Expand my Community achievements bar.

SOLVED

Controlling Attachments and Copying PDF forms

Avatar

Level 2

Am I correct in assuming that you cannot control the attachment of a PDF form through the use of Rights Management.  I have a client that wished to do this as they do not really want to have to write script in their process to accomodate this.  Also is there a way in RM to be able to prevent a PDF from being copied?

1 Accepted Solution

Avatar

Correct answer by
Level 2

Spudmouse,

Are you trying to protect a document that is attached to a PDF or are you trying to protect a PDF that is being attached to an email? There is no need to prevent a file from being copied if it is protected by RM. It cannot be opened without authenticating. So you could make copies and hand them out at Wal-Mart if you wanted to. The primary idea is to stop people who gain access to a file they are not supposed to have.

Steve

View solution in original post

6 Replies

Avatar

Correct answer by
Level 2

Spudmouse,

Are you trying to protect a document that is attached to a PDF or are you trying to protect a PDF that is being attached to an email? There is no need to prevent a file from being copied if it is protected by RM. It cannot be opened without authenticating. So you could make copies and hand them out at Wal-Mart if you wanted to. The primary idea is to stop people who gain access to a file they are not supposed to have.

Steve

Avatar

Level 2

Actually it is neither.  The client that I am dealing with would like to use RM to be able to prevent copying.  I had a feeling that this could not be done because RM is used to prevent the document from being opened.  If this is the case then, as you have said, it does not matter if it has been copied.

The other thing that they wanted was to use RM to prevent a document from being attached to an email and sent out of the company.  Again, I believe that this is not possible because RM controls the content of the document and not the actual document itself.  If I understand you correctly it does not matter how many copies of the doc is sent out as an attachment, if the rights do not allow access then it does not matter.

Thank you for the confirmation.

Avatar

Level 2

Spudmouse,

By the way, I like the name. It might be an interesting story to hear how you came up with that.

You are correct; the idea is to protect the content of the document. If the document is so sensitive that the company is truly concerned about it getting in the wrong hands, they can require authentication every time the document is opened or someone attempts to open it.

This would give them some idea of who is opening it and when (RM provides this info). Even if someone gets another person's credentials, the rights for any group or individual can be revoked on the document at anytime. For instance if a person that has the rights to open a document is terminated by the company, you could set up a process that would revoke the rights of the people when their name is removed from the LDAP. This is pretty common, HR terminates someone they almost always immediately remove their access to any computer systems. Using this method with RM would remove their credential for all documents. In the event that a supper sensitive document is suspected to have gotten in the wrong hands and the possibility a person has stolen credentials from another employee you could revoke the rights to the document and force all people with rights to that document to change their passwords.

One thing that never ceases to amaze me is that a company decides they want to protect sensitive information, but then let the personal feelings of the employees or users get in the way of adding this protection. For instance sensitive financial data for the board of directors needs to be secure but they don't want to make the board members key in a password or wait a few seconds for an on-line authentication. Top secret Engineering Drawings on a patent pending product and they do not want to inconvenience some GURU engineer or a vendor that may build a component for the device.

Security is not always convenient, the Adobe foundation included with LC RM can help provide orchestrations (workflow) to help distribute or notify users they have new secure documents and deliver them to the user or provide them a link to go get them. If Foundation is not enough, you can use Adobe LC PM to create a more robust Workflow to handle the process. Once the user has the documents you have to be confident that if the document gets in the wrong hands the bad person will not be able to open them. If you know of a better way to do this than with RM, I would like to know what it is.

Good luck

Steve 404-954-1012

Avatar

Level 2

I totally agree Steve.  Security is not necessarily convenient but then losing your IP is not necessarily convenient either.  I am not sure that there is anything better than RM.  I will just present a better and more compelling story to the client.

Thanks for the help.

Avatar

Level 2

Spudmouse,

What is the use case for this customer, maybe I can give you a few more tips to help them better visualize and justify it.

A 100 user license is on $16.5 K, if they are not careful they will spend more than that thinking about what to do.

Steve

Avatar

Level 2

Hi Steve,

The use case for this is that the client is worried about intellectual property being sent out to people that are not supposed to have it.  I understand that DRM will not allow any unauthorized users from opening the PDF file.  What the client wanted to be able to do was have PDF documents that the internal user could not copy to other locations and could not actually attach to an email.  They figured that this would be the safest way to deal with loss of IP.

I explained that we could do the prevention of an attachment through scripting in a process, but there is really nothing that we can do in DRM.  The bottom line is that if someone wants to steal IP then there is no way to prevent all methods of doing this.  The best that we can do is make it as hard as possible.  I will also explain again that the security is in the PDF form itself and they do not have to worry about unauthorized access,

This is not something that I think we should spend a lot of time on as the level of security in the form more than meets what the client requires, they just don't understand it yet.

Thanks for your help in this.