Majority of user-created files are spreadsheets, word-processed documents,
and presenta-tions. Significant amount of storage, bandwidth and desktop
resources are required to manage these files. Server-side security management is
much easier than desktop document security. End users with varying degree of
sensitivity to security aspects create, manage and share docu-ments using file
shares, emails, removable storage, and other mediums. To make matters worse,
users need to share documents with people outside the protected intranet
environ-ment.
Threats and Countermeasures
Threats to documents need to be tackled at various levels-business user
level measures, enterprise level measures, and trust management macro viruses.
Macro viruses are the most common type, affecting all desktop suites that
support macros. Malware protection software usually handles WM viruses quite
efficiently. However, Microsoft has gone a step further in strengthening the
security of Office documents. The new file formats of DOCX, PPTX and XLSX cannot
contain macros-whether useful or harmful. Converting all MS Office files to new
formats (using a batch conversion tool like OMPM) can instantly increase the
security level across the organization.
OpenOffice and other suites can save documents in MS Office format.
Therefore, they implicitly benefit from this protection.
Online productivity suites do not suffer from this drawback. However, they
are weaker in the confidentiality aspect of protection.
Online productivity suites typically store the document on hosted servers.
Many organizations are concerned with keeping confidential documents, research
and design documents, financial data, customer data and other types of sensitive
information in the cloud.
All desktop productivity suites offer digital signature based encryption.
However, the exact implementation of the digital signature differs widely. For
example, in the recently held Black Hat security conference, technical experts
expressed their views on OpenOffice security implementation by saying that 'OO3
plain documents are very powerful malware vectors' and that 'OO3 digital
signatures provide only an illusion of security'.
Beyond Digital Signatures
Traditionally, the most secure way of protecting against pilferage has been
physically printing and signing each document. Microsoft has implemented an
interesting mix of traditional signatures in combination with digital
signatures. This feature is not commonly known, but is very useful in practice.
To use the signature, you need a valid certificate. You can also add a
scanned version of your regular signature. Once the document is signed, it is
marked as 'final'. Now any changes to it will invalidate the digital signature
and show a warning.
Preventing Misuse
Confidential documents like research data, product designs, and sensitive
customer data require to be shared internally with key employees. We use
file-based passwords to prevent unwanted persons to view and misuse such
documents. However, what if one of these trusted personnel forwards a copy to
competitors or other interested parties?
Most desktop productivity suites do not have any protection against this
threat. Microsoft has been offering this feature for at least six years. The
feature is Information Rights Management (IRM). It uses a rights management
server to identify the intended users of a particular document.
IRM protected documents are usually read-only. Further, the users cannot
copy, print, forward or email such documents. Even print-screen key does not
work.
Apart from confidential and sensitive documents, IRM also maintains
inter-departmental confiden-tiality of information.
Privacy Protection
This is one of the most ignored areas. Before you finalize, publish, or send
a document outside the organization, it is necessary to remove privacy related
information.
This could mean removing many things, such as-document properties, user
names, track changes, slide notes, spreadsheet history, hidden objects or text,
comments, etc. It is a long list. Removing so many things from each document is
a lengthy process. Therefore, we skip it very often!
It is strongly recommend to remove unwanted and privacy related information
should be a mandatory part of security and compliance policy. Business users
must be educated about the importance of this procedure. It is an operational
risk that often remains unaddressed. Most productivity suites expect users to
remove such information manually.
Microsoft Office 2007 does offer an effective solution to this problem. Its
Document Inspector feature checks documents before sending / publishing them for
external consumption. It checks all problematic items and allows you to remove
them in a few clicks.
Enterprise Level
Many security settings are complex and require technical knowledge to handle
them correctly. Security hardening always leads to some user level
inconvenience. Hence, it is important to strike a balance between desired level
of security and ease-of-use. This activity becomes even more complex if you have
to configure settings differently, depending upon the role or job function of
the users. For example, in a bank, the top management laptop probably needs to
be most secure, whereas the PC used by a data entry operator needs a lower level
of hardening.
The only practical way of implementing such customization is to implement
policy-based security management. Group Policy based upon Active Directory is
the most powerful and flexible option available.
Desktop tools such as MS Office and OpenOffice (with third-party extensions
loaded) offer policy based administration of document security. Microsoft not
only provides over 1,400 settings to manage security hardening of all Office
products, but it also offers pre-defined templates for standard desktop
hardening and a highly secure edition suited for extremely sensitive companies
or government departments like defense.
OpenOffice provides some third-party templates, but the granularity with
which you can deploy these policies is limited. Microsoft provides extensive,
often updated guidance, for managing security of desktop documents across the
organization.
Security Best Practices
All this discussion is incomplete without handling the primary weak link-the
business user. Due to lack of knowledge and awareness about the prevailing
threats, common actions of business users can breach confidentiality, privacy
and security, quite easily and quite often as well.
Here is a practical list of what business users must know and do to improve
document security. This is definitely not a complete list. But it can be a good
start. Only Microsoft Office related best practices are listen because these
form more than 90 percent of all user created documents worldwide. Other suites
may have implemented some of these features. However, a detailed comparison is
out of scope of this article:
- Always run Document Inspector before finalizing and publishing (or
sending) any document. Always save documents in the new formats (DOCX, XLSX,
PPTX). This is applicable even if you are using OpenOffice. - If one is going to copy some presentation on another PC, always use the
'File-Prepare-Package for CD option. Apply strong document password and
conduct a Document Inspector check. - For sensitive documents and emails, use digital signatures and signature
line to prevent/detect tampering.
IT Action Points
Consider whether you need to increase the priority desktop document related
security, confidentiality and privacy protection in your current security
policy. Convert all documents to macro virus free format if possible Download
and read Office 2007 security guide. This will help you understand common
threats and countermeasures.
Consider how to utilize the policy based administration and security features
for desktop security hardening as well as productivity improvements.
Dr Nitin Paranjape
(The author is CEO, MaxOffice )
(Source: DQ)