How Do You Monitor Documents? 237
JumpDrive writes "I have been presented with a problem recently, which I know others have probably faced. During the last month, one of our customers accused us of providing another customer with their specification. So the question arose: how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended. We don't want to be restrictive, because at times, we have people all over the place, but if one of our documents were opened in a foreign country, that would arouse suspicions. Most of our documents are made with MS office suite, and I have been thinking of working on a macro to ping a server, but that would require the user to enable the macros, and it would also require the insertion into about 1000 documents. But it's been difficult for me to find a solution that doesn't prevent someone in Omaha from opening a document for legitimate use and is not a solution that can easily be disabled or hacked around."
Re:Active Directory Rights Management Services (Score:2, Interesting)
The best solution to your problem probably would be using Microsoft's AD RMS.
Can this solution be used without an Active Directory environment?
There are plenty of organisations out there using other authentication, authorisation and trustee management mechanisms, just wondering what their options might be.
Watermarks (Score:5, Interesting)
The watermark doesn't even have to be high tech, it can just be a guid inserted at some point in the document, with a company policy that says when you can remove it (never?), when you should change it (when it crosses a boundary, like a departmental boundary) and how records should be kept (e.g. a central database of which event caused the creation of a new guid).
Re:Active Directory Rights Management Services (Score:3, Interesting)
"Worthless in practice" . . . not in my experience. Many leaks occur as people cut-and-paste or include more and more people in casual distribution ("Hey Joe, you might be interested in..."). Putting restrictions on a document helps this.
Security is a process, not a destination. Guarding against casual or thoughtless disclosure is a great mitigation; don't dismiss it because it doesn't solve the whole problem. No single thing will.
Re:Google Apps? (Score:5, Interesting)
Copy/paste is disabled? The ability to take local screen caps? The ability to make notes with a pen and paper?
For documents that really, truely need to be tracked, you use a canary trap. That is, each copy is slightly and uniquely different. Each copy is receipted by a specific person. If you find a copy in the wild, you can find a key phrase and track down who leaked it.
Coming In Sideways (Score:3, Interesting)
Let's say that up until now you haven't had the ability to monitor documents to the extent specified. You can't prove whether or not the leak occurred from within your domain. Neither can they: they don't have the ability either, or you'd know. So, neither can they can't disprove your (forthcoming) assertion that the leak came from within their domain, and you can't support it. But as we can see commonly happen, accusations carry more weight than mere questions, rightly or wrongly. Accusing them will wake them up and put you on even footing. From then on you can develop a mutually acceptable and workable security system.
It'll have to be rigorous, as in enlisting the OS to assist. Otherwise one could simply copy the file and open it outside a secured domain. And that too will take oversight, by one such as a security admin who'll be able to track the file's circulation including any instances of it being copied. Note that opening for editing constitutes an explicit copy until (at least) the changes are saved, which would show up, and copying the data from memory to a swap file would constitute an implicit copy that wouldn't normally get reported. It could, however, be used to grab a copy (of a copy) of the file just as we used to use a browser's cache for grabbing copies of streamed media that weren't otherwise easily snagged.
Of course you could use the information above to show they can't support their assertion and so you could sue them for defamation. Better, you could give them the choice of that or joining you in investigating the security problems and solutions, and possibly investigating the competitor for espionage. Once again, accusations can carry a lot of weight. But then the competitor might be willing to join the investigation in order to be able to track their own as well as (as could everyone) prove that any infringements didn't come from their domain. The best security comes when all are watchers and all watch each other in the open.
Re:Impossible (Score:3, Interesting)