support, and would likely solve your problem, since you can prevent those who don't need access to a document or project from access, or even viewing that the document exists. On the down side, it's fairly expensive. (In our organization, implementation was at least 5-figures, and probably 6) and it requires a lot of support and baby-sitting (1/2 to 1 FTE, with an organization of about 500).

Simple... (1)

Kindaian (577374) | more than 5 years ago | (#26229683)

Basically, what you want is to keep track of information. The fact that is in a digital document in office or a sheet of paper is irrelevant. Printed papers are both easier and harder to control. First they are easier to track down and count. But in the end, if they are on the loose, the probabilities of finding the source of the leak is very, very thin (the only way is to use some sort of security paper). In a digital document, if the leak is the document itself, verbatim, then, if tight DRM controls are in place, you will find where the leak is very easy. But in the end, security doesn't survive a photographic camera or a copy/past of notepad... Transposing to analogic and digital again will remove almost all fingerprinting that you can add to any document. As for the accusation by itself, the best way to work around it is to help out the client and ask them for help to find and squash both the leak and the issue. The great majority of this issues comes from human factors (and in the case of digital documents, computer security/virus). So... in the end, GL...

Trend Micro Leakproof product could help (0)

Anonymous Coward | more than 5 years ago | (#26229689)

I suggest that you look at Trend Micro's Leakproof product

It should provide the type of protection that you are looking for.

NTFS auditing (1)

drwtsn32 (674346) | more than 5 years ago | (#26229691)

Assuming your documents are stored on a Windows server, one option is to enable NTFS auditing. This requires no changes on the client side.

Re:NTFS auditing (0)

Anonymous Coward | more than 5 years ago | (#26229737)

its a rocket science for linuxoids

You can't (5, Insightful)

markdavis (642305) | more than 5 years ago | (#26229693)

That is the simple answer.

If you want to give something to someone, you can't control what they do with it. That is like saying "I want to give this hammer to a friend, but I want to prevent them from loaning it to someone else, or using it to smash computers with."

If you don't trust the person that you give something, then the chain of trust is broken. Everything we do is based on trust. I trust if I give you an emergency key to my house that you won't rob me. I trust that when I accept cash from you to pay for a service that it isn't counterfeit. I trust when you sign a contract with me, you will live up to your duties in the contract. I trust when you babysit my children you won't rape them. You pretty much asked for exactly what the whole point (and failure) of DRM is all about- trying to FORCE *everyone* to trust and comply with your wishes. You can't. Welcome to humanity.

Re:You can't (1)

mollymoo (202721) | more than 5 years ago | (#26229755)

You can't eliminate the chance of a fatal car accident unless you never go near a road or get in a vehicle, but that doesn't mean wearing a seat belt is a waste of time.

Re:You can't (0)

Anonymous Coward | more than 5 years ago | (#26229895)

What a bullshit meaningless attempt at analogy. Well done.

GP is stressing the point that _people_ are the links in the chain. You have to trust the people you allow into your life, in any context... Once trust is eroded or lost, it taints every interaction thereafter. DRM is a big sign that says "I DON'T TRUST YOU."

Doesn't matter how good the DRM is... if someone really wants to bypass it, they will find a way. It may be savvy hacking, it may be social engineering, it may be highly trained wasps with cameras strapped to their heads (in ur office! gargoylin ur dokumentz!).

contract signing (1)

way2trivial (601132) | more than 5 years ago | (#26229799)

actually says I don't 'trust you when you shake my hand- but if we get a third party (or more involved) then I'll trust you'

Re:You can't (0)

Anonymous Coward | more than 5 years ago | (#26229851)

Don't worry; I wouldn't rape your children. Hard.

Impossible (4, Insightful)

1u3hr (530656) | more than 5 years ago | (#26229695)

find a solution that doesn't prevent someone in Omaha from opening a document for legitimate use and is not a solution that can easily be disabled or hacked around.

No, you can't. If you want people to be able to read it, they can copy it. You can make it more cumbersome but nothing can prevent screenshots. You can waste a lot of time and money, but the best you will achieve is being able to say "we tried". Because you cannot succeed. You can't distribute a document and at the same time expect it to remain secret.

Re:Impossible (1)

Yvanhoe (564877) | more than 5 years ago | (#26230241)

That. Computer science is the science managing the processing and transmission of information. It does not provide technical solution to the opposite problems. Secrets, however, have been managed for centuries by military organization. They know a great more deal about protecting secret than Microsoft does. Maybe you would better spend your time and money learning about it.

Adobe (1)

poetmatt (793785) | more than 5 years ago | (#26229705)

At my workplace we handle standards and manufacturing procedures for a variety of companies worldwide. We don't lock our documents but we do use adobe PDF's so we can track who accesses. They state that it's basically not feasible to be able to prevent access to something unless you were to grant it remotely in the first place (similar to like a view-only google doc) instead of giving a document to your customer. Meanwhile, this could still be screencapped if someone wanted their own copy, so it's not even worth it.

As people have said, once a doc is out there, you can't stop access to someone determined even if you have server validation to open it. This is like the "how do you secure a PC from the feds" thing where the answer is if they have physical access/their own copy, you don't.

For this reason, the best steps we have for validation are everything we can do on our side to ensure that the documents are only given out to the appropriate individuals. Thus like anything, human error is the only way it would be released really.

Interwoven DMS (1)

koa (95614) | more than 5 years ago | (#26229709)

Depending on your budget, there may be some value in looking into the "Interwoven" Document Management System (DMS)..
Its primarily marketed to legal firms, however its got great file tracking (i.e. who, where, when opened, printed, viewed, and for how long.. etc..) and is quite well rounded to suite the needs of just about anyone.

Has no Linux suport for the server or desktop clients though...

Sharepoint? (1)

Gabe0463 (1438795) | more than 5 years ago | (#26229717)

Have you looked into SharePoint? You can get external hosts for it and load your documents to it like you would a NFS; from there you can both monitor and manage access rights to all of your documents. You can allow customers temporary login rights that allow them to view specific documents, can can even restrict their use to "read only" - preventing saving a local theory. Of course, the aforementioned industrial espionage methods (memory sticks, cell phone cams, etc) circumvent these methods, but this will at least keep casual users from deliberately redistributing your works. A good legal consent banner on the site can help scare off users as well, as all IP addresses can be logged and you can pursue offenders like the RIAA if you want...

microsoft advertising? (2, Insightful)

dns_server (696283) | more than 5 years ago | (#26229723)

This ask slashdot seems a little suspicious to me, it does seem to exactly match the feature set of a suite of microsoft products.
Anyone worth thair salt as a system administrator that works with microsoft tools should know the features of microsoft office and the add on server components to get the DRM system working in an enterprise.

It sounds suprisingly close to what you would find in a microsoft pamphlet.

What's the real problem here? (4, Informative)

buss_error (142273) | more than 5 years ago | (#26229741)

OK, you've gone for a tech solution to a problem before really asking what the problem here is. So what's the real problem? Legal libility, of course. Your customer X is accusing you of sharing data with their competition Y.

Create an job to track sensitive documents. If you only have a few, then it would be additional duties for someone. If you have a lot, it's a new position. This job is to track who has legitimate access to sensitive documents. When customer X starts throwing allogations you've shared data with customer Y, everyone that has legitimate access to the data is required to sign an affidavit that they did not share the data with people not autorized to have the info. Now customer X has to PROVE that one of your employee's did indeed do so, and that their affidavit is a lie. MUCH harder to prove and a lot cheaper for your company to defend against.

Of course, that won't stop customer X from THINKING you did, and that may cost you that customer, but absent using a full up sensitive document control system like the government does, there's no real inexpensive solution I've found. I'd be interested to see if /. comes up with one though.

Welcome to Multi-Level Security (2, Insightful)

eer (526805) | more than 5 years ago | (#26229757)

First, though, if you don't have a document handling and marking policy for PAPER documents, you're unlikely to succeed implementing one for electronic documents. In other words, if you don't presently mark printed documents with restrictive handling requirements ('secret', 'confidential', 'proprietary', 'atty-client privileged'), it won't do you any good to try to control their electronic versions.

Second, Windows has never been designed to try to enforce more than discretionary controls. What does that mean? It means that EVERYONE who touches the machine or its data is presumed to be cleared to see whatever is on the machine. They may not have the need to know what's there (that's what DAC does), but they're cleared to see it - so they're TRUSTED to handle it correctly.

If that doesn't describe your environment, you should reconsider whether a single-level system, like Windows, is suitable for storing, printing and using your documents in your environment.

Re:Welcome to Multi-Level Security (1)

SuiteSisterMary (123932) | more than 5 years ago | (#26230249)

Second, Windows has never been designed to try to enforce more than discretionary controls. What does that mean? It means that EVERYONE who touches the machine or its data is presumed to be cleared to see whatever is on the machine. They may not have the need to know what's there (that's what DAC does), but they're cleared to see it - so they're TRUSTED to handle it correctly.

Err, what? Windows NT was built from the ground-up to enforce incredibly fine-grained manadatory access controls.

The problem is if somebody has read access, they can get a copy out somehow, even if it's manual transcription with pen and paper.

documentum (1)

Anonymous Coward | more than 5 years ago | (#26229761)

This is how we have been doing it very successfully for a number of years. Very easy for us to implement and extremely easy for the end-user to use.

Re:documentum (0)

Anonymous Coward | more than 5 years ago | (#26229793)

Except Documentum sucks at handling bulk loads of files. Is slow to navigate. Does not offer classification markings etc etc

Microsoft Sharepoint (2, Insightful)

Onthax (1322089) | more than 5 years ago | (#26229763)

have a look at microsoft sharepoint, they have document checkout so you can see exactly who did what with the document []

Usable documents? (1)

gmuslera (3436) | more than 5 years ago | (#26229785)

You can put a lot of walls around the document, but that will hurt badly its usability. The end user would want to be able to print it? There you already have a leak that no software can control, specially if is a postscript/pdf printer.

You can agree there is no use to copy/paste portions of your documents, no need to use them under any other platform than windows, but printing?

The problem will end being in how many ways you will penalize the rightful users of those documents to avoid someone else to access them

Other approach of the problem is to take the computer and just digital media of that document out of the middle. Maybe you can give your documents in a personalized Kindle-like device that only can be used to see the doc and nothing more, but only will work putting even artificial restrictions on the usability of them.

You Need More than a Software Solution (3, Insightful)

dplentini (1334979) | more than 5 years ago | (#26229807)

I don't think you can find a good solution just by technical means alone. Having run into this problem as a company attorney, I can say that the best defense is to define and enforce a strong document management policy. Technical solutions without a defined policy will only make you a pariah. Also, you should check to see how the specs came to light in the document at issue. I recall one episode where one of our business development personnel sent a draft contract (in Word format) to a potential customer having used an earlier contract with another customer as a template. The BD person deleted the details from the earlier contract and inserted new (less favorable) terms. The other party turned on the redline mode to see the deletions and insertions and demanded the same terms as the earlier party. Everyone involved at our end was pretty embarrassed. The solution was to require than all drafts of all legal and business documents be sent in PDF or a "scrubbed" version of the Word document using a product from Workshare.

Re:You Need More than a Software Solution (1)

michael_cain (66650) | more than 5 years ago | (#26230171)

Second the importance of a well-defined policy. In a prior job, one of my responsibilities was evaluation of technology, much of it revealed under non-disclosure terms. We were sued from time to time, accused of leaking proprietary information. I was never called as a witness, but was run through practice sessions by the company legal staff. The legal defense was clearly much stronger when the attorneys could show that there was a clear company policy, and I could swear that I (a) was aware of it and (b) had followed it scrupulously.

That said, the policy would have been unworkable in the case of a specification that required, say, hundreds of people to access it in order to prepare a response.

Impossible. (1)

Jessta (666101) | more than 5 years ago | (#26229811)

DRM doesn't work. It's technically impossible.
Your best bet is to not give the document to untrusted parties.

- Jesse McNelis

Forget it (1)

gweihir (88907) | more than 5 years ago | (#26229891)

Anybody halfway competent can sanitize documents. The easiest way is to transcribe them.
All types of DRM and watermarking have been broken successfully, typically with far lower effort for the attacker than the defender spent in the first place.

You basically cannot defend yourself against this type of accusation and that is one of the reasons why the accuser has to prove them and not the accudes to disprove them. I would avdvise you to terminate business relations with the people accusing you. ''Nonexistent trust'' is a good enough reason.

Like trying to get your nudes back... (0)

Anonymous Coward | more than 5 years ago | (#26229921)

Once it hits the net, it's gone. For this scenario, I'd say try implementing version and access control. You'd know everyone that accessed their particular spec, so the potential leak could be easier to spot. Please don't do the macro thing. That just sounds painful and ineffective. Investigate the version control offerings available to see what fits you best.

try password protected pdf (0)

Anonymous Coward | more than 5 years ago | (#26229927)

Openoffice 3 can export docs to pdf format which can be password protected and encrypted. You can also prevent the copying of the contents too.

Your issue is more of a trust issue imo. Your customer doesn't trust you, so you have been put in a really difficult position of proving you are trustworthy, and at this point you cannot prove anything. They'd have to be a _really_ good customer to put up with such a situation.

Buzzsaw (0)

Anonymous Coward | more than 5 years ago | (#26229929)

I work for an architect office, and we use Buzzsaw [] for sharing documents. It doesn't limit what is done with the documents once they are downloaded, but it gives exact details of who took what. Use fulaudit trail (amongst other things ;) ) (0)

Anonymous Coward | more than 5 years ago | (#26229947)

It will tell you who access specific files on CIFS shares.

End less TPS reports and other BS paper work and t (0)

Anonymous Coward | more than 5 years ago | (#26229985)

End less TPS reports and other BS paper work and they keep a tight lock on office supplies. We had to call the cops to remove some one after we took the red stapler back from the desk that he failed to return at the end of the day and he went nuts.

Strictly speaking, it can't be done (1)

quux4 (932150) | more than 5 years ago | (#26229997)

Bottom line, if you EVER had access to read either an electronic or paper document, you can NEVER conclusively prove that you didn't somehow gain a copy and do Whatever(TM) with said copy. Unless there was a human watching you during every moment of the access, or maybe you were videotaped during every moment of access.

You can implement systems to track who had access to a document. The more comprehensive these systems, the less likely it is that you'll be suspected of mistreating the document or information within. Such tracking increases accountability, though it's next to impossible to 100% assure that every person who accessed the data never did any unapproved thing with it.

If you don't want to do the aforementioned rights management services, then you can set file-level permissions to limit the number of people with access. If that's not enough, you can implement filesystem auditing, to log each access to the file. That narrows the suspect list even further, from those who CAN access the file to those who DID access the file. Both of these depend on a tight system of account administration controls, and the latter also depends on a trusted secure storage repository for the logs. Naturally the integrity of any or all of these systems can also be questioned.

Suddenly one gains appreciation for a system of justice which places the burden of proof on the accuser, eh? The only way to evade suspicion is to make sure you never had access to the thing you might be suspected of behaving badly with.

poor mans solution: samba (1)

drolli (522659) | more than 5 years ago | (#26230003)

use samba. crank the loglevel high to see who accessed it, use ACLs on the server to disriminate access to specific users.

Google Apps? (1)

douglaskarr (1334461) | more than 5 years ago | (#26230045)

I believe Google Apps has done a fantastic job of this. Each document can have different people who are invited to both view and edit the document. As well, you can provide the visitor with rights to invite more people. Above all, it has the entire trail of changes by every user at every moment the change was made. You can track any change directly back to the person editing the file. Best of all, you can set up Google Apps to only authenticate on your domain and you can import any type of Office document into the system.

Re:Google Apps? (4, Interesting)

SuiteSisterMary (123932) | more than 5 years ago | (#26230281)

Copy/paste is disabled? The ability to take local screen caps? The ability to make notes with a pen and paper?

For documents that really, truely need to be tracked, you use a canary trap. That is, each copy is slightly and uniquely different. Each copy is receipted by a specific person. If you find a copy in the wild, you can find a key phrase and track down who leaked it.

Next Page? (0)

Anonymous Coward | more than 5 years ago | (#26230067)

How about a third party app like Next Page?

SendSide - (1)

pyite69 (463042) | more than 5 years ago | (#26230085)

There is no way to prevent someone from doing something like taking a photo of all the pages on a screen and sending them to someone.

However, a product like Sendside will let you track everyone who receives, opens, and forwards a message that you send.

If you are really paranoid you can use encryption on the document and make all recipients provide their own encryption keys.

Take the first step (1)

Zero__Kelvin (151819) | more than 5 years ago | (#26230125)

Say it with me:
  1. We are powerless over our documents, and our process has become unmanageable

OK, so it really isn't that dire, but you cannot control what software will be used to open a document, so you cannot possibly guarantee the ability to track such access. Of course you can devise a system that tracks most accesses, but your specific example - opening a document in Europe IIRC - would be most likely to be defeated by the wide popularity of diverse FOSS tools such as linux and the tools that run on it.

Three Ps (0)

Anonymous Coward | more than 5 years ago | (#26230137)

It's funny, many here assumed that the best solutions is purely technological.

Most controls are based on the three Ps: People, Processes, and Products.

People: you need some sort of awareness. Either it's some sort of agreement that all your partners/clients/employees sign, are constantly reminded of, or are presented with often. You need NDAs. You need legal/contractual protection. You need to define the consequences of not following these (e.g. contract termination, disciplinary measures, legal liability/lawsuits, etc).

Processes: you need processes that support the objective(s). This can either be through business intelligence, workflow audits, whatever (if you don't have experience with this get a business analyst or the process nerd in your herd who knows this stuff) and needs to take the user experience, technical limitations, and controls in place. Know what type of controls you have (manual, automatic, technical, procedural, etc). Ignoring processes is irresponsible and YOU WILL LOSE.

Products: yes, you need some technology to support the People and Products. Whether it's sharepoint, JimBob's GPL'ed DRM solution, there will always be that "analog black hole" risk (e.g. you can have strict DRM in place, but nothing really prevents users -- technically anyways -- from pulling out her smartphone and taking snapshots of the document on the screen or picking up the phone and reciting it). See how one fails without the other?

Each of these support each other, and ALL are needed to work.

The tough part is figuring out all the components, how to put it together, and in today's economy, how to get budget to actually actualize all this.

In Soviet Russia... (1)

naz404 (1282810) | more than 5 years ago | (#26230143)

...we document monitors!

How to promote Microsoft products (0)

Anonymous Coward | more than 5 years ago | (#26230181)

1) Act dim.

2) Pretend you don't know about some obscure hardly used functionality in the product you are trying to promote.

3) Phrase your question as though that one piece of functionality is essential to your very being.

4) Maybe act surprised and appreciative when some poor fool points out what you already know. ( try not to laugh in their face )

4) Sit back and hope that the promotion takes hold in the minds of genuinely dim people.

Only if you centralize access (1)

Todd Knarr (15451) | more than 5 years ago | (#26230209)

The only way you can do this is if you centralize access: place the document only on a central server and only allow access to it by viewing it on that server. Then that server can log every access and where it came from. That means, BTW, that you can't make the document accessible via a Web server, since the user could just do "Save As..." and make a local copy. Ditto making it available from a file share. You'd need to set up remote access to the server (X11 and an SSH tunnel, for instance, or Windows Remote Desktop), lock down any sort of remote transfer (disallow SCP, disallow the remoted desktop from sending files to it's local desktop) and provide a viewing application that logged accesses.

The fundamental problem is that once you give a copy of a document to someone, you've got little control over what they do with it. It's the same problem we've always had with documents: if you give someone a physical document, you've precious little control over whether they slap it in a photocopier and run off a few copies of it to give to people they shouldn't. Approach the problem in the same way you'd approach the same problem with a physical document.

securing documents (1)

Mr. Slippery (47854) | more than 5 years ago | (#26230215)

how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended

If you want to do that, never send electronic copies.

Send only hard copies, printed on paper with a security watermark, and with a tamper-evident seal.

Actually, don't send them. Allow access to them only at your secure facility. By people who have undergone thorough background checks. And who are strip-searched before entering the viewing facility, to prevent smuggling hidden cameras in.

Or, you could just deal with the fact that information is going to get out.

Re:securing documents (1)

SuiteSisterMary (123932) | more than 5 years ago | (#26230231)

Don't forget to use a variant of the Asherah virus to clean the info out of their brains after they're done looking at it. After all, it's your data, why should they be allowed to walk out with it in their brains?

You wouldn't let them bring a hammer or other tools home, right?

-L. Bob Rife

Technical wizardry won't help here (1)

azaris (699901) | more than 5 years ago | (#26230217)

During the last month, one of our customers accused us of providing another customer with their specification.

Forget about fancy industrial espionage scenarios with evil Chinese crackers. If this really happened and isn't just paranoia on the part of your customer, chances are it was someone in your company who had authorized access to the specs and, probably out of stupidity or by accident, forwarded the confidential information to someone they shouldn't have.

Sadly your most effective approach is to comb through e-mail logs of people with access to this document, and see what attachments they've been forwarding recently.

As others have already explained, there's no way to prevent this kind of thing from happening again, either. Just educate your people to keep confidential documents secure and get rid of people who disregard this rule.

This is not a technical problem (0)

Anonymous Coward | more than 5 years ago | (#26230261)

I worked for a comany that did many military contracts and required heavy document security. One of the bigest items I learned out of the training I needed to follow is that the procedures put in place are not so much to protect the documents, but to be able to control and limit the impacts of leaks.

In this case the labeling of documents "For US eyes Only" meant something, and "Controled Copy". The security staff could always audit (ask to see the document) to make sure it was properly stored and being handled properly. If the document was lost, a breach was assumed, a security incident was declared and registered with the authorities (eg: US gov). The document was assumed comprimised, and apropriate diciplinary action was taken if required.

All of this was procedural, as an employee, you were informed and responsible. If you photocopied a page, it was a breach. They NEVER gave a digital copy - too risky. Any Controlled copy had to be returned - just saying it was destroyed was not enough, they needed auditable proof (ie: they needed to do it) - because anytime someone could call "bullshit - prove it"

All the tech being listed here is to support a process - but you need the process first. This is older than computers - and there are many solutions out there. Unfortunatly, for us tech guys, the old "To a hammer, evreything is a Nail" rings true - everything can be solved using tech.

include misinformation in the document (1)

ffflala (793437) | more than 5 years ago | (#26230301)

You simply cannot control the distribution of a document once it is out of your hands.

However, you CAN trace information. Agree with your customer to include information that is deliberately inaccurate in your spec: certain figures are off by a predetermined fraction, for example.

That way, if the information IS leaked and appears in the hands of parties unaware of the misinformation, you can at least tell its origin.

Controlling Documents (1)

seshat (961751) | more than 5 years ago | (#26230379)

I recently attended a presentation of new startups at my University, and I think that the products of FortressWare are exactly what you are looking for: [] I haven't tried them, but from their presentation it seems they provide what you need.

Obligatory quote: (1)

gzipped_tar (1151931) | more than 5 years ago | (#26230381)

Digital files cannot be made uncopyable any more than water can be made not wet. -- Bruce Schneier

Encrypt Them (0)

Anonymous Coward | more than 5 years ago | (#26230395)

I'm not sure if this would solve your problem, but have you thought about encrypting/password protecting the documents? While this is not full proof to internal leaks (which you make it sound like), it should be quite effective against thieves.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?