Safeguarding Documents Outside the Firewall

Is your information safe once it leaves your network?


One of the most exciting things about document-level security is the breadth of business applications it impacts. Product development, bank loans and contracts, legal proceedings, scientific research and customer service are just a few of the many processes benefiting from persistent security within documents.

For instance, Fluor Corporation, a Fortune 500 engineering and construction company, is looking to protect its most sensitive business documents from misuse, such as employees accidentally referencing outdated documents or ex-employees taking confidential best practice guides to their next jobs. Fluor is applying controls to documents that limit who can view materials and how long they are available.

With Adobe LiveCycle Policy Server software, Fluor can assign protections to project management manuals, best practice guides and other materials. The technology requires employees to authenticate themselves to view files, preventing unauthorized people from accessing confidential information. An added benefit of the authentication process is that employees are automatically prompted to download new documents if the versions they have are outdated.

Proactive Security Policies

In another example, a home equity lending group at one of the nation's leading banks is looking to safeguard the loan documents it shares with partners. Like many large lending institutions, the bank was experiencing higher costs and longer times to generate and deliver completed loan packets to title companies. Also challenging was meeting stricter government regulations for securing customer information.

To address the challenges, the bank deployed Adobe solutions to automatically generate and deliver loan packets with built-in security. Today, the company's loan officers can generate password-protected PDF files that only authorized title officers can open and print. They can also set controls on PDF documents so that loan packets expire instantly if new documents are issued.

The demand for document-level security is evident worldwide. An innovative district court in Italy (the Court of Cremona) is securing documents to help ensure conditions of parity between everyone involved in legal proceedings. The efforts are part of a cost-effective system called DIGIT that dramatically reduces the amount of paper used during proceedings.

The DIGIT system captures, manages, submits and archives all types of case documents and information in PDF. As soon as document sets arrive for preliminary hearings, they are scanned and converted to PDF files, in which access policies are assigned. Processed documents are made available online to authorized court clerks, judges, public ministers, and others, who can quickly and securely review case documents in PDF at any time.

Much-Needed Control over Information

Effective security means addressing the variety of ways that organizations and their partners and customers use documents. Limited security approaches focusing only on document storage or transport fail to acknowledge real threats to information as it moves across organizations and people. By building security into documents and making it independent of software applications that typically change from user to user, organizations are gaining much-needed control over who sees information, what is done with it, and where it goes next.

John Landwehr, CISSP, director of security solutions and strategy for Adobe Systems Inc., has held positions at NeXT Corporation, Apple Computer and Gemplus, and his experience includes application servers, smart cards, virtual private networks and digital signatures. He also has experience rolling out a large credit card project. Mr. Landwehr has presented testimony to the United States Congress on electronic commerce and security issues and is a member of the board of directors of the San Francisco Bay Area Chapter of Infragard.