When executives want the ultimate in secure communications, they close the door, pull out a pen, write key words on a scrap of paper and expose it to the other party. Then they destroy the paper. That’s a tough level of protection for today’s high-tech security wizards to rise to. But they are making progress in that direction.
Every day, construction firms are exposed to enormous risk by entrusting operations to electronic data and transmitting it to others. The alternative—paper-based exchange—is becoming less and less practical when measured against the speed, reliability and storage efficiency of electronic data. But while speed and precision are attractions of digital communications, security risks are the bane.
“If you must send documents, being able to protect them so people cannot print, copy or do a whole lot with them other than read them, is invaluable,” says Muge Wood, an oil and gas solutions specialist with Microsoft, Redmond, Wash.
Through tools available with the Windows Server 2003 Professional software, companies can use Microsoft’s Rights Management System (RMS) to apply access, print, distribution and even expiration controls to documents that will take charge whenever anyone tries to use the documents, even off line. Only Internet Explorer Version 6, or higher will open them. It enforces the document controls.
“Some of our customers are companies that got really burned by this and they want to find a solution,” says Wood. “The CEO sends a confidential memo on their business strategy and the next thing they know, it’s in a newspaper. It’s fairly easy for them to see the value and want to use it. Then there are other companies taking a more proactive approach. They want to share, but protect their intellectual property.”
“By embedding RMS controls into the document, it gives you some assurance that no matter where it goes or how long it lives, those controls will persist,” says Gary Geddes, a Microsoft strategic security advisor. RMS controls can be applied to Microsoft Office documents, including PowerPoint, Excel and Word files. Third-party applications, including ones from Autodesk and Adobe are being added. “We are getting more and more partner uptake,” Wood says.
“If people haven’t started to think about it, they ought to,” says Kristine A. Fallon, president of design and construction technology consultant Kristine Fallon Associates Inc., Chicago. “Clearly, the electronic communications are becoming very important and suddenly you have all these concerns, like ‘can somebody alter the RFI response after the fact?’”
Fallon says good Web-based project management systems control document rights and audit access, but firms now are looking for similar controls outside of project systems “as an overlay on regular e-mail” and through properties embedded within the documents themselves.
As is often the case with meeting technology challenges, answers are being found not only in new inventions, but in clever combinations and improvements to existing ones. The increasing use of locked, but annotatable documents in formats such as Adobe’s Portable Document Format and Autodesk’s Digital Web Format, and the growing interest in embedding controls within them, are opening the door to increasingly sophisticated possibilities.
“It is moving from early adoption to industry practice,” says Amar Hanspal, vice president of Autodesk Collaboration Services. Hanspal describes three layers of document security, two of which are established, and a third that is coming into its own. First are document-level controls such as password protection, encryption and the publication of restricted views of the original data. Then there are server-level controls, such as tracking and check-in, check-out capabilities. But the use of embedded security tools like digital signatures that validate authenticity and integrity is growing. “That not only limits what people can see, but what people can do with the document,” Hanspal says.
Autodesk does not yet embed digital signatures within its DWF format, but is working on it, Hanspal says, adding that Autodesk’s original DWF definition, as a digital Web format, is evolving, too. “The way we think of it now is the Downstream Workflow Format,” he says.
DWF’s big rival, Adobe Acrobat, is much further along. It introduced digital signature creation and third-party verification, which uses a commercial certificate validation service to offer a high level of authentification, password protection and the ability to bundle multiple PDFs in a password-protected e-envelope in its current edition, Version 7. It also offers a server-based Digital Rights Management service similar to Microsoft’s RMS for controlling persistent permissions. In January, Adobe acquired the FileLine DRM division of Navisware, a Raleigh, N.C.-based technology company bridging CAD and enterprise data. Adobe will use it to enable its LiveCycle Policy Server to persistently protect documents in PDF, Microsoft Office and CAD formats.
“Adobe’s products are pretty interesting,” says Fallon. “I think they were the first to see it. What Autodesk has done is a CAD-centric thing. What Adobe has done is a generalizable thing. It’s a little more universal. Adobe has only gotten really smart about the CAD side of things in the last three years or so,” she says.
According to Fallon, Adobe’s informal partnership with Bentley Systems has helped “inform how they are going forward,” particularly with respect to Adobe’s new ability to create PDFs from 3D design files. She also laudes Adobe for submitting the PDF format for ISO certification to help it gain status as an international standard and ensure its archival value.
Hanspal says the big driver in the development of digital rights tools is entertainment. “Hollywood is driving digital rights management,” he says. “It’s not that engineering is less important, but they are creating a path for us. We will learn from those guys. We will look at pieces and see what we can reuse.”
Hanspal says the early big users in construction are government agencies, large public utilities and the oil and gas sector. “You can see how it could work for engineering,” Hanspal adds. “You send out a document and it can only be used for 30 days—and then it explodes.”
Geddes says Microsoft’s RMS “has public key infrastructure under the hood.” Just as with digital signatures, RMS uses personal encryption codes, with public decoding keys distributed to the designated recipients.
Those same tools embedded within documents are being leveraged by a bevy of third-party software developers to create new products that really could...