“Military grade encryption”, “world-class security”, and “ISO certified” are just some of the terms used by companies which sell online secure data rooms.
These virtual rooms are meant to protect sensitive information easily and securely, but document security takes more than such phrases.
Why Online Secure Data Rooms Are Not Safe
Ease of Use Is a Security Conundrum
When documents are viewed online, the mechanism comes with a price. Such online viewing and ease of use practically create holes in the document’s security. The more convenient the file share is, the more insecure it is.
If there is no security software installed on the client then there is very little in the way of document controls available to prevent document misuse.
This is because most security software integrates in some way with the Operating System (i.e. disabling certain features that allow your documents to be at risk from being copied and saved).
The Fundamental Flaw in Secure Data Rooms
A secure data room requires your unprotected file or document to be uploaded to a server for it to be viewed online. Now, this unprotected document needs a backup which may require some temporary files to be created.
This is also not fully encryption failure-proof and unprotected documents will have zero protection if the data room server is hacked.
The Flaws in the Security of Secure Viewing
Secure data rooms have certain steps for accessing the document viewer that are simply not secure. A few things stand out here:
Online Logins Are Never Completely Safe
The username-password-bound login process can easily be hacked. And, password theft completely bypasses this security and means the information can subsequently be shared with anyone else.
Reliance on Browser Technology Is Unsafe
Since secure data rooms do not require the users to install any software on their devices, they must access your document on a browser.
This system relies on browser technology, such as Java or JavaScript. Hackers can easily run scripts in the browser to record information and copy documents.
Risks of Screen Grabbing and Printing
As mentioned above, the users will view your document online. And, while JavaScript will enable you to prevent the use of the ‘printscreen’ key, users can still use third-party apps for screen grabbing.
Also, if you let users print your documents they can then easily print to file printers (such as PDF) rather than a physical printer so can end up with a copy of your document that has been stripped of all security.
Inconvenient for Users
The most important function of any document or PDF is to allow the owner or buyer thereof to read or access it easily. This means that the viewing should be convenient.
However, the biggest condition of viewing a document through an online data room is that the user cannot access or view the document offline. So, secure data rooms completely strip documents off of their unique selling proposition: convenience.
Why PDF DRM Security Is better
If you publish documents in PDF format and need a system for secure document sharing then a hosted PDF DRM solution is a much better choice.
Good User Experience
An installed Viewer (rather than a browser based one) gives document users the most fundamental selling point: convenience. So, users can access your document from anywhere and at any time, without requiring an internet connection.
Actual Security
Choose a PDF DRM Security solution that allows for legitimate watermarking that cannot be bypassed, along with protecting the document against any kind of screen grabbling apps. Make sure it also locks the PDF documents to registered devices only so they cannot be shared.
Strong Encryption
Make sure the PDF DRM software provides clear security credentials and military grade encryption.
A good PDF Digital Rights Management software, protects your confidential documents without you having to worry whether your documents will be compromised online.
It should enable you to lock document use to devices and specific locations so your documents cannot be readily abused.
So, secure data rooms should only be used if the information you want protecting is not important and has no real value.
Have you ever used secure data rooms and felt your documents were at risk? Do you have any questions? Please feel free to leave your comments below.