For Cloud Security Design, Don’t Ignore DRM
January’s report from the Cloud Security Alliance, “Cloud Adoption Practices & Priorities Survey,” only confirmed what every other such survey has said for the past year or so:
- Most organizations are forging ahead with cloud adoption; and
- Most are still pretty worried about data security.
The paradox of full-speed-ahead deployment despite doubts about security suggests a fundamental faith, an abiding hope that by the time companies finish releasing their sensitive data into the cloud, the cloud security infrastructure will have caught up to protect it.
That faith is not entirely misplaced. Cloud security has come a long way, even just since 2013. The just-released draft from the Federal Risk and Authorization Program (FedRAMP), proposing baseline cloud security measures, is a major step toward a more uniform, tighter approach to cloud security.
Although it applies specifically to companies hoping to host government data, FedRAMP will no doubt serve as a roadmap for other companies’ cloud security architectures, and for security technology vendors who will exploit and refine the model.
The emergence of “zero knowledge” policies plugs a gaping security hole in some third-party cloud providers, who previously insisted on holding customers’ encryption keys themselves. And increased adoption of AES encryption not only at-rest but also in-transit is a much needed barrier to unauthorized entry.
Still, there’s no immediate end in sight to public reports of password compromises and other breaches in both corporate and third-party clouds. And a recent study by computer scientists at Johns Hopkins University found that even vendors touting zero-knowledge encryption can and do peek at customer files, exposing all of the data—possibly including the encryption keys—more than the zero-knowledge vendors admit, at least beyond the fine print.
Security is More Than a Yes/No Question
At Accusoft, we believe the persistence of this paradox arises out of binary attitudes about content security. Nearly all measures in force today are about either preventing or granting file access, about rigorously blocking unauthorized users while providing broad, unfettered file access to authorized persons.
This way of thinking ignores the simple truth that even among those who require access to certain content, some should have more or less access than others.
For example, you may want every authorized user to be able to download, print and copy text from a document. But often you’ll have classes of users who have a reasonable need, for example, to read a document, but no justification for printing it or saving it locally. Granting those users full print/save access needlessly increases content exposure to theft or misuse.
Who should be permitted to annotate or redact a document, and who should be allowed only to read, but not touch? When should reading and text copying be permitted, but not printing? And when a document requires a signature, how do you make digital signing available only to approvers while enabling others to read but preventing them from signing off?
Past the base yes/no authorization protections, read-only designation is all that most companies do, or can do, to restrict the use of content they want seen, but not edited. But read-only mode typically does nothing to prevent copying content from a document and pasting it elsewhere, or saving the document under a different name, then altering it and republishing it as authentic.
Read-only is yet another inflexible, binary solution that limits options for distributing content at multiple authorization tiers while still maintaining tight control over its use.
DRM Forms the Final Security Layer
Applied at the far end of the security continuum, configurable digital rights management (DRM) controls comprise the final bulwark in end-to-end cloud security. They enable companies to go beyond authorized/unauthorized to define multiple levels of content access and use that satisfy the individual needs of content consumers while enforcing tight, targeted, appropriate misuse preventions.
When cloud content is delivered through a secure channel with integrated viewing and DRM controls, there are even more content security benefits that accrue.
By design, an HTML5 viewer transmits a server-encrypted SVG image of a document to the user’s device, not a copy of the original file. Totally transparent to users, this approach enables content consumers to view a document and use it in other ways (within whatever DRM permissions have been configured for the user, group or file) without the actual, editable source file ever leaving the firewall or landing in the user’s hands, enabling content owners to protect data both at rest and in transit in encrypted mode.
HTML5 viewing thus not only greatly enhances content security, but also curbs the spread of viruses and other malware that could be used to open breaches.
As companies gain more experience with securing their clouds, we expect to see ever-greater adoption of HTML5 viewing with integrated DRM as the final, flexible hedge against unauthorized content use in the cloud.
Accusoft provides HTML5 document viewing, content and imaging solutions as client-server applications, mobile apps, cloud services and software development kits (SDKs). 813-875-7575, http://www.accusoft.com
Companies and Suppliers Mentioned