The PDF format is one of the most commonly shared document types in the world. According to the PDF Association, there are at least 20 billion PDFs in Dropbox, 2 billion opened in Outlook each year, and 73 million opened in Google Drive and Mail.
The fact that millions of PDF files are shared each day shouldn’t come as much of a surprise – after all, they were created to be a portable, sharable format that retains formatting. However, what is surprising is that many of those are shared with no protection or protection that is wholly ineffective.
While many of the unprotected documents shared are for personal use, a large number of enterprises that lock their documents to prevent theft are using solutions that act only as a minor deterrent. Unfortunately, the unfortunate outcome is that many important and confidential PDF files end up stolen anyway – whether it’s due to a phishing attack, interception in transit, or a trusted party sharing them.
So, what can you do to keep your PDF files safe? Which solutions work, and which are just snake oil? We’re going to be discussing this today.
A warning on Adobe PDF Security
The most critical thing that businesses need to take from this post is that Adobe PDF security will not prevent your documents from being compromised. Adobe itself has several warnings throughout its apps about the ineffectiveness of its password security. But how, exactly, is Adobe PDF security flawed? For this, you’ll need a bit of a history lesson:
The rise of Elcomsoft and the fall of passwords
Adobe was the first to introduce protection controls to PDF documents, but it was also one of the first to be cracked. The initial version was released in 1994 and relied on weak 40-bit encryption quickly bypassed with freely available tools. Adobe later upgraded this to 128-bit encryption, then 256-bit, but all rely on a password-based system that is inherently flawed.
Using a password to protect PDF documents means that your protection is only as strong as the password itself. Use a strong password, and nobody will remember it, leading to poor security practices such as physical and plaintext password notes. Use a poor one, and automated password cracking software will guess it in seconds.
Even with the strongest character combinations, though, it can easily bypass PDF passwords. A Russian company called Elcomsoft pioneered a way to break Adobe PDF many years ago by attacking the mechanism that secured passwords and allowing them to be revealed in plaintext.
Not only that, but Adobe admitted that its permissions controls, which lock editing, printing, and copying, rely on an honor-based system. It trusts other PDF readers to enforce them, and not all of them do. As a result, bypassing permissions can be as simple as uploading the document to Google Drive or opening it on a Mac.
Though you can encrypt your PDF with software other than Adobe, most of them still use a password-based system that has all the failings that come with them. Meanwhile, solutions like secure data rooms do little to stop viewers from copying or extracting documents, despite their hefty price tag.
Locking a PDF with a DRM Solution
With the failings of other solutions apparent, a PDF DRM solution is the only real choice for serious document protection. While Adobe PDF or secure data rooms are designed to cast a broad net, PDF DRM solutions are purpose-built to keep the relevant documents safe. As a result, the protection they need and the tools they give admins are much harder to bypass.
Rather than fallible password-based systems, PDF DRM solutions use license-based security and bespoke secure viewer applications. When a PDF file is locked, it’s encrypted with 256-bit AES and can only be opened by a person who has the secure viewer application installed and a license specific to them to open the document.
In addition to this, DRM solutions can effectively enforce a wide variety of editing controls that programs like Adobe PDF can’t. For example, as well as preventing editing by default, you can limit printing, screenshotting, and copy/pasting. You can also track who uses your documents, apply dynamic, identifiable watermarks, or lock PDF files to specific locations and IP addresses.
Finally, a PDF DRM solution will let you expire a document. It’s able to do this either instantly or after a certain period or several prints/opens. It lets you, for example, send a document for someone to look at it and have it expire as soon as they close the document – ensuring nobody else can view it.
Due to these security advantages, and their relatively affordable cost, PDF DRM solutions are the best route to lock a PDF document if you’re looking for real protection. While Adobe PDF permissions can offer the illusion of security, they’re just a deterrent and not a good choice.