Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Data Management

Define your data for better document security

Define your data for better document security White Paper
Define your data for better document security
Without document classification in play, it’s impossible to know what
to protect.
Table of contents
1:Sensitive documents in
a mobile world
2:Take control of content
2:Explore controls within
documents
3:Conclusion
In the previous white paper, “A delicate balance: The competing needs of IT and users in a mobile world,” we
discussed the expectations of a highly mobile workforce with regards to documents. Mobile and cloud
environments can bring risks ranging from corporate liabilities to enterprise security. Personal devices, along
with the rapid growth of file share and sync accounts, have invaded many workplaces as employees use them
to transmit and store sensitive company documents. And now, employees aren’t just securely accessing
corporate content via mobile devices—they’re also handling new content created on those mobile devices.
But the mobile ecosystem also makes workers infinitely more productive, which is one reason that it won’t go
away. This white paper explores the question: How can IT govern and protect content in such ad hoc and
semi-structured environments?
This is the second paper
in a three-part series
that explores how IT can
enable mobile employees
to work productively
with documents without
sacrificing IT’s needs.
Part I: A delicate
balance: The competing
needs of IT and users in a
mobile world
Part II: Define your data
for better document
security
Part III: How hybrid IT
can support enterprise
mobility
Sensitive documents in a mobile world
As organizations support enterprise mobility, protecting electronic documents that contain sensitive
information is a challenge with potentially dire consequences. A security incident is expensive, not only from a
financial perspective, but also in the loss of customer trust. A recent survey by PWC found that 28.6% of
respondents claimed their company suffered financial losses due to a security incident.
In terms of documents, many information security solutions attempt to protect electronic content only at its
storage location or during transmission. But these solutions do not provide protection for the entire lifecycle of
an electronic document.
While concerns around accessing corporate information in mobile and cloud environments do not likely apply to
all your employees, many organizations have certain worker populations that push boundaries because they:
• Work with multiple devices and want to sync files across those devices
• Use multiple apps to accomplish work on mobile devices (beyond email or calendar)
• Travel frequently
• Participate in BYOD programs, where supported
These employees are not well served by an IT model that assumes that all employees are behind the corporate
firewall, on the same LAN, using the same type of device. You need a model that works in the real world—
supporting mobile workers but also protecting files outside the firewall.
Take control of content
Data classification is an often-overlooked yet critical component of document security and control. Without
document classification, it’s impossible to know which documents need protection.
The following table below provides a sample data classification schema for stored and transmitted electronic
information. The categories are intentionally simple to increase the ease of use and thus the likelihood
of compliance.
Data classification
Definition
Examples
Public
Information that is publicly available to any
individual without any implications for the
organization.
Information on the public website,
advertisements, press releases
Internal
Information that is available to all regular
employees and temporary employees but not
for public release.
Internal employee directory data, some
company news
Confidential
Information that is available to a limited set of
employees and contractors on a need-to-know
basis, as defined by the employee’s role.
Memos, plans, strategy documents, contracts,
client data
Private
High-value information. Unauthorized access to
data in this class would entail substantial
business or regulatory risks. Information in this
class is available to a limited set of employees
and potentially other specialized workers.
Personnel data, internal financial reports,
confidential customer data, mergers and
acquisitions information, nondisclosure
agreements, business plans, insider
information, regulatory information
While it’s obvious that you must be selective about the types of business data allowed on mobile devices or
transferred to the cloud, it’s difficult to know where to start. Classifying electronic information provides a
framework by organizing data by its sensitivity and focusing resources on the most vulnerable content first.
After your organization has categorized content, the next step is to set required protection levels for each
category. For example, decide which documents could reasonably be stored in a public cloud. Any data
considered too high value to live there should not be made readily available on mobile devices without careful
scrutiny. Cloud storage is not the only factor to consider. As we mentioned in the previous white paper,
employees often want the ability to view documents offline on a mobile device. However, if the device is
stolen, the documents are lost along with it.
Further, piloting governance programs with the employees most likely to leverage mobile document solutions
can also provide a useful starting point toward a better document security program for your organization.
Explore controls within documents
It’s difficult to protect documents once they are shared outside the document management system or firewall.
However, software document security features can help mitigate that risk by ensuring that no matter where a
document goes, the chosen level of security goes with it. Examples include:
Encryption. Anytime you create and share a digital document containing intellectual property, confidential
information, or other sensitive content, you must protect it to prevent misuse or abuse. Permissions govern
what a user can do with a protected document. For example, password permissions can specify whether a
recipient who has access to the document is allowed to open, print, or modify through copying, editing, filling
in fields, adding comments, inserting or removing pages, or digitally signing the document.
Redaction. This feature provides a set of tools that enable you to select confidential text or illustrations, such
as customer names, account numbers, and addresses, in your PDF document and permanently remove it from
the file. It can also search and redact based on common patterns, such a phone numbers, credit card numbers,
and email addresses. The removed information is replaced with black boxes, showing exactly where the
information was originally located. It’s just as simple as using a thick black marker to obscure content on a
printed page, but it’s more secure because the sensitive information is completely deleted from the file, not
just hidden.
Define your data for better document security White Paper
2
Redaction is a vitally important capability for governments, businesses, and organizations of all types and sizes.
It minimizes the likelihood of accidentally including confidential information in publically distributed
documents and mitigates the risk of any legal consequences that could follow as a result.
Sanitization. Similar to redaction, sanitization focuses on hidden information, including text, metadata,
annotations, attachments, layers, and bookmarks, within a document. For regulatory compliance as well as
protection of privacy and intellectual property, you need to be confident that hidden information is removed
from documents before you distribute them.
Certificate or digital signatures. Many business transactions, including financial, legal, and other regulated
transactions, require high assurance when signing documents. To serve this requirement, many businesses
choose to set up their own certificate-based signature infrastructure using third-party certificate authorities to
independently validate the identity of participants. Examples include pharmaceutical companies that use
signatures that comply with the SAFE (Signatures & Authentication For Everyone) BioPharma industry
standard, or companies in the European Union that must comply with the ETSI PAdES standard (PDF Advanced
Electronic Signatures).
After you have established a certificate-based digital ID, you can use it to sign files. Certificate signatures—also
known as digital signatures—can be used to support business processes that require validation of signer
identity, validation of document authenticity, timestamped documents with a third-party timestamp server,
certification of a document with a visible or hidden author’s signature, or embedded certificate data for
long-term validation. You can create your own certificate-based digital ID, although business processes that
require high trust typically deploy digital IDs issued by third-party certificate authorities.
Consider whether these features can be applied to some documents within your data classification schema.
Conclusion
The ability to access, view, and annotate a file on any device is revolutionary. This capability liberates
employees from getting work done only at specific geographic locations or with a limited set of devices. But at
the same time, this technology accelerates the need for better corporate data protection programs.
Data classification can help identify what is most important to protect and then drive decisions toward a
consistent and structured approach to protecting documents. Further, exploring options to protect the
documents themselves can help mitigate the risk of a security incident.
As of now, all the technology elements needed to support mobile worker needs around documents exist, but
bringing them together in a cohesive whole remains an issue. That’s why employees are cobbling together
solutions that do not meet enterprise-level security.
Nevertheless, there remains a major gap in the market for applications designed to support and exploit the
current reality: a combination of on- and off-premises environments. In our third white paper, “How hybrid IT
can support enterprise mobility,” we will share our vision for mobile applications and SaaS solutions that
integrate with established desktop applications, yet are lightweight and ready for hybrid on-premises and
cloud environments.
Adobe Systems Incorporated
345 Park Avenue
San Jose, CA 95110-2704
USA
www.adobe.com
Adobe and the Adobe logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. Microsoft and Windows
are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Java is a trademark or registered trademark of Sun
Microsystems, Inc. in the United States and other countries. All other trademarks are the property of their respective owners.
© 2013 Adobe Systems Incorporated. All rights reserved. Printed in the USA.
7/13
3
Related documents
Document
Document
Convenient Download, 1.4MB
Convenient Download, 1.4MB
gauge cloud
gauge cloud
Adobe Creative Cloud
Adobe Creative Cloud
Instructional Design Specialist.doc
Instructional Design Specialist.doc
Slide - People
Slide - People
Redaction of Confidential Information in a Document
Redaction of Confidential Information in a Document
Redaction considerations
Redaction considerations
Screen Capture for Sensitive Systems
Screen Capture for Sensitive Systems
Download