The Secret to Making Cloud Document Sharing More Secure
Cloud document sharing can be used to grant people outside your organization access to your various files easily. On face value, using this method of sharing documents is quite convenient. You upload a document to the cloud and it is encrypted. You then share the login credentials with any number of authorized users and those users can subsequently access your files at any time.
However, on the security side, cloud servers are a bit wanting. To allow you to share the credentials easily, they are usually a username along with a personal password or the user’s email address. This results in multiple and even simultaneous logins to view the same document. Some cloud sharing platforms even allow users to download or print files. In addition, there is the security issue of the original uploaded file being unencrypted.
The above are a few security holes that can be addressed. Below, we discuss how as well as the pitfalls that you cannot address.
Some of the cloud platforms allow you to encrypt your documents before uploading them. In this way, there is no unprotected version of your document outside of your control.
Also, strictly speaking, there is nothing you can do about the “login credentials” since the system requires them to work. However, you can make them slightly more secure when they are shared. So, you can restrict access to a country or a range of IP addresses. Doing so limits the area in which users can open your file. For example, if you designate a range of IP addresses, then the users must use those same IPs to access your file. If they use another IP address, they will remain locked out. The same applies to setting the country range. If the user moves to an unauthorized country, he or she will be locked out.
Another upgrade available to cloud sharing platforms is restricting the number of simultaneous logins by the same credentials. Of course, this is at the discretion of the administrator; for a single organization, multiple concurrent logins may need to be allowed. Nevertheless, if it is for specific individuals, you can restrict the credentials to one so that no more than one user can access the document at any one time.
Also, with traditional cloud services, once a document is uploaded, it will forever be available. Nonetheless, some of the services that incorporate DRM like Locklizard allow you to revoke access to a document for some or all users. This gives a semblance of control and security, even after you have shared the document. Other options include revoking access for specific users and denying access to all documents. These measures are sometimes necessary since you can never take content security too seriously.
Since users are still going to be using web browsers to access your files, there are some security issues for which you can do nothing. This is because there is no software installed on the client you cannot control operating system functions. These include the following:
- Screen grabbing – this can be used to make unprotected document copies by saving individual pages as images.
- If printing is allowed, users can print to file drivers (such as a PDF driver) which results in unprotected file versions being made available.
- You cannot lock documents to devices, so users can access protected documents from any device that can run a browser.
Looking at it objectively, you will realize that cloud services can never be completely secure. Yet, these services may still be convenient for some situations. So, if you must use these services, it is better to take extra precautions and ensure that you at least pull out all the stops for secure storage and sharing. The information above may be of help in this regard.
If you want to share documents more securely then you need users to install software on devices so you have control over operating system functionality and can lock documents to individual authorized devices. By using the installed software to view protected documents, users will also be able to view documents offline and documents will load faster in a dedicated viewer compared to using a browser. While plugins to existing applications such as Adobe Acrobat may seem at first convenient, they require admin rights to install, can be bypassed by other plugins, and often fail to work when the native application is updated.
So document security and secure file sharing is all about balancing security with usability. You need to ensure you know how exposed your documents are by using different document security systems.