Securing Public Sector Documents via Viewing TechnologyGovernment and military organizations today are stretched perilously between contradictory and intensifying priorities.

They face pressure from leadership (from the White House down), regulators, watchdog organizations and the public to achieve two goals that would seem, to most observers, to be mutually incompatible:

• Make essential documents easily and widely accessible for purposes of review, collaboration, regulatory compliance and transparency.

• Keep documents and their information highly secure and inaccessible to unauthorized persons.

Reconciling these competing priorities represents the principle challenge in public sector document management today.

In some organizations, this challenge is being addressed through rigorous internal procedure and workflow modifications and through costly technology, both of which run afoul of a third demand: keep operations efficient and cost-effective.

A better solution can be found in a different way of thinking about document delivery. In addition to restricting access to authorized users only, it is also possible to show documents to authorized users without sharing the document files.

In this all-important distinction, a new layer of document security is created, and it enables public sector organizations to meet demands for information accessibility and requirements for document security at the same time.

This whitepaper describes how the use of a document sharing environment designed for the purpose can enhance communication effectiveness in higher education settings.

The Trouble with AttachmentsWhen sharing syllabi, notes, example files, and other document-based content to students, faculty often simply attach document files to a message and broadcast it to a class list, either through a university email system or through messages generated from an LMS. The pitfalls in this practice are both numerous and common, and fall into five categories:

File Dissemination = Threat ExposureIn traditional modes of document delivery, the actual document file is supplied to authorized users, often in a file format that requires a native application for viewing, such as one of the Microsoft Office programs. Once open in the native application, the file can be modified; even if delivered as a “read-only” file, it can be saved under a new filename and manipulated, and content from the document can be selected, copied and pasted for use elsewhere.

In addition to restricting access to authorized users only, it is also possible to show documents to authorized users without sharing the document files.

Document distribution in PDF format improves matters somewhat. The document file can be read in a non-editing viewer program, and its contents are less vulnerable to modification, though not entirely so. But copying of content remains a vulnerability.

Because of the high potential for unauthorized editing and misuse of document content, achieving security in this scenario requires choosing between hiding the document from virtually everyone but those authorized to edit it, or placing undo faith in the effectiveness of read-only modes and PDF format as security measures.

But very often, there are entire classes of users, both internal and external, who may need to view a document but not edit it its contents. The public at large is an obvious example of this class, but internal users who must review, comment on or redact a document similarly need read access to a document’s contents without edit access to its source file.

Traditional distribution methodologies add vulnerabilities. Many organizations rely upon unencrypted email attachments to exchange sensitive documents among authorized users, or provide download links on both public-facing websites and intranets. In both cases, document files are highly vulnerable to unauthorized harvesting in transit, and a full copy of the source document winds up on the end user’s machine, to be employed however the user sees fit.

Additionally, whenever complete files are shared they run the risk of bringing malware, including spyware, along for the ride.

But despite the potential exposure, government and military organizations continue to rely on read-only document files, PDFs, and link-download/attachment distribution for such critical and sensitive activities as:

• Interagency document sharing

• Intraorganizational communications

• Collaboration/communication with law enforcement

• Sharing documents with legal departments and oversight bodies

• Informing the public

Viewing Technology Shows without SharingHTML5 document viewing technology enables an organization to show a document without sharing it.

You have used browser-based document viewers, even if you may not have been aware of it. The tools for previewing email attachments in cloud email systems like Yahoo! Mail are document viewers.

Right now, you are viewing this whitepaper through a browser-based document viewer in a cloud service for document-sharing.

From the end user’s perspective, clicking a link opens the document in a browser window in which it can be read, and when necessary examined closely with such tools as zoom and text search.

At the discretion of the publishing organization, the window may also include tools for annotating the document with comments, or redacting selected text or entire regions.

Behind the scenes, what’s actually happening is that the original document, secure on the organization’s server, is being very quickly converted into a high-fidelity graphics file (such as the HTML5-standard SVG format) for transmission to the user’s browser. The original, editable file never leaves the server, and never travels across the network or lands on the user’s hard drive.

For public sector organizations, the security advantages of HTML5 document viewing are many:

• Regardless of authorization, the end user never has possession of the actual document file in an editable form.

• Browser-based digital rights management (DRM) controls may be supplied by the viewer to enable the organization to disable text copying and printing.

• HTML5 viewers enable users to view content on mobile devices. This capability is essential for military organizations seeking secure distribution to field personnel.

• The graphics file transmitted to the user is free of any malware that may have infected the source file.

• Viewer programs may supply encryption options that can prevent unauthorized harvesting of even the viewing copy as it travels through public networks.

• Fast display from webpage links eliminates the need to share via email, overcoming attachment size limits and

preventing the versioning errors that occur when users attempt collaboration by email.

• End users require no native application licenses in order to view, annotate or redact documents that originate in many different file formats, including Office, PDF, CAD and many more. Only a browser is required.

• The viewer may be customized, or put under programmatic control, to achieve such functions as automatic redaction of defined content types.

• Redacted documents can optionally be saved in fully formatted PDF files with all traces of the redacted text removed. Unredacted content can still be searched and indexed. This is an important feature for complying with transparency regulations that require public access to sensitive content.

• Unlike recently debuted cloud-storage scenarios for document distribution, server-based HTML5 viewing technology enables organizations to keep their encryption keys private, behind their firewalls.

Ancillary BenefitsWhile the chief benefit of HTML5 document viewing in the current climate is enhanced document security, the technology delivers ancillary benefits to government and military organizations both large and small.

Chief among these is productivity. When employees can securely review, annotate and redact documents anywhere, on any device, without having to wait for document files to download and native applications or viewer programs to open, they get more done.

Another ancillary benefit is cost. Document viewing can enable many organizations to reduce the number of application licenses they purchase, because employees who need to review and comment on a particular document type but don’t need edit access can work in the viewer instead of the file type’s native application.

Implementation EfficienciesDocument viewers come in several types. Server-based document viewers are the preferred type for public sector applications because they are highly secure, robust, scalable and customizable. They supply a level of document security that would be far more expensive if attempted through other means, and they are relatively easy and inexpensive to implement and maintain.

But there also are cloud-based document-sharing services like the one you are using now that supply not only the viewer, but also the web page to put it on. Such services enable users to upload a document file to the Cloud and present it on its own customizable page, with its own URL.

Users often set up a document on the service and then share a link to it through Facebook, Twitter, and other social media sites.

ConclusionEvery public sector organization is struggling to achieve the ideal balance between necessary security and desirable transparency, and to do so within ever-shrinking IT budgets. For those organizations, HTML5 document viewing technology may offer just the right approach in terms of flexibility, security effectiveness and cost to meet that challenge.

About AccusoftTampa-based Accusoft provides a full spectrum of document, content and imaging solutions as fully supported, enterprise-grade, best-in-class client-server applications, mobile apps, online and cloud services, and software development kits (SDKs).

Accusoft products work reliably behind the scenes for capturing, processing, storing and viewing images, documents and more. Add barcode, compression, DICOM, image processing, OCR/ICR, forms processing, PDF, scanning, video, and image viewing to your applications. For more information, please visit www.accusoft.com.

To learn more about the benefits of document viewing technology, please contact info@accusoft.com.