Slashdot Mirror
How Do You Monitor Documents?
JumpDrive writes "I have been presented with a problem recently, which I know others have probably faced. During the last month, one of our customers accused us of providing another customer with their specification. So the question arose: how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended. We don't want to be restrictive, because at times, we have people all over the place, but if one of our documents were opened in a foreign country, that would arouse suspicions. Most of our documents are made with MS office suite, and I have been thinking of working on a macro to ping a server, but that would require the user to enable the macros, and it would also require the insertion into about 1000 documents. But it's been difficult for me to find a solution that doesn't prevent someone in Omaha from opening a document for legitimate use and is not a solution that can easily be disabled or hacked around."
The best solution to your problem probably would be using Microsoft's AD RMS.
Can this solution be used without an Active Directory environment?
There are plenty of organisations out there using other authentication, authorisation and trustee management mechanisms, just wondering what their options might be.
The watermark doesn't even have to be high tech, it can just be a guid inserted at some point in the document, with a company policy that says when you can remove it (never?), when you should change it (when it crosses a boundary, like a departmental boundary) and how records should be kept (e.g. a central database of which event caused the creation of a new guid).
"Worthless in practice" . . . not in my experience. Many leaks occur as people cut-and-paste or include more and more people in casual distribution ("Hey Joe, you might be interested in..."). Putting restrictions on a document helps this.
Security is a process, not a destination. Guarding against casual or thoughtless disclosure is a great mitigation; don't dismiss it because it doesn't solve the whole problem. No single thing will.
Any sufficiently advanced technology is insufficiently documented.
Copy/paste is disabled? The ability to take local screen caps? The ability to make notes with a pen and paper?
For documents that really, truely need to be tracked, you use a canary trap. That is, each copy is slightly and uniquely different. Each copy is receipted by a specific person. If you find a copy in the wild, you can find a key phrase and track down who leaked it.
Vintage computer games and RPG books available. Email me if you're interested.
Let's say that up until now you haven't had the ability to monitor documents to the extent specified. You can't prove whether or not the leak occurred from within your domain. Neither can they: they don't have the ability either, or you'd know. So, neither can they can't disprove your (forthcoming) assertion that the leak came from within their domain, and you can't support it. But as we can see commonly happen, accusations carry more weight than mere questions, rightly or wrongly. Accusing them will wake them up and put you on even footing. From then on you can develop a mutually acceptable and workable security system.
It'll have to be rigorous, as in enlisting the OS to assist. Otherwise one could simply copy the file and open it outside a secured domain. And that too will take oversight, by one such as a security admin who'll be able to track the file's circulation including any instances of it being copied. Note that opening for editing constitutes an explicit copy until (at least) the changes are saved, which would show up, and copying the data from memory to a swap file would constitute an implicit copy that wouldn't normally get reported. It could, however, be used to grab a copy (of a copy) of the file just as we used to use a browser's cache for grabbing copies of streamed media that weren't otherwise easily snagged.
Of course you could use the information above to show they can't support their assertion and so you could sue them for defamation. Better, you could give them the choice of that or joining you in investigating the security problems and solutions, and possibly investigating the competitor for espionage. Once again, accusations can carry a lot of weight. But then the competitor might be willing to join the investigation in order to be able to track their own as well as (as could everyone) prove that any infringements didn't come from their domain. The best security comes when all are watchers and all watch each other in the open.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
As a retired Navy officer, I have a little familiarity with the subject of "security". Does the name "Walker family" ring any bells? The Walkers were three security-cleared, top-secret-crypto-certified Soviet spies. For YEARS, they gave communications crypto codes to the Soviets, which allowed the Russians to read U.S. ciphers. Against dedicated spying like this, there is NO WAY to GUARANTEE the security of your documents. Microfilm cameras have evolved into cell phone cameras, and high resolution digital copiers have made things harder to control, but if an trusted-but-untrustworthy person has access to a document, he has an excellent chance of being able to transmit the secret information to another party. At best, you can hope to detect when he has done so. Because no matter what the vetting process, spies DO get through.