Hosted service promises to protect corporate documents on smartphones

A hosted application for securing shared corporate documents is being extended to handheld devices. With WatchDox, mobile users can view and even selected documents, but be prevented from saving, printing, or forwarding them, if desired.

Android 2.2: How to install Flash on Froyo

Later this year, WatchDox will be supported on BlackBerry OS, webOS, and Symbian, as these add support for Adobe's mobile Flash player, Flash 10.1. WatchDox uses a special version of the Flash player to display protected documents. Also in the works: a native application for Apple's iOS, used in iPhone, iPad and the new iPod touch, none of which support Flash. A prototype is already being tested, according to company officials.

The first mobile users for WatchDox will be those running Android 2.2, the Froyo release, which was the first platform to incorporate Flash 10.1 support. WatchDox vendor, Confidela, recently announced WatchDox for Android 2.2.

The core WatchDox product, launched in early 2009, is a hosted solution (though it's also available as a standard server-based application behind the corporate firewall). No software has to be installed on the client. Support for mobile operating systems will give such users access to protected documents anywhere and anytime they can get a cellular (or Wi-Fi) signal. IT administrators can use their phones to set manage, configure and track WatchDox documents.

One user is TrimTabs, a Sausalito, Calif., financial investment research company. In the past, the company sent about 40 to 50 reports each month to several hundred subscribers via e-mail, as .pdf attachments. TrimTabs wanted to track who was actually reading the reports, eventually let them be read easily by BlackBerry and iPhone users, and possibly in the future add higher levels of security, says Jerry Vigil, TrimTabs' database architect.

"It was pretty easy to deploy, especially compared to the other systems we looked at," he says. TrimTabs was using the WatchDox plugin for Microsoft Outlook (another is available for Gmail) to automatically protect e-mail attachments. Currently, TrimTabs exports tracking data WatchDox collects to a separate reporting application: for future releases, Vigil hopes to see more sophisticated and flexible reporting features in the Confidela software.

Other products and frameworks that address some of these same issues include Adobe LiveCycle Enterprise Suite, FileOpen, LockLizard, EMC's Documentum, and Microsoft Active Directory Rights Management Services.

In the hosted WatchDox version, a company selects what documents it wants to protect, checks off the desired permissions or restrictions for each document, and uploads the documents to Confidela's servers. There, the documents are converted into one of two formats, one for online Internet access by end users, the other for downloading the document which can only be viewed with Confidela's plug-in reader.

The online option is based on an encrypted version of Adobe Flash, developed by Confidela. In this case, "the document never leaves our servers," says Adi Ruppin, vice president of marketing for Confidela. "And it's not being cached locally on the browser."

Confidela sends an e-mail to everyone allowed to see the document, with a link to that document. The recipient clicks on the link, re-enters their e-mail as a further one-time authentication, and the document appears in the user's Web browser, via Flash. It can make use of a feature called WatchDox Spotlight, which is designed to foil screenshots of the documents: with Spotlight, the document first appears looking blurry. You hold down the "enter" key until this "curtain" vanishes after a few moments of inactivity, it reappears.

Each document also is shown with a "watermark," again to discourage copying and screen shots.

The permissions can be quite varied. For example, you could allow a document to be forwarded but only within a particular company domain. Users can be blocked from saving, printing, copying, or forwarding the document, for example. You can even put an expiration date on the document.

In effect, mobile users will have a managed, secure, restricted view of the documents being shared.

The second option is for working with these documents offline. In this case, Confidela converts the original, such as a Microsoft Word report, into an encrypted PDF file. To open it, and work with it based on whatever permissions have been granted, you have to also download a separate browser plugin, a special PDF reader. The same permissions set for the online option can be set here, and enforced: the document only opens with the plugin, which restricts what can be done to and with the protected file.

WatchDox maintains control of the documents, in either option. Ruppin points out that simply encrypting a PDF file isn't enough: once it's opened by the authorized recipient, it can be saved, copied, or e-mailed to anyone. And WatchDox differs from traditional digital rights management solutions, he says. "DRM isn't built for sharing [information] with others," he says. "It's designed to stop information from getting out of your company."

Confidela is privately held, funded by Gemini Israel Funds and Shlomo Kramer, who was co-founder of Check Point and Imperva. The CEO and co-founder is Moti Rafalin, an EMC veteran, who most recently headed that company's Application Management Business, based in part on EMC's nLayers acquisition.

John Cox covers wireless networking and mobile computing for Network World.

Twitter: http://twitter.com/johnwcoxnww

Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed

Read more about anti-malware in Network World's Anti-malware section.