About accusoft
Accusoft provides a full spectrum of document, content and imaging solutions as fully supported, enterprise-grade, best-in-class client-server applications, mobile apps, cloud services and software development kits (SDKs). The company’s HTML5 viewing technology is available to the enterprise as PrizmDoc, in cloud-based SaaS versions, and in a version optimized for SharePoint integration.
Visit http://www.accusoft.com and download your free trial to see how our software can work for you.
4001 N Riverside Dr
Tampa, FL 33603
(800) 875-7009
© 2014 Accusoft Corporation 1 | Page
Achieving True Security in a Cloud-Hosted World
Introduction
After half a decade of working out the kinks on free, individual user accounts, major commercial
cloud storage services such as Dropbox and Box recently set their sights on the corporate and
small-to-medium business (SMB) paid-subscription market.
Those services have a compelling sales story to tell: Use our cloud to store and share your
company’s files, especially documents. Save yourself the hassle of managing the repository.
Use our apps to make your files easily accessible to those who need to share them, on multiple
supported devices. And trust us to keep them secure.
Attractive though that story may be to some organizations, it runs aground on two basic truths:
1. There are safer methods that make sharing even easier.
2. No matter how many ways providers assure customers that their files are safe, there’s
no escaping the inherent vulnerabilities in putting a third party in control of not only your
document files, but also your encryption keys and log files.
This whitepaper examines the disadvantages of the commercial cloud model for document
storage and sharing, and proposes a safer, more versatile model based on the combination of
secure local storage and HTML5 document viewing technology.
Credibility and Cloud Services
Since rolling out to the corporate market, the commercial cloud storage services have had a
rough time establishing a reputation for security.i
Although most commercial cloud storage vendors share the same vulnerabilities, Dropbox has
emerged as the symbol of the problem, in part because it has experienced some very public
security failures. The company has been linked to the PRISM scandal and the US National
Security Agency (NSA) considered tapping Dropbox’s servers as part of its controversial
domestic surveillance program, according to press reports.ii
But for customer organizations, the main flaw in the commercial cloud model is that the service
holds the encryption keys to customer files, not the customer. Although Dropbox and other
providers tout their application of strong AES-256 encryption for customer files, the services
hold the keys, and even permit selected employees to access and decrypt customer files.iii
© 2014 Accusoft Corporation 2 | Page
For its part, Dropbox admits that it routinely decrypts files, often without the customer’s
awareness, in order to make certain app features work, and that some of the metadata sent
from mobile devices is transmitted without encryption.iv
Log files are similarly exposed on cloud storage services. Service employees can read, and
potentially alter, records of customer activity. Both hackers and the government might also
access this information, because it resides outside the customer’s firewall, and out of the
customer’s control.
A practice called file deduplication opens yet another hole in Dropbox’s security. When a file is
uploaded, the service analyzes the file and compares it to files already stored by other users. If
the file is identical to another, Dropbox writes a link to the previously uploaded file instead of
storing the duplicate. Deduplication saves space and bandwidth for Dropbox, helping the
company to keep prices down and profits up.
But security experts say deduplication can enable a third party to ferret out the contents of
Dropbox's servers. For example, a law enforcement agency could upload a copy of a suspect
file to Dropbox and measure the bandwidth consumed by the transfer in order to determine
whether the upload was stored or a link was created to a duplicate file. This information could
constitute probable cause to believe that a copy of the suspect file exists on Dropbox, enabling
the agency to obtain a warrant for information about the duplicate’s owner. v
Dropbox correctly argues that successful law enforcement requests are extremely rare, and that
even with its inherent vulnerabilities Dropbox is safer than “not having current backups, not
having any backups at all, accidentally deleting or overwriting files, losing USB drives with
sensitive information, leaving files on the wrong computer, etc.†according to the Dropbox
website.vi
It’s a reasonable pitch, but it really amounts to this: “We’re not quite secure, but we’re better
than nothing.â€
One way or another, when an organization moves its files outside its firewall and entrusts them
to a third-party service, that organization sacrifices some security. Companies make this
sacrifice in order to provide convenient sharing and enable collaboration among employees.
These companies are simply unaware that they can implement an even more efficient sharing
environment while keeping their documents and their encryption keys safe on their own servers.
Keep Your Keys, and Share Away
A better solution can be found in a different way of thinking about document distribution and
collaboration: An organization should have the ability to show documents without necessarily
sharing them.
© 2014 Accusoft Corporation 3 | Page
In this all-important distinction, a new layer of document security is created, enabling
organizations to meet user demands for information accessibility and collaboration while
keeping document files, encryption keys and log files secure behind the organization’s firewall
and in the organization’s exclusive control.
When document files are accessed from a cloud service, the actual document file is synced to
the devices of authorized users, often in a file format that requires a native application for
viewing, such as one of the Microsoft Office programs. Once open in the native application, the
file can be modified.
Even if synced in “read-only†mode, the file can be saved under a new filename and
manipulated, and content from the document can be selected, copied and pasted for use
elsewhere. And whenever complete source files are synced, they run the risk of bringing
malware along for the ride, to every device syncing the file.
Because of its high potential for unauthorized editing and misuse of document content, the
commercial cloud storage model requires choosing between hiding the document from virtually
everyone but those authorized to edit it (shutting out reviewers), or placing undo faith in the
effectiveness of read-only mode as a security measure. This problem simply compounds the
vulnerabilities caused by the cloud services’ insistence on owning encryption keys.
Viewing Technology Shows without Sharing
HTML5 document viewing technology enables an organization to show a document without
sharing it, all while keeping exclusive control of source files, encryption keys and logs. You have
almost certainly used an HTML5 viewer, even if you may not have been aware of doing so. For
example, the previewers for email attachments in cloud email systems like Yahoo! Mail are
document viewers.
From the perspective of an end user of an HTML5 viewer, documents open in a browser tab or
frame in which they can be read and also examined closely with such tools as zoom and text
search. At the discretion of the publishing organization, the window may also include tools for
annotating the document with comments, or redacting selected text or regions.
Behind the scenes, what’s actually happening is that the original document, secure on the
organization’s server, is being very rapidly converted into a high-fidelity graphics file (such as
the HTML5-standard SVG format) for transmission to the user’s browser. The original, editable
file never leaves the server, and never travels across the network or lands on the user’s hard
drive. The viewing file, though not the editable original, can still be encrypted in transit to protect
its contents from unauthorized eyes.
© 2014 Accusoft Corporation 4 | Page
This technology can integrate seamlessly into a broad range of systems and environments. For
example, HTML5 document viewing can be integrated with content management systems
(CMSs) or with Microsoft SharePoint to serve as a default document display and collaboration
window for managed files.
The security advantages of HTML5 document viewing over commercial cloud storage include:
 Document and image files, encryption keys and log files remain on the organization’s
server, behind the organization’s firewall, in the organization’s exclusive control.
ï‚· Mobile document viewing and collaboration requires only a mobile browser, not a third-
party app. Source documents do not download to mobile devices, so bandwidth, plan
minutes and on-board storage are not burdened by large, long file transfers.
 The end user never has possession of the actual document file in an editable form—
although when appropriate, organizations can optionally add to the viewer a toolbar
button that enables users to download the editable source document.
ï‚· Browser-based digital rights management (DRM) controls may be supplied by the viewer
to enable the organization to disable text copying and printing.
ï‚· End users require no native application licenses in order to view, annotate or redact
documents that may originate in many different file formats. This enables organizations
to reduce the number of application licenses they purchase.
ï‚· The viewer may be customized, or put under programmatic control, to achieve such
functions as automatic redaction of select types of content.
ï‚· Redacted documents can optionally be saved in fully formatted PDF files with all traces
of the redacted text removed. Unredacted content can still be searched and indexed.
Conclusion
Many organizations are struggling to find a sweet spot that balances conflicting priorities of
securing content, satisfying end-user access demands, and controlling infrastructure costs.
Although commercial cloud storage does address all three issues, it fails on all three counts to
deliver essential functionality and true security. For some companies, HTML5 document viewing
technology offers a superior model in terms of flexibility, security effectiveness and cost.
Prizm Content Connect from Accusoft is an enterprise-class, server-based HTML5 viewer that
supports hundreds of different file types through any HTML5 browser, desktop or mobile, and
features tools for annotation, redaction and digital rights management (DRM). Visit
Accusoft.com for more information.
© 2014 Accusoft Corporation 5 | Page
About Accusoft
Tampa-based Accusoft provides a full spectrum of document, content and imaging solutions as
fully supported, enterprise-grade, best-in-class client-server applications, mobile apps, online
and cloud services, and software development kits (SDKs). The company’s Prizm Content
Connect HTML5 document viewer supplies customizable, enterprise-class viewing, annotation
and redaction for hundreds of file types. For more information, please visit www.accusoft.com.
i
Marshall, Matt. “Dropbox has become ‘problem child’ of cloud security.†VB News
(http://venturebeat.com/2012/08/01/dropbox-has-become-problem-child-of-cloud-security), August 1,
2012.
ii
Greenwald, Glenn and MacAskill, Ewan. “NSA Prism program taps in to user data of Apple, Google and
others.†The Guardian, June 6, 2013.
iii
Singel, Ryan. “Dropbox Lied to Users About Data Security, Complaint to FTC Alleges.†WIRED, May 13,
2011.
iv
Acello, Richard. “App-solutely Perilous? Security of Mobile Apps Spurs Concern.†ABA Journal,
September 1, 2011.
v
Schwartz, Mathew J. “Dropbox Accused Of Misleading Customers On Security.†InformationWeek, May
16, 2011.
vi
Drew; Arash. “Privacy, Security & Your Blog.†The Dropbox Blog
(https://blog.dropbox.com/2011/04/privacy-security-your-dropbox), April 21, 2011.