Are safe data rooms secure enough to share your sensitive data?

Data room security & secure document sharing.

Many companies look to online data rooms or virtual data rooms for securing documents with third parties.  But are they as secure as they appear?  If you are looking to share documents securely in the cloud then be careful what you are buying.

  What is a safe data room?

A secure data room, or safe data room, is a cloud hosted document sharing system that provides some limited controls over how documents can be accessed and used online.

Document publishers upload PDF files and Office documents to a secure data room system where they are made available to users via a link – this may be a link to an individual file or a data room (a group of documents).

Security controls that can be applied are usually a watermark, an expiry date, and whether documents can be downloaded and printed.

Examples of secure data room solutions include systems such as Digify and DocSend, but there are hundreds available with some offering more security than others.

  Data rooms are not as secure as you may think they are

So you think your documents are safe in a secure data room?  Companies that offer these services state that they ‘enable enterprises and outside collaborators to come together and share sensitive information easily and securely’.  Well easily might be true, but securely is another matter.

Many companies quote high security credentials or use terms such as ‘world-class security’ (whatever that means?), telling you that your data is stored on high security servers and encrypted with military grade encryption, that their systems are ISO certified, compliant with various standards, and there are multiple back-up systems protecting your data.  Well that certainly sounds secure, but it is really marketing hype that masks the real security issue.  Your documents being hacked or stolen from a server is the last of your worries if the document security system in place has major pitfalls.  There are many issues with secure data rooms including usablity.

So what is it they are not telling you about just how secure your documents really are?

  The not so “safe” secure data rooms

The ability to share documents securely online with total ease of use is a security conundrum.  The easier things seem to be the greater the actual weaknesses.

  What happens to documents after you upload them to the data room?

Firstly, to have your documents made available in a secure data room for viewing online, you must upload your unprotected files to a server.  What happens to those unprotected documents – are they backed up anywhere, are temp files created, and what happens if the encryption process fails?  These are all areas of concern because if a data room server is hacked it might just be that your unprotected documents will be too.

  Loopholes in the ‘security’ of a secure data room

In order for users to view your secure documents they must navigate with their browser to a URL and login to a portal (or alternatively click on a link to a specific document).  Users have to be online to download a document (they can later be viewed offline) and enter a username and password each time to access the system.  Below we examine the failures of this approach.

1. The login process
   A login process that relies on entering a username and password as a method of protecting documents is a not a great method as a basis for document security.  If I have a username and password to login to a system there is nothing stopping me sharing this information with someone else.  They can then log in to view any secure documents I am authorized to view.  There is nothing you can do to prevent this because credentials are not locked to a device – they can be used on any device that has a browser installed.  So although a username/password login process may be convenient for the user (assuming they don’t mind remembering yet more login details), it is not advisable as an entry point for a document security system.
2. Locking documents to locations
   Some secure data room systems say they can lock documents to a specific location.  However, users can circumvent this by using a browser proxy.  On the other hand, with installed viewers, you can lock documents to specific devices – this makes it much more difficult for users to share secure documents (especially over the Internet) because they have to share the physical device.  Documents locked to devices can be additionally locked to country and IP locations to further enhance security and prevent document leakage.
3. Zero installation = less secure
   Since secure data rooms don’t require users to install any software to view secure documents, there is nothing installed on the client device to control the operating system environment or to provide a secure environment (i.e. a controlled viewer) for a document to load in.  This is where the problem begins.  No software installed on the device means the system has to rely on browser technology such as Java and JavaScript and the obfuscation of this code to try and hide it from the user.  Either the PDF content has to be decrypted on the server, or the password sent with the PDF document to decrypt it – either way, this ensures a less secure environment that can be exploited by a hacker.
4. JavaScript Security risks
   Many companies don’t allow Java/JavaScript technology to run in the browser due to high security risks – previous exploits of this technology have enabled hackers to run scripts in the browser to record information and take over a user’s computer.  For an example of how weak JavaScript-based browser controls are, see how easy it is to bypass Google Docs controls.  Adobe even recommends that you disable JavaScript in Adobe Reader due to the fact that it is deemed unsafe and is a known security risk – see PDF Security Issues.  And if companies block Java/JavaScript then your documents won’t load.
5. Stopping screen grabbing
   You can’t stop screen grabbing if there is no software installed on the device.  The best you can do with Javascript is to prevent the use of certain keys (such as printscreen), but this does not prevent users using third party screen grabber applications to take screenshots of your secure documents.
6. Printing to PDF, XPS and other file formats
   If you allow printing then users can print your secure documents directly to PDF and other file formats.  This is because the browser environment has no control over the printer driver.  The safest option is therefore to not allow users to print documents in a secure data room system but this may not be a convenient option.  And whilst you can watermark printed documents with user credentials, some file formats may not support these.
7. Browser security
   Browser based viewers are easy to manipulate with script injections, in-line script editing, and browser plugins which can remove the security controls.

   Just as many companies have produced alternatives to the Adobe Acrobat PDF Reader, companies can also produce their own browsers which users can use to view your secure documents.  These browsers however may not obey the DRM controls you have applied because there is no reason for them to.  This is a current issue for Adobe Acrobat which is based on an honour system rather than a security based one when allowing DRM and other plugins to interact with its system.

8. Offline use
   Having users always online (i.e. connected to the Internet) is great for document revocation – you can revoke users and documents instantly.  It may not be so great however for users – if a user needs to view your secure documents when travelling, what then?

   Most secure data room systems therefore let you choose whether you want to let users download documents or not.  However those documents have NO protection applied to them (so no expiry, print controls, tracking, etc.).  And watermarks in downloaded PDF files can be easily removed.

  Is it possible to maintain usability while ensuring security?

When using secure deal rooms, data rooms to host your documents you need to consider how confidential your documents are and what risks you are willing to live with.

Web browser viewers are easy for users to use because they don’t have to install any software.  But they do have to login each time to view your protected documents and remember yet another set of credentials.

Installed viewers on the other hand only require the user to install the software once and then click on a link to register.  Documents are then transparently opened in the viewer if the user has been granted access.

An installed Viewer is the most secure option for secure document sharing.

Locklizard have implemented a full range of secure viewers (Secure document Viewers – which are best), allowing the best overall security solution to be matched to document requirements.  This is a step forward to allowing publishers to develop more thorough security profiles to match document sensitivity – you can create a properly secure data room while also enabling users to view documents both online and offline with full security.

If you want to further explore what document security issues you need to think about for secure document sharing then see PDF DRM Security – 10 things you should know.

   FAQs

Is SharePoint a secure alternative to safe data rooms?

No.  You cannot share a SharePoint site with external users securely.  Users have numerous routes to share files with unauthorized parties and can edit, copy and paste from, and print downloaded documents.  You must protect your SharePoint files with a DRM solution before you upload them if you want to maintain security.

Can I create a data room in Google Drive?

Marketplace extensions for Google Drive such as OrangeBox let you add a data room-like interface to your Google Drive and claim to enable secure external document sharing.  However, a quick look at this service reveals major flaws:

• you can only disable downloading on small files (PDFs and office files <50 MB, Google Docs <15 MB).  Downloaded copies have no security controls and can be edited, copied, and shared at will.
• the “device limit”, which allows users to limit access to a single device, is enforced through browser cookies.  However, browser cookies are not a good way to limit access because they can be shared between devices.  Additionally, there is no attempt to limit the number of devices for downloaded documents and any external user that clears their cookies will lose access to all of their documents.
• expiry does not apply to downloaded files.
• device limits and expiry do not apply to accounts, which means a user can just create an account and then share the details with others to grant access.
• the “secure viewing” preview for non-downloadable files just presents the document as a series of images.  These can be easily screenshotted or downloaded and printed using the browser’s developer mode.

In other words, these types of solutions are just as useless or even less secure than regular data rooms and Google Drive security.

Is secure data room pricing reasonable?

No. Data rooms can cost anywhere between $100-$3000 per month.  Many secure data room solutions charge per page or per user, which means they end up costing more the more your business scales.  This is a lot to pay for a solution with so many security loopholes, particularly when compared to Locklizard.