Looking for a document security solution that supports document sharing can be confusing, especially with all the marketing gimmicks out there. You will see companies claim their solutions are the best in their field with vocabulary like “military-grade encryption” and it is easy to be awed by such words. But, in the case of “secure data rooms,” you will find that all the marketing hype is just that: hype. In reality, data rooms provide the security they say they do, but the secret is in what they do not say.
Below, we look at some of the security mishaps that make data rooms not as secure as marketers wouldhave you believe.
At the very beginning of the security process, there is a flaw that may prove fatal to your security measures. You have to upload each file you want to protect and share it to a server in its original unprotected format. No one knows what happens to this copy, including whether the data room makes a backup before encrypting the file. Also, given that technology sometimes fails, there is a chance that the encryption process may not be completed. How are such situations handled? Also, if a hacker accessed a data room which had insecure backups, what would happen?
Username and Password Login
Using passwords is probably worse than having no security at all as it gives you a false sense of safety. Itmeans issuing security credentials to anyone who needs to see the documents. But, the people who receive these credentials are sometimes easily corruptible, careless or simply do not care about the security of your documents as much as you do. It is thus possible that they may willingly give away their credentials or have their login details stolen.
Once that has happened, there is no way to ascertain whether your authorized viewers opened your documents or whether it was someone else. Also, most data rooms have no way of monitoring who is viewing documents and when they are doing so. It thus makes it possible for an indefinite number of viewers to view a single document.
The Browser Environment
Printer Control or Lack Thereof
A DRM application installed as a Viewer on the user’s computer controls print drivers, while a data room does not have the same control because it has no control over the Operating System (only limited control over the browser). So, while the former can control which devices to print to, the latter has no such control. This means that users of data rooms can print a document to file if you allow them to print the document. The result is an insecure PDF version of your file which can easily be uploaded to a torrent site.
Third-Party Screen Grabbing Apps
Locking the Use of Documents to Specific Locations
Data room service providers have certainly tried to secure the use of documents to specific venues or geographical areas. However, they rely on information about the user’s location given by the user’s browser. At the moment, users can comfortably change their current whereabouts in their browsers. All they would need is to download a browser proxy. The browser will then relay the incorrect information to the data room and give the users access to documents in areas where they should not have any.
A data room security solution will give you a false sense of security for your documents. That may just cost you dearly. So, make the choice not to bury your head in the sand and look for a more worthwhile solution in the form of a document DRM security system that does not force users to use a browser to access protected documents.