Link to home
Start Free TrialLog in
Avatar of trekrok
trekrok

asked on

Small business IRM or ERM type solution. Need to allow temp access to Excel, Word and large pdf files.

I need a solution that will allow me to send a Word document and many pdf documents to a third party either via DVD or some type of FTP.  Then I need to allow access for 7-14 days, during which they will have the ability to edit and save the Office documents. After the expiration, I need the files to re-encrypt or otherwise become unusable.

I see a few IRM type products such as Liquid Machines, EMC but they appear to be aimed at an enterprise level, ie big $$$. Is there a solution that would be realistic for a very small company?

Alternatively, is there a service where I could keep these files locally and allow access via the internet? My concern is the size and number of pdf documents which could easily number several hundred files.

Any options?
Avatar of Dave Howe
Dave Howe
Flag of United Kingdom of Great Britain and Northern Ireland image

Really, these sorts of things are meant for enterprise level control - ie, environments where you control the workstations and the documents, and attempting to bypass the controls is both detectable and a disciplinary offence.

in the real world, about the best you can hope for is to create a plugin that will encode your documents so that they can't be opened without checking with a remote website first, and even then, the majority are available "hacked" to remove the restrictions (for instance, you can get pdf plugins that get an auth key interactively using a user issued key which is then handed to a website to get the actual decryption key; the hacked version caches that key and uses it to unlock that document from then on)

its a truism that, if a document can be opened once, a sufficiently determined hacker can remove the restrictions. Messing around in the intermediate layer (where the attacker is not sufficiently skilled, and/or the system is not used to secure anything that would attract skilled internet hackers to break it on a global basis) is about all you can hope for. I am not aware of any such system - its possible that someone else is, but I am not :(
Better than a DRM solution is to keep the file completely in your house and let the customer "come" to you. That sounds like an ideal sceanrio for Windows Terminal Services.

You'd allow your customers access to your Terminal Server via Remote Desktop Protocol (RDP) over the internet (make sure to use some type of VPN access). The RDP client is included in every Windows version since XP.

You are able to control the Terminal Server machine completely, so you can forbid direct file transfer to the clients computer. You'd have to disable internet access for that Terminal server (so no one can send your documents over Yahoo, GMail, P2P networks, etc.)

You would have to install the applications for editing your files (e.g. Office, Adobe Acrobat, etc.) locally on your terminal server, so everyone can use these over RDP.

It's like the client is remote controling your computer, except Windows TS allows multiple users at the same time. And no single file leaves your network.
That's actually much closer to a workable idea than most DRM is, complexymetron - the issue with DRM systems is that as soon as the file leaves your control, you can't prevent someone using hacking tools to reverse-engineer the access process and either decrypt or give repeatability to the solution.

Provided you disable clipboard synch, about the best a hacker could hope for would be to record the stream data to achieve session playback - effectively, a movie of themselves reading the document.  This may be more than the customer wants to grant, but is probably the maximum achievable anyhow. In simpler terms, if something is displayable on the user's screen, it can *always* be recorded; even at a low tech level, it is trivial to hook a vcr to the tv-out and create your recording that way.
Avatar of trekrok
trekrok

ASKER

Thanks for the responses.

The data being sent isn't necessarily mission critical type stuff, but I definitely would prefer that it not be floating around in perpetuity. Further, the people that would receive these documents would not be programmer types, but rather more administrative. So, the likelihood that they would put forth the effort to hack anything I think would be slim. And certainly nothing can stop them from shooting a picture of their screen anyway. But I'd just like to make it difficult without breaking the bank.

I've thought about the Remote Desktop thing, but didn't know how efficient it would be for this. The person working on this would be opening hundreds of pdf documents and my experience with Remote is it is usually pretty slow. Also, if there were 3 people working on documents at the same time, I assume it would require as many copies of the software on the server?

Given that I'm not expecting to get it 100% bulletproof, do any other options come to mind in the addin, DRM side?

Thanks again.
ASKER CERTIFIED SOLUTION
Avatar of complexymetron
complexymetron
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of trekrok

ASKER

Assuming that a solid machine was dedicated to this purpose only, could 5 people work on this simultaneously? Our connect is about 12Mb down and 1Mb up currently if that could be the bottleneck.

Thanks for the help.
Avatar of trekrok

ASKER

Thanks.
Yes, 5 people should not be a problem with up-to-date hardware. Put in lots of RAM (~ 4GB) and the user experience should be good.

1Mb upload could turn out to be a bottleneck in the long run, especially if those users are opening many graphic files (e.g. PDF containing images), but I'd try it till user performance degrades to much.