Document Security Requires a New Approach

By Steven Li
document-cyber
October 5, 2017

In today’s connected, always-on digital world, information security is one of our most vexing and constantly evolving problems.  Business and public sector leaders face serious challenges in protecting sensitive data and systems that, if breached, compromise customers, partners and other stakeholders—and seriously harm an organization’s ability to do business. 

 

While security challenges like massive data breaches, global virus attacks, ransomware and IoT vulnerabilities may be grabbing headlines in today’s threat discussions, malicious hackers and other cybercriminals are not the only culprits when it comes to security leaks.  And corporate and cloud data centers and end devices are not the only data repositories under siege.

 

Today’s security breaches very often come from within: from employees, business partners and customers who accidently or intentionally expose sensitive information.  And the “device” in which this confidential information resides is none other than the ubiquitous data container known as the document.

 

In an age of information firewalls, intrusion detection, network access control, authentication and other security fortifications, the simple document is increasingly a critical area of security vulnerability for everything from employee, customer and financial data, to trade secrets, intellectual property, confidential business agreements, legal records and more.

 

What’s needed is a whole new approach to document security that can address some of the inherent vulnerabilities of documents in the digital age.

 

Before we looked at a new approach, consider just a few insights from a recent survey conducted by the Business Performance Innovation (BPI) Network and sponsored by Foxit Software:

 

  • The vast majority of organizations routinely develop documents containing confidential information (three-quarters do so on at least a weekly basis).
  • Sixty-two percent of respondents either don’t have or don’t know of any effective document security tools used in their organization.
  • Forty-four percent either don’t have or don’t know of any effective document security policies in their organization.
  • Survey respondents say the biggest security concern for documents, by far, is the accidental release of confidential information.
  • In fact, six in 10 respondents say they or someone they work with has accidentally sent a sensitive document to the wrong party.
  • Release of sensitive documents can have costly repercussions – from lawsuits, reputational damage and competitive risks, to financial losses, lost productivity and employee dismissals.

 

The age of ubiquitous connectivity and proliferating mobile devices is making it easier than ever for risky information to be leaked. The simple click of an email send-button can launch a highly sensitive document to places it was never intended to go.  In fact, some 89 percent of our survey respondents say these factors have increased their level of concern about document security.

 

Thus far, connectivity has only served to increase document security vulnerabilities. It’s time to turn the tables. Documents need to become part of the Connected Age.

 

 The digital document should be updated in ways that makes it more trackable, controllable and secure. Specifically, by embedding documents with an identity and connecting them in the cloud, businesses and government agencies can gain much more control over their documents and confidential data sometimes contained in them – even after even after a document leaves the premises.

 

A truly connected document can be remotely recalled, erased or redacted in all of its connected instances after it’s sent.  Think about it: A document containing confidential trade secrets is accidentally sent to a competitor via email.  With a connected document, a company, recognizing its mistake, could quickly disable the document as long as it is online somewhere.

 

Or say a document is widely in circulation and it’s discovered that the information contained therein is incorrect or damaging to the company.  The originator of that document could correct the mistake in every online instance of the document anywhere in the world.

 

Today, the preferred format for documents is the PDF. It’s a technology that was developed before the Internet became ubiquitous. It was not created for a connected world. Updating that technology to achieve a more secure and controllable document for the Internet Age is essential to overcoming one of today’s biggest security vulnerabilities.

KEYWORDS: data breach data loss prevention insider threats intellectual property security
Steven Li is CTO, Foxit Software, Inc.

Blog Topics

Security Blog

On the Track of OSAC

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!