How Do You Monitor Documents?

JumpDrive writes "I have been presented with a problem recently, which I know others have probably faced. During the last month, one of our customers accused us of providing another customer with their specification. So the question arose: how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended. We don't want to be restrictive, because at times, we have people all over the place, but if one of our documents were opened in a foreign country, that would arouse suspicions. Most of our documents are made with MS office suite, and I have been thinking of working on a macro to ping a server, but that would require the user to enable the macros, and it would also require the insertion into about 1000 documents. But it's been difficult for me to find a solution that doesn't prevent someone in Omaha from opening a document for legitimate use and is not a solution that can easily be disabled or hacked around."

Microsoft Rights Management Server?

[Richard_at_work]

See topic - MS do something which seems to be essentially *exactly* what you want, and since you are using MS Office, I would suggest giving it a try.

http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx

Re:Microsoft Rights Management Server?

[(H)elix1]

As does Oracle

Oracle Information Rights Management

As does EMC, and a few others... Do shop around, as there are several products out there that can 'tether' assets - not just Microsoft Office documents too.

Active Directory Rights Management Services

[lukas84]

The best solution to your problem probably would be using Microsoft's AD RMS.

http://technet.microsoft.com/en-us/library/cc753531.aspx

AD RMS provides you with the ability to control licensing, opening, printing, etc. of documents. This will provide you with the audit trail you migh tneed.

Of course, you can still photograph every screen while scrolling through the pages, so it's essentially worthless in practice, but it might satisfy your customers demands for proper paperworks.

Yep, implementing AD RMS will be a heck a lot of work, and you'll surely need to adjust your internal processes in order to incorporate AD RMS.

What you're planning on doing is DRM: Which is, as all Slashdot readers know, impossible with a properly determined person. And in your case (industrial espionage), there are better people working on it than a few hackers that try cracking Blue-Ray in their spare time.

Re:Active Directory Rights Management Services

[morgan_greywolf]

Can this solution be used without an Active Directory environment?

No. AD RMS, as the name implies, requires an Active Directory implementation. Microsoft is all about doing it one way -- The Microsoft Way. You obviously require re-education. Quick. Send in the consultants!

Re:Active Directory Rights Management Services

[bwcbwc]

The problem is: How can you prevent users with job responsibilities that require them to have access to the data for client A from sharing that (directly or indirectly) with client B. There really isn't a good way to do this, since in the worst case, the user can manually copy the material onto paper or take a picture with their cellphone.

Your best approach is a group of mitigation procedures that make it difficult for information to be intercepted between you and client A, and at least provide audit trail capability for users accessing confidential information.

The bad news is that you probably have no way to win client A's trust back. They've already made the accusation, and since you didn't have any pre-existing mechanism in place to monitor and prevent, you can't investigate their claims effectively. Also, if it turns out that employees of your company shared this information as a short-cut for supporting client B, you're really screwed in terms of legal responsibility and employee ethics. You'd have to fire both the source and the recipient in the data share, just for starters.

For the future: keep confidential documents in an encrypted content-management repository with user access and rights controls that can support segregation of groups, projects and so on. Have all your clients encrypt their data with your company's public key so that there is no MITM risk for items they are sending to you over the net (or Fedex for that matter). Institute a training program that emphasizes the segregation of projects for different clients (especially competitors) unless you are developing a project that is explicitly designed and marketed as a shared or commercial offering. And institute a security policy for your employees and contractors that identifies penalties including termination of employment, civil and criminal liability if data confidentiality policies are violated. You should probably also have a project "non-compete" clause where one person cannot work on projects for competing customers within 6 months of each other (or whatever timeframe is reasonable).

You may also want to look at the physical security of your facilities. If your people are leaving confidential documents in unlocked cabinets or leaving their PCs logged in, anyone with access to the office area (visitors, delivery people, cleaning service) could have taken the information.

With a cabinet

[AdamInParadise]

I keep my sensitive documents in a locked cabinet. Never had an issue with a document opening itself in a foreign country.

Watermarks

[The+New+Andy]

Watermark stuff where it is useful so you can see where copies of stuff have come from. Don't bother trying to track things you can't actually track (file viewing, opening, printing, etc).

The watermark doesn't even have to be high tech, it can just be a guid inserted at some point in the document, with a company policy that says when you can remove it (never?), when you should change it (when it crosses a boundary, like a departmental boundary) and how records should be kept (e.g. a central database of which event caused the creation of a new guid).

Re:Document control

[Kneo24]

You have completely missed the point of Ask Slashdot. It's just not about doing a 5 minute search and randomly choosing one. The reason people ask this group questions like this is because they want more detailed information from people who have hopefully had hands on experience doing these things. What worked? What didn't? Why did it, or did not work? How was implemented? You may not be able to find that kind of information easily even if you know what to search for. And once you have that information, there are other people to give their insights on what that persons stories. It has the potential to be one big chain of helpfulness.

Sure, it's a cheap and lazy way of getting someone else to do some of your work for you, but it's not generally a bad thing. I know if I was completely clueless about some tech related problem, I'd probably ask here. Wouldn't you?

You can't

[markdavis]

That is the simple answer.

If you want to give something to someone, you can't control what they do with it. That is like saying "I want to give this hammer to a friend, but I want to prevent them from loaning it to someone else, or using it to smash computers with."

If you don't trust the person that you give something, then the chain of trust is broken. Everything we do is based on trust. I trust if I give you an emergency key to my house that you won't rob me. I trust that when I accept cash from you to pay for a service that it isn't counterfeit. I trust when you sign a contract with me, you will live up to your duties in the contract. I trust when you babysit my children you won't rape them. You pretty much asked for exactly what the whole point (and failure) of DRM is all about- trying to FORCE *everyone* to trust and comply with your wishes. You can't. Welcome to humanity.

Impossible

[1u3hr]

find a solution that doesn't prevent someone in Omaha from opening a document for legitimate use and is not a solution that can easily be disabled or hacked around.

No, you can't. If you want people to be able to read it, they can copy it. You can make it more cumbersome but nothing can prevent screenshots. You can waste a lot of time and money, but the best you will achieve is being able to say "we tried". Because you cannot succeed. You can't distribute a document and at the same time expect it to remain secret.

What's the real problem here?

[buss_error]

OK, you've gone for a tech solution to a problem before really asking what the problem here is. So what's the real problem? Legal libility, of course. Your customer X is accusing you of sharing data with their competition Y.

Create an job to track sensitive documents. If you only have a few, then it would be additional duties for someone. If you have a lot, it's a new position. This job is to track who has legitimate access to sensitive documents. When customer X starts throwing allogations you've shared data with customer Y, everyone that has legitimate access to the data is required to sign an affidavit that they did not share the data with people not autorized to have the info. Now customer X has to PROVE that one of your employee's did indeed do so, and that their affidavit is a lie. MUCH harder to prove and a lot cheaper for your company to defend against.

Of course, that won't stop customer X from THINKING you did, and that may cost you that customer, but absent using a full up sensitive document control system like the government does, there's no real inexpensive solution I've found. I'd be interested to see if /. comes up with one though.

RMS wouldn't help out

[aronzak]

RMS wouldn't be very cooperative. You'd have to try and convince him to drop his aversion of proprietary software.

Other Options

EMC IRM (Formerly Authentica (yes, there is a typo in the summary))

Oracle IRM (Formerly SealedMedia)

Liquid Machines

Adobe LifeCycle Rights Management

Re:Google Apps?

[SuiteSisterMary]

Copy/paste is disabled? The ability to take local screen caps? The ability to make notes with a pen and paper?

For documents that really, truely need to be tracked, you use a canary trap. That is, each copy is slightly and uniquely different. Each copy is receipted by a specific person. If you find a copy in the wild, you can find a key phrase and track down who leaked it.

Not exactly

[DrYak]

DRM is snake oil

DRM is snake oil in the way it's used to protect media from copy.
Because at the same time DRM is supposed to enable one to show the content (and thus give the key to the individual holding a copy) and exactly at the same time its supposed to stop unlicensed copies (thus preventing the exact same person using the exact same keys to copy the exact same media in a different way).
It's snake oil, because in the classical cryptographic triangle - A(lice) sending a crypted message to B(ob) without C(harles) snooping it - DRM makes B and C the exact same person.
Hence the contradiction, and hence DRM is doomed to eternally fail to protect media, no matter how contrived means are applied to it.

Here the reader ask a completely different question :
he wants A to be in the headquater, B to be an employee in Omaha, and C is some person doing industrial spying in Russia or China.

Some people are supposed to have the cryptographic keys to the documents, other people aren't supposed to have the keys.

In that circumstance, cryptography might help...

(Well, that's assuming that the thieve is an external person. Of course if that was an inside job, we're back at a situation that movies are in. But then the company has a much bigger problem of trust toward its employee to tackle first).

MS claims to do something which seems to be essentially *exactly* what you want

Well, the real problem is at the beginning of the sentence :

MS do something which seems to be essentially *exactly* what you want

Given their long history in term of computer security, you can count on MS to completely botch their solution...