If you’re already using robust DRM controls in your organization, you must be wondering what the different options for viewing those protected documents are.
Many custom control DRM systems claim to be able to apply DRM controls to just about any file type. However, it’s important to really check out what access and viewing options these systems offer as well as what functionalities accompany the protected files.
Most often, the methods outlined below only provide viewing options and restrict editing options.
1. Emulating the Original File Type Application
One way of viewing DRM-protected documents is to produce several custom viewing applications that emulate the features and functionalities of the original application at the recipient end. For example, viewing a .docx or .xlx file with the full range of functionalities available on Microsoft Word or Microsoft Excel, respectively.
However, there are marked disadvantages to this. First, emulating the functionalities of a proprietary and widely used application can be expensive and time-consuming.
Second, when an “enveloped” file (rather than a file that has integrated document security) is released into its native application, a lot of code conflicts can occur when you’re trying to restrict certain actions, such as copying or saving the content in the protected documents. This event provides an excellent opportunity to unauthorized users who are actively hunting for vulnerabilities in a document. So, attackers can actually pinpoint what aspects to aim for which eventually ends up compromising the document’s security.
2. Adding a Security Add-on
A common solution that many DRM systems provide for protecting or viewing a document is by adding a plugin or add-on in to the application. However, neither protection nor viewing is foolproof if you use this method. Also, DRM systems that propose such add-ons are often unable to keep up with the system updates of the original application which leads to undesired consequences such as users not being able to access their documents or failures in the security system.
So, this option is, in fact, one of the worst for viewing a protected document. This is because you’re actively compromising the security of the application and annoying your end users when the original application updates or breaks the plugin.
Also, the main application provides such third-party plugin makers the access which practically allows potential attackers to switch to a mode that lets them view the code they’re trying to crack. (Yes, they can attack the code that outlines the edit, save or copy access which the plugin is trying to restrict.)
3. Preferred Method: Create Meta-Forms of a Document
The most preferred viewing option for protected documents is to convert them into meta-forms and restrict any additional changes to the original form because your primary aim is to provide viewing access rather than to emulate all the features of the original application.
Developers who are creating a viewer application can use System Development Kits (SDKs) to provide only viewing functionalities for different file formats. Moreover, by isolating the protected documents from native application add-ons or avoiding enveloping measures, the developers of viewer apps can rule out the threat of attackers trying to peek into the code to see what aspects are restricted.
Are Native Applications Preferable in This Case?
If you thought using the native application as a viewer for a protected document is the most prudent and straightforward solution, think again.
Native applications, in fact, offer all the functionalities that you’re trying to restrict in a document, making it easier to abuse the controls on the protected document. In addition, the more widely used document formats (like PDF) can even be viewed across various operating systems, such as Mac or Linux.
So, when you opt for a DRM system that claims to support different file formats, be sure to check out the added functionalities. Most often, these systems provide an option to convert multiple formats into a specific secure format for recipients and usually don’t provide options for editing, which actually defeats the purpose of claiming to support the different file formats.
In the end, don’t confuse DRM with network access controls. In essence, network access controls oversee the read, write, execute or delete controls on an internal server. So, it controls the internal server or a set boundary but ceases to have any restrictions once the document has left the building. This is different from DRM that provides persistent protection that is a part of the document.