Fortifying PDF documents

Officials at Adobe Systems Inc. will provide tighter security for electronic documents later this year by offering software that prevents people without the proper credentials from altering files.

Adobe officials are developing a security policy server for the company's popular Acrobat software. The software uses PDFs, which allow electronically exchanged files to be viewed and printed on a variety of platforms.

Problems with maintaining the confidentiality of electronic documents and preventing document tampering are on the rise, said John Landwehr, Adobe's group manager for security solutions and strategy. Although he would not divulge the details of any specific document tampering incident in the federal government, Landwehr said cases of document spoofing represent a growing problem for government and corporate offices.

"It's definitely well above the hundreds, and these are just the ones that we've heard about," Landwehr said. Adobe officials vowed in February to solve some of the PDF file security problems with a policy server. Adobe's executive and legal departments have been using the software for the past nine months, but Adobe officials will not begin beta tests with government and corporate users until this summer, Landwehr said.

The policy server would offer security auditing and access and authorization controls for PDF documents, but it's the ubiquity of such documents that makes Adobe's work interesting, said Paul Proctor, vice president of security and risk strategies at Meta Group Inc. A content-management system offers similar controls, but usually only within the system's virtual file cabinet, he said.

With the Adobe policy server, Abobe officials are promising the ability "to deliver a document to somebody, to know that you delivered it to them and to restrict them from giving it to other people," Proctor said. "That's huge."

If a document ends up in the wrong hands, that person simply can't open it.

Although this capability may sound complicated, it has to be easy to use, Landwehr said. "Two clicks, and I can protect a document," he said. If such products are not painless, employees will try to avoid applying security policies to the documents they create.

Adobe's policy server could also be used to prevent document tampering through the use of public-key infrastructure technology.

If PKI digital signatures on PDF documents are set up and checked properly, unwanted users cannot easily tamper with the documents, said William Burr, manager of the security technology group at the National Institute of Standards and Technology. "It can be pretty close to bulletproof," he added.

But most security products are not bulletproof, and the policy server is no exception, Proctor said. To achieve the highest levels of document security, he said, document creators would have to set a policy that required authorized users to notify the policy server every time they try to open the documents.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group