How Do You Monitor Documents? 237
JumpDrive writes "I have been presented with a problem recently, which I know others have probably faced. During the last month, one of our customers accused us of providing another customer with their specification. So the question arose: how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended. We don't want to be restrictive, because at times, we have people all over the place, but if one of our documents were opened in a foreign country, that would arouse suspicions. Most of our documents are made with MS office suite, and I have been thinking of working on a macro to ping a server, but that would require the user to enable the macros, and it would also require the insertion into about 1000 documents. But it's been difficult for me to find a solution that doesn't prevent someone in Omaha from opening a document for legitimate use and is not a solution that can easily be disabled or hacked around."
Microsoft Rights Management Server? (Score:5, Informative)
http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx [microsoft.com]
Re: (Score:3, Informative)
Re: (Score:3, Funny)
Re:Microsoft Rights Management Server? (Score:5, Informative)
As does Oracle
Oracle Information Rights Management [oracle.com]
As does EMC, and a few others... Do shop around, as there are several products out there that can 'tether' assets - not just Microsoft Office documents too.
Other Options (Score:5, Informative)
EMC IRM [emc.com] (Formerly Authentica [slashdot.org] (yes, there is a typo in the summary))
Oracle IRM [oracle.com] (Formerly SealedMedia)
Liquid Machines [liquidmachines.com]
Adobe LifeCycle Rights Management [adobe.com]
Re: (Score:2)
Re: (Score:3, Informative)
Use GPG (GNU Privacy Guard). It's essentially PGP, but free. It uses assymetric encryption (Public and Private keys) up to 4096 bits of keylength, which is sufficient for most people. There are graphical frontends for Windows available, such as GPGee (shell extension).
If you encrypt a document using a customer's and your own public keys, only you and your customer can open it. It is extremely difficult (if not impossible) for other customers to open your documents. There's even support for digital signat
Re: (Score:3, Insightful)
yes, but once its open, it's open. and people are highly likely to open the archive, and keep the document unencrypted on their laptops.
here some form of document DRM could be a quite workable solution. I've been using Microsoft RMS as work as part of a pilot and while it has a few gotcha's, and while it does sometimes seem that MS just don't "get" how people use their software, it does seem to work.
the documents are encrypted within office apps (word, excel, outlook and powerpoint) and it has to authentica
Re: (Score:3, Insightful)
Scary thought to rely on Microsoft to solve this problem. I see quite a few other Microsoft pointers in the comments.
The problem seems to be what *people* do with the documents, not what the software does. Think sales person handing out brochures plus other informational material, sending emails with attachments etc.
The solution to this *people* problem is simply : policies + training.
Stephan
Re: (Score:3, Insightful)
The solution to this *people* problem is simply : policies + training.
I don't completely disagree with you, but I'd extend it to say "Policies + training + audit".
the microsoft solution, amongst others, provides a way to do this audit. it's not perfect, there are ways around the protection, but those ways rely on the person actively trying to get around the system. they know they are doing something wrong. these document DRM systems provide a framework so that the users can easily see what what they are sup
Re: (Score:2)
Sure, but software will not extend to print-outs.
I guess software can make it easier to avoid inadvertent disclosures, but I wouldn't trust it too much - plus the usability will suffer (pop-ups all the time?), even if it works.
Stephan
Not exactly (Score:5, Informative)
DRM is snake oil
DRM is snake oil in the way it's used to protect media from copy.
Because at the same time DRM is supposed to enable one to show the content (and thus give the key to the individual holding a copy) and exactly at the same time its supposed to stop unlicensed copies (thus preventing the exact same person using the exact same keys to copy the exact same media in a different way).
It's snake oil, because in the classical cryptographic triangle - A(lice) sending a crypted message to B(ob) without C(harles) snooping it - DRM makes B and C the exact same person.
Hence the contradiction, and hence DRM is doomed to eternally fail to protect media, no matter how contrived means are applied to it.
Here the reader ask a completely different question :
he wants A to be in the headquater, B to be an employee in Omaha, and C is some person doing industrial spying in Russia or China.
Some people are supposed to have the cryptographic keys to the documents, other people aren't supposed to have the keys.
In that circumstance, cryptography might help...
(Well, that's assuming that the thieve is an external person. Of course if that was an inside job, we're back at a situation that movies are in. But then the company has a much bigger problem of trust toward its employee to tackle first).
MS claims to do something which seems to be essentially *exactly* what you want
Well, the real problem is at the beginning of the sentence :
MS do something which seems to be essentially *exactly* what you want
Given their long history in term of computer security, you can count on MS to completely botch their solution...
Broken window vs. whole internet (Score:3, Insightful)
Furthermore, I'd argue that what makes locks effective is not the difficulty in opening them per se; most locks are actually not difficult to open. Heck in many cases all you need to do is break a window which could hardly be called difficult.
Also after breaking a window, one burglar has finally enough access only for himself, and he - alone - will be able to rob the house.
After breaking the DRM and managing to make 1 single unlicensed copy, thanks to the power of the internet suddenly everyone else in the world is instantly able to have access to this broken copy.
It is as if the same window broke on all houses of the same street and all the world's burglars where auto-magically teleported inside these houses to rob them at the same time.
Active Directory Rights Management Services (Score:5, Informative)
The best solution to your problem probably would be using Microsoft's AD RMS.
http://technet.microsoft.com/en-us/library/cc753531.aspx [microsoft.com]
AD RMS provides you with the ability to control licensing, opening, printing, etc. of documents. This will provide you with the audit trail you migh tneed.
Of course, you can still photograph every screen while scrolling through the pages, so it's essentially worthless in practice, but it might satisfy your customers demands for proper paperworks.
Yep, implementing AD RMS will be a heck a lot of work, and you'll surely need to adjust your internal processes in order to incorporate AD RMS.
What you're planning on doing is DRM: Which is, as all Slashdot readers know, impossible with a properly determined person. And in your case (industrial espionage), there are better people working on it than a few hackers that try cracking Blue-Ray in their spare time.
Re: (Score:3, Insightful)
".. And in your case (industrial espionage), there are better people working on it than a few hackers that try cracking Blue-Ray in their spare time.."
Alas...A good story, but I suspect there are very few industrial spies that are better at cracking DRM than the Blue-Ray hackers. Indeed, if there were any, DRM would be much harder to break.
And (and I speak from experience here), government has even less capabilityof clever cracking. It can throw a lot of money at a prpblem, but these problems are never solv
Re: (Score:2, Funny)
(Remember, the NSA is listening to you. Thanks, AT&T!)
If they were competent, they wouldn't have involved AT&T.
Re: (Score:2)
So they saved themselves some work, that's not a sign of incompetence, actually that shows true competence.
Doing more than is necessary to achieve the same result, now that's incompetent.
If you are planning on drinking out of a firehose. (Score:2)
You have got to involve someone with an active firehose.
That is competence no matter how you slice it.
Letting an AT&T tech find out about the NSA closet on the other hand was not competent.
I'm sure they are being more discreet these days.
Re: (Score:2, Interesting)
The best solution to your problem probably would be using Microsoft's AD RMS.
Can this solution be used without an Active Directory environment?
There are plenty of organisations out there using other authentication, authorisation and trustee management mechanisms, just wondering what their options might be.
Re: (Score:2, Informative)
No.
No idea, sorry. Adobe also offers some DRM with their Adobe Acrobat / Acrobat Reader Suite, but the question specifically stated that they used MS Office, for which AD RMS probably is the best bet.
Re:Active Directory Rights Management Services (Score:5, Funny)
Can this solution be used without an Active Directory environment?
No. AD RMS, as the name implies, requires an Active Directory implementation. Microsoft is all about doing it one way -- The Microsoft Way. You obviously require re-education. Quick. Send in the consultants!
Re: (Score:2)
And if Novell had won the war for being the Directory Services for us all with Netware Directory Services, I bet we wouldn't see a Netware Rights Management System which would not require NDS. Duh!
You can use another RMS with AD at least. But it would be a bit of stretch to think Microsoft must have the obbligation to provide a product like that when it's not clearly on their business interests.
Alas, would Windows had became a niche product, I doubt there would be so much people interested on working with S
Re:Active Directory Rights Management Services (Score:5, Insightful)
The problem is: How can you prevent users with job responsibilities that require them to have access to the data for client A from sharing that (directly or indirectly) with client B. There really isn't a good way to do this, since in the worst case, the user can manually copy the material onto paper or take a picture with their cellphone.
Your best approach is a group of mitigation procedures that make it difficult for information to be intercepted between you and client A, and at least provide audit trail capability for users accessing confidential information.
The bad news is that you probably have no way to win client A's trust back. They've already made the accusation, and since you didn't have any pre-existing mechanism in place to monitor and prevent, you can't investigate their claims effectively. Also, if it turns out that employees of your company shared this information as a short-cut for supporting client B, you're really screwed in terms of legal responsibility and employee ethics. You'd have to fire both the source and the recipient in the data share, just for starters.
For the future: keep confidential documents in an encrypted content-management repository with user access and rights controls that can support segregation of groups, projects and so on. Have all your clients encrypt their data with your company's public key so that there is no MITM risk for items they are sending to you over the net (or Fedex for that matter). Institute a training program that emphasizes the segregation of projects for different clients (especially competitors) unless you are developing a project that is explicitly designed and marketed as a shared or commercial offering. And institute a security policy for your employees and contractors that identifies penalties including termination of employment, civil and criminal liability if data confidentiality policies are violated. You should probably also have a project "non-compete" clause where one person cannot work on projects for competing customers within 6 months of each other (or whatever timeframe is reasonable).
You may also want to look at the physical security of your facilities. If your people are leaving confidential documents in unlocked cabinets or leaving their PCs logged in, anyone with access to the office area (visitors, delivery people, cleaning service) could have taken the information.
RMS wouldn't help out (Score:4, Funny)
Re: (Score:3, Interesting)
"Worthless in practice" . . . not in my experience. Many leaks occur as people cut-and-paste or include more and more people in casual distribution ("Hey Joe, you might be interested in..."). Putting restrictions on a document helps this.
Security is a process, not a destination. Guarding against casual or thoughtless disclosure is a great mitigation; don't dismiss it because it doesn't solve the whole problem. No single thing will.
Re: (Score:2)
Guarding against casual or thoughtless disclosure is a great mitigation; don't dismiss it because it doesn't solve the whole problem. No single thing will.
As long as you're just guarding against the casual screwup (i.e. the vastly most common case!) then solutions like AD RMS are fine. That's what they're there for, and the security people at MS would agree with me about this.
They're not intended to deal with malicious access, e.g. espionage. That's an entirely different problem, and much much harder.
File Monitoring (Score:4, Informative)
You don't say what operating system you are running on the clients (I'm assuming windows of some variety), what network os you are using, or where the files are stored.
However, you want to turn on file access monitoring. It's pretty simple if you have one file server and all the files are there because you only have to turn it on once. Here's a good start:
http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tcgch03n.mspx
If you are running linux, http://www.rootprompt.org/article.php3?article=10751 was the second article in a google search.
Depending on the number of users and files, your logs can fill up quite quickly. You may also want something like SNARE http://www.intersectalliance.com/projects/index.html to monitor workstations. They may be doing some server work this morning; I'm getting a time out on the web page.
The bigger question though is if your clients think you are cheating them, why will they believe your logs?
You may also want to get some books on windows and linux security monitoring.
With a cabinet (Score:5, Funny)
I keep my sensitive documents in a locked cabinet. Never had an issue with a document opening itself in a foreign country.
Re: (Score:2)
That's why I write all my documents on blank paper with a Bic pen. Now I'll grant you that encrypting and decrypting those documents is a pain. Oh well, at least they are secure.
Watermarks (Score:5, Interesting)
The watermark doesn't even have to be high tech, it can just be a guid inserted at some point in the document, with a company policy that says when you can remove it (never?), when you should change it (when it crosses a boundary, like a departmental boundary) and how records should be kept (e.g. a central database of which event caused the creation of a new guid).
Re: (Score:2, Insightful)
What's to prevent someone from removing the watermark on a copy and then sending it off? I thought the idea of watermarking was to make it automatic and invisible to the ordinary user.
Re: (Score:2, Informative)
You mean stenanography. The GP is using a watermark (watermarks are imprinted in a medium to determine where something came from). A watermark can be easily visible without hiding information. In fact, most sites use watermarks in images to prevent hotlinking and taking credit for the image.
DDRM is what you asked for, not monitoring (Score:3, Insightful)
DRM is broken by design.
Document DRM is even simpler to circumvent. Tiny cellphone/digital cameras. Screenshot much? Notepads? A really good memory is anti-ddrm. The best you can do is log access, but once it is accessed, there is no control over specifications. YMWNV.
Monitoring is exactly what he asked for (Score:3, Informative)
"how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended?"
"if one of our documents were opened in a foreign country, that would arouse suspicions."
"Logging access" is exactly what he's trying to do. The idea here would be at least knowing, and if you've only given a document to one external entity, you know you have a leak somewhere within that entity or your own organization. Simple managed watermarking can help to discover which.
And DRM in gener
embed (Score:2)
Don't know how many document formats support it, but perhaps you could have an embedded image or other embedded information pointing at a file on a web server. All accesses would then be recorded on the server log.
Re: (Score:2)
There is no solution (Score:2)
What you are trying to do is what DRM has been trying to do for a long time: prevent unauthorised people opening a document on untrusted hardware.
The reason all DRM ultimately fails is because the system opening the document is untrusted. You simply can't have easy access outside your company with the ability to do things like print and prevent unauthorised copying, the two are mutually exclusive.
There are systems which do what you are asking, but they all rely on only trying to open the document within you
Use Sharepoint (Score:2, Informative)
Sharepoint is your best bet here.
The only alternative I can think of is checking your docs into your source control.
Re: (Score:2)
Sharepoint is your best bet here. The only alternative I can think of is checking your docs into your source control.
I already spouted off on SharePoint doesn't enforce checkout in another post so I won't repeat that here. So I'll comment on version control aspects of it as well as version control in general. In this case, unless the poster can make his customers go to his server all the time for his document then any version control system is going to be useless, much like SharePoint would be. If the poster can redirect all customers to his site for doc retrieval then SharePoint may work.
However, once your database gets
DLP (Score:2)
Protection of data is hard. There are many variables to consider.
The first step to understanding what data that requires protection is to perform a risk assessment. This will help identify information which may result in financial loss, corporate brand confidence in the event that the data is compromised.
It's important that this task has senior management sponsorship. Getting a sysadmin to "get on with it" is not good enough. It needs input from the business to understand the information that needs protecti
NTFS auditing (Score:2)
You can't (Score:5, Insightful)
That is the simple answer.
If you want to give something to someone, you can't control what they do with it. That is like saying "I want to give this hammer to a friend, but I want to prevent them from loaning it to someone else, or using it to smash computers with."
If you don't trust the person that you give something, then the chain of trust is broken. Everything we do is based on trust. I trust if I give you an emergency key to my house that you won't rob me. I trust that when I accept cash from you to pay for a service that it isn't counterfeit. I trust when you sign a contract with me, you will live up to your duties in the contract. I trust when you babysit my children you won't rape them. You pretty much asked for exactly what the whole point (and failure) of DRM is all about- trying to FORCE *everyone* to trust and comply with your wishes. You can't. Welcome to humanity.
Re: (Score:2)
You can't eliminate the chance of a fatal car accident unless you never go near a road or get in a vehicle, but that doesn't mean wearing a seat belt is a waste of time.
contract signing (Score:2)
actually says I don't 'trust you when you shake my hand- but if we get a third party (or more involved) then I'll trust you'
Impossible (Score:5, Insightful)
No, you can't. If you want people to be able to read it, they can copy it. You can make it more cumbersome but nothing can prevent screenshots. You can waste a lot of time and money, but the best you will achieve is being able to say "we tried". Because you cannot succeed. You can't distribute a document and at the same time expect it to remain secret.
Re: (Score:2)
Re: (Score:3, Interesting)
NSA Impossible (Score:2)
Quick! Call up the NSA. This guys onto something.
Re: (Score:2)
Re: (Score:2)
Some apps (BlueCoat, for example) can disable screen captures (I think what it really does is control the clipboard API access) either globally or based on the source application name, but as you say, this doesn't help in the case of screen capture using an external digicam. So unless you have screen cap disabling software AND confiscate everyone's cellphones on entry into secured areas, you still have a fair risk that a determined spy can grab the data.
Adobe (Score:2)
At my workplace we handle standards and manufacturing procedures for a variety of companies worldwide. We don't lock our documents but we do use adobe PDF's so we can track who accesses. They state that it's basically not feasible to be able to prevent access to something unless you were to grant it remotely in the first place (similar to like a view-only google doc) instead of giving a document to your customer. Meanwhile, this could still be screencapped if someone wanted their own copy, so it's not even
Interwoven DMS (Score:2)
Depending on your budget, there may be some value in looking into the "Interwoven" Document Management System (DMS)..
Its primarily marketed to legal firms, however its got great file tracking (i.e. who, where, when opened, printed, viewed, and for how long.. etc..) and is quite well rounded to suite the needs of just about anyone.
Has no Linux suport for the server or desktop clients though...
Re: (Score:2)
Yes there is Open Source solutions to his problem: http://wiki.services.openoffice.org/wiki/OpenOffice.org_Solutions#Content_.26_Document_Management_Systems.2C_Search_Technology [openoffice.org]
Alfresco and Plone are the most known solutions and they're (much) cheaper than MS products and imho easier to implement and use
microsoft advertising? (Score:2, Insightful)
This ask slashdot seems a little suspicious to me, it does seem to exactly match the feature set of a suite of microsoft products.
Anyone worth thair salt as a system administrator that works with microsoft tools should know the features of microsoft office and the add on server components to get the DRM system working in an enterprise.
It sounds suprisingly close to what you would find in a microsoft pamphlet.
Re: (Score:2)
Re: (Score:2)
I'm a dev on the AD RMS team and I can't imagine this being from our marketing team. RMS is designed to solve two main problems: unauthorized access and accidental leakage. The document is encrypted no matter where it goes (laptop, USB key, bittorrent, etc.). Only authorized users will be able to open the doc in the first place. Once an authorized user has opened a document, they are provided with a certain set of rights (the ability to forward, edit, print, etc.). These are meant to provide protection agai
What's the real problem here? (Score:5, Informative)
OK, you've gone for a tech solution to a problem before really asking what the problem here is. So what's the real problem? Legal libility, of course. Your customer X is accusing you of sharing data with their competition Y.
Create an job to track sensitive documents. If you only have a few, then it would be additional duties for someone. If you have a lot, it's a new position. This job is to track who has legitimate access to sensitive documents. When customer X starts throwing allogations you've shared data with customer Y, everyone that has legitimate access to the data is required to sign an affidavit that they did not share the data with people not autorized to have the info. Now customer X has to PROVE that one of your employee's did indeed do so, and that their affidavit is a lie. MUCH harder to prove and a lot cheaper for your company to defend against.
Of course, that won't stop customer X from THINKING you did, and that may cost you that customer, but absent using a full up sensitive document control system like the government does, there's no real inexpensive solution I've found. I'd be interested to see if /. comes up with one though.
Re: (Score:2)
This is exactly the way the biggest consulting companies in the world handle this issue. At the end of the day, there is no technical reason preventing stolen data, but there is a rather voluminous paper trail. Also the company has rather extensive employee training programs and policies regarding documents marked "confidential" that can always be pointed to as due diligence to stave off liability.
Welcome to Multi-Level Security (Score:3, Insightful)
First, though, if you don't have a document handling and marking policy for PAPER documents, you're unlikely to succeed implementing one for electronic documents. In other words, if you don't presently mark printed documents with restrictive handling requirements ('secret', 'confidential', 'proprietary', 'atty-client privileged'), it won't do you any good to try to control their electronic versions.
Second, Windows has never been designed to try to enforce more than discretionary controls. What does that mean? It means that EVERYONE who touches the machine or its data is presumed to be cleared to see whatever is on the machine. They may not have the need to know what's there (that's what DAC does), but they're cleared to see it - so they're TRUSTED to handle it correctly.
If that doesn't describe your environment, you should reconsider whether a single-level system, like Windows, is suitable for storing, printing and using your documents in your environment.
Re: (Score:2)
Err, what? Windows NT was built from the ground-up to enforce incredibly fine-grained manadatory access controls.
The problem is if s
Re: (Score:2)
Sorry, no - mandatory access controls mean that users of the system, including administrators, cannot override the security policy - which is usually expressed in terms of sensitivity labels on protected objects (data, devices, etc.) for comparison to clearance labels according to a dominance relationship.
NT and its successor OSes have always been considered "single level", lacking any concept of labels or supporting multiple clearances of users. Consider that they have been consistently evaluated under th
Re: (Score:2)
The GP is describing the Bell-LaPadula security model [wikipedia.org] which is what the DoD uses, and ensures secrecy of secret documents by only giving them to people who are trusted not to leak them (i.e. they have security clearences).
Using the computer for completely technical control (trusting minimal humans) requires an originator-controlled security model. A big assumption of this is that the underlying system can enforce it. In essence today, this requires that the document cannot leave the computer or network that
Microsoft Sharepoint (Score:2, Insightful)
Re: (Score:2)
Microsoft SharePoint does not enforce document checkout to modify a document, at least with the free version we use at work. I believe the pay version is the same because I used it a while back prior to a customer deployment. You can also view documents in a File Share type view and modifying documents that way won't even give you an option to do a checkout prior to the modifications. There is no version history either when accessing the files using a File Share view.
I don't think SharePoint is the answer h
Usable documents? (Score:2)
You can agree there is no use to copy/paste portions of your documents, no need to use them under any other platform than windows, but printing?
The problem will end being in how many ways you will penalize the rightful users of those documents to avoid someone else to access
You Need More than a Software Solution (Score:3, Insightful)
Re: (Score:2)
Impossible. (Score:2)
lol
DRM doesn't work. It's technically impossible.
Your best bet is to not give the document to untrusted parties.
- Jesse McNelis
Forget it (Score:2)
Anybody halfway competent can sanitize documents. The easiest way is to transcribe them.
All types of DRM and watermarking have been broken successfully, typically with far lower effort for the attacker than the defender spent in the first place.
You basically cannot defend yourself against this type of accusation and that is one of the reasons why the accuser has to prove them and not the accudes to disprove them. I would avdvise you to terminate business relations with the people accusing you. ''Nonexistent
poor mans solution: samba (Score:2)
SendSide - https://www.sendside.com/ (Score:2)
There is no way to prevent someone from doing something like taking a photo of all the pages on a screen and sending them to someone.
However, a product like Sendside will let you track everyone who receives, opens, and forwards a message that you send.
If you are really paranoid you can use encryption on the document and make all recipients provide their own encryption keys.
Take the first step (Score:2)
OK, so it really isn't that dire, but you cannot control what software will be used to open a document, so you cannot possibly guarantee the ability to track such access. Of course you can devise a system that tracks most accesses, but your specific example - opening a document in Europe IIRC - would be most likely to be defeated by the wide popularity of diverse FOSS tools such as linux and the tools that run on it.
Only if you centralize access (Score:2)
The only way you can do this is if you centralize access: place the document only on a central server and only allow access to it by viewing it on that server. Then that server can log every access and where it came from. That means, BTW, that you can't make the document accessible via a Web server, since the user could just do "Save As..." and make a local copy. Ditto making it available from a file share. You'd need to set up remote access to the server (X11 and an SSH tunnel, for instance, or Windows Rem
Technical wizardry won't help here (Score:2)
During the last month, one of our customers accused us of providing another customer with their specification.
Forget about fancy industrial espionage scenarios with evil Chinese crackers. If this really happened and isn't just paranoia on the part of your customer, chances are it was someone in your company who had authorized access to the specs and, probably out of stupidity or by accident, forwarded the confidential information to someone they shouldn't have.
Sadly your most effective approach is to c
include misinformation in the document (Score:2)
You simply cannot control the distribution of a document once it is out of your hands.
However, you CAN trace information. Agree with your customer to include information that is deliberately inaccurate in your spec: certain figures are off by a predetermined fraction, for example.
That way, if the information IS leaked and appears in the hands of parties unaware of the misinformation, you can at least tell its origin.
Obligatory quote: (Score:2)
Digital files cannot be made uncopyable any more than water can be made not wet. -- Bruce Schneier
how to check location? (Score:2)
encryption and key handling (Score:2)
How about have such documents sent to one person, or a small team, who encrypt them and generate the keys. The document is then provided by *that* team's site, and all access to the files is recorded, *and* that a request to that team must be made for the appropriate key, and who what key was provided to, of course, would be logged.
Would that cover it?
I would use GPG, since other encryption software might be illegal to allow someone traveling out of the country to carry.
Move everything to a wiki with restricted access (Score:2)
And use the web server to monitor accesses to your heart's content. This will shows you if someone opens the docs from a foreign country or any other location. :)
Of course it doesn't protect the documents in any complete way - just like with any other DRM, a smart user could circumvent this by using a proxy or making an offline copy of the doc.
But then if you don't trust your employees, nothing will work anyway
Keep the docs on your web-site (Score:2)
Keep the documents on your web-site (in HTML or PDF, if you must). Protect access to the site with customer-specific usernames/passwords. Instead of mailing out entire documents (in a proprietary format), mail out links to them instead — and save us all some bandwidth.
Yes, a user with elementary knowledge of computers will be able to download your doc (especially easy with PDF) and then e-mail. But all the other little schemes are defeated with the same amount of elementary knowledge.
You can also
Other things to look into... (Score:2)
Since you are using MS Office documents, best place to start is Microsoft as you aren't the first person to have a request like this... Search their site.
Other things I know to look at other than what has been suggested are:
-Office Live (Cloud Stuff, but does tracking)
-Sharepoint (You can internally host it on an Intranet and make it available via Internet and it also provides checking in and out of documents and tracking and can be extended to do extra things you might need, but it is a quick out of the bo
Tradeoffs (Score:2)
One important factor in making security decisions is the tradeoff between preventing access by unauthorized people versus annoying authorized people. You can implement five-stage biometric security to open a lab door, but that increases the chances that lab workers will prop the door open when they go to the bathroom.
The main convenience issue that occurs to me in your situation is what happens when someone opens the document without a network connection? If somebody backhoes the Internet connection to yo
People are the key, as in every security shortfall (Score:2)
The talk of DRM is kind of ridiculous. DRM is for preventing unauthorized people from gaining access to to files. DRM does nothing for preventing people you supposedly trust from accessing files and sharing the information therein. You either trust the people who access your data or you don't.
You do need a tracking system of some sort, as your brainstorming illustrated. What you need will need to be on the server-side of things - any client based tracking (where the records are stored for any length of time
Coming In Sideways (Score:3, Interesting)
Let's say that up until now you haven't had the ability to monitor documents to the extent specified. You can't prove whether or not the leak occurred from within your domain. Neither can they: they don't have the ability either, or you'd know. So, neither can they can't disprove your (forthcoming) assertion that the leak came from within their domain, and you can't support it. But as we can see commonly happen, accusations carry more weight than mere questions, rightly or wrongly. Accusing them will wake them up and put you on even footing. From then on you can develop a mutually acceptable and workable security system.
It'll have to be rigorous, as in enlisting the OS to assist. Otherwise one could simply copy the file and open it outside a secured domain. And that too will take oversight, by one such as a security admin who'll be able to track the file's circulation including any instances of it being copied. Note that opening for editing constitutes an explicit copy until (at least) the changes are saved, which would show up, and copying the data from memory to a swap file would constitute an implicit copy that wouldn't normally get reported. It could, however, be used to grab a copy (of a copy) of the file just as we used to use a browser's cache for grabbing copies of streamed media that weren't otherwise easily snagged.
Of course you could use the information above to show they can't support their assertion and so you could sue them for defamation. Better, you could give them the choice of that or joining you in investigating the security problems and solutions, and possibly investigating the competitor for espionage. Once again, accusations can carry a lot of weight. But then the competitor might be willing to join the investigation in order to be able to track their own as well as (as could everyone) prove that any infringements didn't come from their domain. The best security comes when all are watchers and all watch each other in the open.
samba file server + auditd (Score:2)
I was trying to solve a somewhat similar problem and while I'm not sure if there is going to be an easy drop in solution I think you can assemble what you need using a combination of a Samba file server to store the documents and either a custom monitoring daemon on the file server that uses the inotify API or setup the auditd rules and put together some scripts to transform the audit log files into a report you can use.
For what I needed I ended up writing a simple bash script that runs continuously in the
Fix the root of the problem: (Score:2)
Tell your tech writers not to copy and paste specs or other internal documents.
Or if they do, have them save the copies without metadata. I'm not a betting man, but the odds are, your company didn't share your customer's secrets with its competition. The potential liability is too big and too obvious. Instead, I'd wager someone tried to save time by cutting and pasting one document into another as a template. The tech writer then modified the template to address the new client's needs and emailed it off
Use Google Docs (Score:4, Funny)
The simple solution is to use google docs and tie your documents to google analytics.
Code Green Networks (Score:2)
Code Green Networks [codegreennetworks.com] provides scanners that detect and block certain documents from going across your network. Of course, they won't stop an intelligent and determined corporate spy, but that's a much harder problem.
Use a CMS (Score:2)
As an alternative, you'd have to publish docs in a ebook type format that includes a contact back to a server to log who and where a document was opened. Standard OOTB functionality of Office or even PDF is too easily defeated.
Re:Document control (Score:5, Insightful)
You have completely missed the point of Ask Slashdot. It's just not about doing a 5 minute search and randomly choosing one. The reason people ask this group questions like this is because they want more detailed information from people who have hopefully had hands on experience doing these things. What worked? What didn't? Why did it, or did not work? How was implemented? You may not be able to find that kind of information easily even if you know what to search for. And once you have that information, there are other people to give their insights on what that persons stories. It has the potential to be one big chain of helpfulness.
Sure, it's a cheap and lazy way of getting someone else to do some of your work for you, but it's not generally a bad thing. I know if I was completely clueless about some tech related problem, I'd probably ask here. Wouldn't you?
Re: (Score:2)
No i wouldn't come here FIRST. I would have done a little research on my own before i came to a (suspect) public forum to ask my question.
A little bit of upfront leg work isn't unreasonable to ask.
Re: (Score:2)
I don't know if I'd find the information here "suspect". There's a lot of knowledgeable people here. For a first choice? Maybe not the best choice, but if you're really stumped and have no place else to turn, I wouldn't say Slashdot is a terrible place to ask a question and get some help.
Some people just get into "writer's block mode", for a lack of a better term, when you have a pressing issue to deal with. I know it happens to me from time to time with my job. I just simply ask people who are more knowled
Re: (Score:2)
I agree that there may be a lot of knowledge here but there is far more blind bias around these parts that make all advice suspect and subject to rational review.
Re: (Score:2)
Not to mention that, in general, Ask Slashdot stories are about questions that would be useful to a wider group of people, not just the person who submitted the question. Perhaps someone else was needing an answer to this problem, or someone else has a similar problem but wasn't sure how to go about it
Re: (Score:2)
But what you didn't explicitly mention, you seem to take it for granted, is that all systems at some point have to rely on trust.
So the issue at hand is best, if not only, tackled at the HR and/or PO department, more technology has little effect.
Re: (Score:2)
In my company the incoming documents are converted into a wiki and access is given to people who need it. Once work is done on it it requires two different people (managers/experts) to review it and mark it as complete. Then it is converted back into a Word/Excel/PDF/Whatever document and sent to the client.
May I ask what software you are using for your 'wiki' ? We are looking for something with similar functionality (I can do without the document conversions) for our internal documentation, and the wiki
Re: (Score:2)
I agree with this post, or at least this aspect of it: there isn't really going to be a technical solution. You won't find a magic DRM that actually works, can't be broken, and tracks everywhere the file goes.
What you probably can do is develop a system that will restrict access to the files to only a few authorized people, and tracks who accesses it from that server when. So it would allow you to say, "Only people who are working on this account can access this document, and only [Person A], [Person B],
Re: (Score:3, Informative)
Re: (Score:2)
Don't forget to use a variant of the Asherah virus to clean the info out of their brains after they're done looking at it. After all, it's your data, why should they be allowed to walk out with it in their brains?
You wouldn't let them bring a hammer or other tools home, right?
-L. Bob Rife
Re:Google Apps? (Score:5, Interesting)
Copy/paste is disabled? The ability to take local screen caps? The ability to make notes with a pen and paper?
For documents that really, truely need to be tracked, you use a canary trap. That is, each copy is slightly and uniquely different. Each copy is receipted by a specific person. If you find a copy in the wild, you can find a key phrase and track down who leaked it.