Securing and protecting documents for the multi-platform world

In today’s global, digitally networked world, organizations are under pressure to quickly and efficiently deliver better products and services to the market. Organizations are constantly exchanging or selectively distributing documents that contain sensitive information—internally with employees, externally with partners, and through digital self-service to consumers. At the same time, maintaining control of information has never been more difficult. Wireless networks, the proliferation of mobile devices, cloud services, and the popularity of bring your own device (BYOD) make it difficult to protect document information even within the enterprise network—let alone outside of it.

Adobe Experience Manager forms document security proactively protect sensitive documents, and control and track their usage—from creation to archiving. Be it any platform or device — phone, tablet, desktop, or laptop — document security ensures that only authorized users can see and use your Microsoft Office and PDF documents.

Government agencies and enterprises in many industries are using the document security feature in Adobe Experience Manager forms to secure intellectual property, maintain public safety by protecting classified documents, protect personally identifiable information (PII), support compliance objectives, and meet data governance and protection mandates.

A typical document security workflow

AEM forms provides simple and easy-to-implement document security workflows. The typical out-of-the-box document security workflow in AEM has the following steps to protect, open, and track documents:

  1. Create policies: Administrators and document owners can create policies. The policies created by administrators are shared while the policies created by the document owners are personal. To create the policies, you need document security add-on installed and configured on the AEM forms server.
  2. Apply a policy: Document owners or administrators can apply a policy, and then can save the document for distribution.
  3. Distribute documents: Document owners or administrators can distribute protected documents over email, website, mobile apps, and through a network folder.
  4. View documents: The recipient can open a protected document in the appropriate client application and use the document as permitted by its policy.
  5. Track usage and access management: Even after distributing the documents the document owners or administrators can track documents and remotely modify the access to the documents.

The following example shows a standard workflow. However, AEM forms document security is fully configurable and customizable and can meet most needs.

AEM Document Security Workflow

Protecting documents

You can create and apply policies to protect documents. A policy is a collection of information that includes confidentiality settings and a list of authorized users. The confidentiality settings you specify in a policy determine how a recipient can use a protected document. For example, you can specify whether recipients can print, copy, or edit text, or add signatures in the protected documents.

The policies are stored on the document security server and applied using client applications. To apply security or tracking policies, you can use Adobe Acrobat, Document Security Extension for Microsoft Office, Document Security SDK, or Portable Protection Library.



Adobe Acrobat: You can use Adobe Acrobat DC to apply security or tracking policies to the PDF files created from popular desktop applications, such as Microsoft Office, web browsers, or any application that supports printing in PDF format.

Document Security Extension for Microsoft Office: You can use the Document Security Extension for Microsoft Office to apply predefined policies to your Microsoft Office files. The extension ensures that only authorized people can use policy-protected Microsoft Word, Excel, and PowerPoint files.The Document Security extension is available as a Microsoft Office plug-in. You can download it from the Adobe website. The authorized users who have the plug-in installed can use the policy-protected files.

Document Security SDK: The SDK is a feature-rich client and has access to all the features of document security. You can use document security SDK to develop applications and plug-ins to create policy-protected files on a client. Applications and plug-ins developed using document security SDK send documents to designated AEM forms server and the policies are applied on the server.

Portable Protection Library: Portable Protection Library (PPL) protects a document locally, without sending the document to AEM forms server. Only security credentials and policy details travel over the network. Portable Protection Library supports only limited features of document security. You can use Portable Protection Library to Protect or unprotect documents or Reader extend a PDF document. For other advanced features, use Document Security SDK.

Viewing protected documents

You can use Adobe Acrobat DC, Acrobat Reader, and Acrobat Reader Mobile to view protected PDF documents. Most users already have Acrobat Reader installed on their devices, so they do not need to obtain or learn additional software to view protected documents. Depending on the defined policies, users can view files in online or offline mode.

For Microsoft Office documents, you require Microsoft Office and AEM forms document security extension for Microsoft Office.

Document Security service graphic-05-05-05

AEM forms Document Security SDKs, Libraries, Viewers, and Indexers

Indexing protected documents

Microsoft Windows full-text search engines (Desktop Indexing Service and SharePoint Index server) can perform full-text search on commonly used document formats such as, plain-text files, Microsoft Office documents, and PDF documents. You can use document security indexers to enable full-text search engines to search protected PDF documents.

AEM Document Security provides the iFilter indexer and AEM forms document security Indexer to enable Microsoft SharePoint and AEM (Adobe Experience Manager) to search protected PDF documents.

Advantages of choosing AEM document security

Most document security solutions use an encrypted envelope or content management system to protect documents. In these solutions, once the document is accessed legitimately, the content can be shared easily.

AEM forms document security, on the other hand, encrypts the entire document, thereby completely protecting the contents. There is no separate encrypted envelope to protect the document. Hence, the document always remains protected. Only authorized users can open, view, and use the document. Moreover, the server-side policy control allows tracking and changing access rights of already distributed documents.

AEM forms document security also provides various tools to apply security policies. You can choose a tool as per your requirements and specifications.

Further reading

We’ve published several articles to help you get started with AEM forms document security: