Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Do You Monitor Documents?

Posted by samzenpus on from the protect-yourself-at-all-times dept.

JumpDrive writes "I have been presented with a problem recently, which I know others have probably faced. During the last month, one of our customers accused us of providing another customer with their specification. So the question arose: how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended. We don't want to be restrictive, because at times, we have people all over the place, but if one of our documents were opened in a foreign country, that would arouse suspicions. Most of our documents are made with MS office suite, and I have been thinking of working on a macro to ping a server, but that would require the user to enable the macros, and it would also require the insertion into about 1000 documents. But it's been difficult for me to find a solution that doesn't prevent someone in Omaha from opening a document for legitimate use and is not a solution that can easily be disabled or hacked around."

3 of 237 comments (clear)

  1. Watermarks by The+New+Andy · · Score: 4, Interesting
    Watermark stuff where it is useful so you can see where copies of stuff have come from. Don't bother trying to track things you can't actually track (file viewing, opening, printing, etc).

    The watermark doesn't even have to be high tech, it can just be a guid inserted at some point in the document, with a company policy that says when you can remove it (never?), when you should change it (when it crosses a boundary, like a departmental boundary) and how records should be kept (e.g. a central database of which event caused the creation of a new guid).

  2. Re:Google Apps? by SuiteSisterMary · · Score: 4, Interesting

    Copy/paste is disabled? The ability to take local screen caps? The ability to make notes with a pen and paper?

    For documents that really, truely need to be tracked, you use a canary trap. That is, each copy is slightly and uniquely different. Each copy is receipted by a specific person. If you find a copy in the wild, you can find a key phrase and track down who leaked it.

    --
    Vintage computer games and RPG books available. Email me if you're interested.
  3. Re:Impossible by kenwd0elq · · Score: 3, Interesting

    As a retired Navy officer, I have a little familiarity with the subject of "security". Does the name "Walker family" ring any bells? The Walkers were three security-cleared, top-secret-crypto-certified Soviet spies. For YEARS, they gave communications crypto codes to the Soviets, which allowed the Russians to read U.S. ciphers. Against dedicated spying like this, there is NO WAY to GUARANTEE the security of your documents. Microfilm cameras have evolved into cell phone cameras, and high resolution digital copiers have made things harder to control, but if an trusted-but-untrustworthy person has access to a document, he has an excellent chance of being able to transmit the secret information to another party. At best, you can hope to detect when he has done so. Because no matter what the vetting process, spies DO get through.