3 Ways Collabora Online Secures your Document Containers

Ensuring the utmost security of your documents and data is paramount. Collabora Online, a powerful document editing solution, goes above and beyond to fortify your security, providing you with a robust shield against potential threats. In this blog post, we’ll delve into some of the central security features that make Collabora Online the trusted choice for so many – including Seccomp BPF, Sparse File Systems, and Chroot. These are the pillars upon which our security stands. We’ll explore how these technologies work together to create a document environment that’s not only highly efficient but also exceptionally secure.

It is worth noting, in order to enact some these security measures, Collabora Online requires enhanced privileges to start with in order to limit access to the rest of a system. These are swiftly dropped after they are used to lock-down each document. This methodology may seem paradoxical at first, but we hope that in this post you will see why these widely-recognized industry-standard1,2 security layers, in fact bring about the greatest safety for your file storage and editing solutions.

 

Seccomp BPF

Seccomp BPF is a Linux kernel feature that enhances security by restricting the system calls a process can make3. This technology significantly reduces the total kernel attack surface, minimizing the risk of potential security breaches. It lets us shrink the access of Collabora Online document processes to system calls that have been problematic in the past4. All unexpected requests can then be instantly recognized as a malicious attack and cause immediate termination of the the relevant document process by the operating system.

One example threat that this eliminates would be an escaped application attaching a hand-crafted debugger (using the ptrace system call) to try and access data or disrupt other system operations. In this instance however, the use of ptrace or ‘kill’ system calls would be immediately recognized as illegitimate, not performed, the attempt logged, and the document immediately terminated.

As mentioned in the introduction, in order to provide this layer of protection, Collabora Online requires sysadmin capabilities, however these are rapidly dropped after startup, and provide one of the strongest security pillars. By enabling Seccomp BPF within Collabora Online containers, partners can rest assured that their document environment remains safeguarded from a whole set of malicious activities.

The Collabora Online ‘Security Onion’

Chroot

Chroot, short for “change root,” is a mechanism that runs a process and its children within a confined directory, isolating them from the rest of the system. Integrating Collabora Online with chroot ensures that the application and its dependencies are enclosed within a controlled environment, minimizing the potential for conflicts with other software, and again ensuring any security breaches are isolated by default, greatly reducing the possibility of any system-wide disruption.

What this means in Collabora Online is that every document user is only able to access the document data served to them in the first instance, and cannot acquire access to the rest of the system files, or use the file-system to communicate or disrupt other documents. Similar to the way fire doors are used to prevent the spread of a fire through a building, except in this case the door is fireproof, and there is no key.

Sparse File Systems

Collabora Online has been optimized in many ways to streamline resource utilization whilst bolstering security measures at the same time. One key security optimization is the sparse file system setup.

With a sparse file system setup, Collabora Online minimizes its footprint by exclusively installing the libraries and fonts essential for operation. Unlike other installations that may include unnecessary elements, this streamlined approach both saves on system resource usage, and as with Seccomp BPF above, further reduces the potential system attack surface area.

Examples of exclusions from the Collabora Online chroot would be shell tools, or unnecessary device nodes. By heavily restricting access to system device nodes Collabora Online operates with a very limited set of resources, making it very difficult for any attack to develop within the system. Following on in the fire safety analogy, this would be like removing flammable materials from a building to prevent fires starting or spreading.

In order to remove unnecessary and potentially dangerous functionality from the Collabora Online chroot, enhanced privileges are required. As mentioned above however, this privilege is dropped rapidly after entering the chroot. By only incorporating the resources that are absolutely necessary, Collabora Online further fortifies your system against potential security breaches.

Sharing memory

So why does Collabora need its own containment system? In short – for memory efficiency.

Technologies like Copy on Write (COW) and virtual memory sharing are essential components of Collabora Online’s resource-efficient yet highly-secure environment. When documents are opened in Collabora Online, COW enables multiple users to safely share large parts of the same memory space. This seriously cuts down on time and system resource usage, since other than the content unique to each document, the majority of each Collabora Online instance can be shared.

Given the above warnings about chroot and sparse file systems, this might seem like we are contradicting ourselves, but in this case the reality is that the shared components are only ever framework components, and due to the way COW functions, the new document ‘sharing’ another’s settings has no access to the actual sensitive file data, nor even the ability to modify the shared data from the original file. The key to COW’s speed and efficiency, is that only if/when the framework data is modified (written – as in Copy on Write), is an actual copy created, and new bytes written.

So why bother? Because COW is perhaps analogous to utility supplies, or other public services provided to houses or offices. Not using COW, and re-building the framework data for every document, would be like building new power stations, water treatment works, gas storage facilities, hospitals, schools, train stations, bus stations and road networks for every single house. This is of course not done, and you don’t hear of businesses complaining about the security implications of sharing a water supply with the neighbours.

In the same way, virtual memory allows the majority of memory used to be efficiently shared between containers. The Linux operating system provides strict isolation mechanisms to prevent any write access to another user’s code or document data.

This strikes a well-optimized balance between resource usage and robust security, bringing down the un-shared data cost for each document from perhaps 300Mb to 25Mb. In this way, collaborative working in Collabora Online can remain efficient, all the while safeguarding the privacy and integrity of each user’s data.

Additional security practices

Document editors are substantial applications, and Collabora invests heavily in hardening the LibreOfficeKit core, which forms the foundation of Collabora Online, and comprises over 8 million lines of code. In addition to the security pillars outlined already, further rigorous measures are in place to uncover any issues. These include crash testing, use of COVERITY5, and aggressive fuzzing in partnership with Google’s OSS-FUZZ6.

Crash testing involves subjecting the software to various stress tests and scenarios to uncover vulnerabilities that could lead to crashes or security breaches. COVERITY, a sophisticated code analysis tool, is deployed to scrutinize the code base for potential flaws or vulnerabilities. Complementing these measures is aggressive fuzz testing, where the software is bombarded with a wide range of unexpected inputs to discover and rectify any weak points.

The size of the core code remains the top attack vector, and we work hard to ensure that no code can break out and execute inside the context of the document. This however is why the above protective layers are key to ensuring the highest levels of security for your document editing solution.

Is it just us?

System administrators are rightly cautious when alerted to requests for enhanced permissions, but the reality is that this remains one of the best ways to lock down an application. Google Chrome in Linux for example is also a set-uid program. Other server-side software like Jitsi or Postfix also doesn’t drop all capabilities for similar reasons. Other app containment and sandboxing systems such as Flatpak employ the same strategy of running with elevated privileges to employ specific security measures like Seccomp BPF and utilize sparse file systems. This approach, which ultimately limits the program’s reach and ensures that potential vulnerabilities don’t lead to widespread damage, is a widely recognized and accepted industry practice.

Conclusion

Collabora Online is architected from the ground up to safeguard your documents and data while providing a feature-rich and efficient document editing environment. Operating with enhanced permissions, Collabora Online will ensure you have the best security measures available at your disposal, making sure your digital workspace remains safely locked down.

If you give Collabora Online the permissions it needs to do the job well – you will be much safer.


Keep your data secure with Collabora Online.

Try the Online Demo

Collabora Online – Safe, Powerful, Flexible.


3https://www.kernel.org/doc/html/v4.16/userspace-api/seccomp_filter.html

A large number of system calls are exposed to every userland process with many of them going unused for the entire lifetime of the process. As system calls change and mature, bugs are found and eradicated. A certain subset of userland applications benefit by having a reduced set of available system calls. The resulting set reduces the total kernel surface exposed to the application. System call filtering is meant for use with those applications.

4 Reasons To Take OWASP Regulations Seriously

Developers must never rely on client-side access control checks.1

With this simple statement, OWASP are putting a very big question mark over the head of any document editor that performs access controls in browser. So what is the big deal, and are client-side access controls really that bad? In this quick post, we’ll find out.

Distributing Data

What happens when a government employee views your tax records, the bank assesses your mortgage application, or your lawyers share documents regarding your case with each other? Depending on the application they are using, it turns out the first operation may well be for the server to make copies of the document for every editor or viewer, before sending the copies to each user’s device. In case it isn’t immediately obvious, this distributive flavour of document editing is extremely concerning for a number of reasons.

1. Lack of Server-Side Enforcement

As mentioned above, one of the core principles of OWASP regulations is enforcing security measures at the server-side. However, when full documents files are sent to the browser for editing, the server loses control over the data. This immediately undermines any ability to enforce security policy.

2. Vulnerabilities

If data files are sent with code to execute policy in the browser, then a malicious script, acting as a “browser” can simply download the document data and discard the policy logic. This exposes the data to potential cyber-attacks and data breaches. OWASP regulation 4.1.1 states this very simply as, “Verify that the application enforces access control rules on a trusted service layer, especially if client-side access control is present and could be bypassed”2, since “client-side logic is often easy to bypass”3. Whilst organisations rightly have training about whether secure USB sticks should or shouldn’t be used with company laptops, nobody is talking about the 3rd party access freely given by company servers to anything pretending to be a browser.

3. Duplicates

When dealing with sensitive (or arguably any) data, the last thing we should think about doing is photocopying it. TOP SECRET – EYES ONLY is a phrase we are familiar with from the world of spies and espionage, yet so often overlooked in the online world. We naively assume that this couldn’t be an issue with our document editor, yet with many services this is precisely what happens when we start a viewing session. Regulation 4.1.5 states developers should “Verify that access controls fail securely including when an exception occurs.” It’s impossible to imagine how any developer can possibly verify such a fail-safe system however when the one of the primary functions of a data centre is duplicating files before distribution to any user.

4. Data Sovereignty and Compliance

Many industries are bound by strict compliance requirements and regulations. Whilst the question of where large data centres are based is beginning to be understood and grappled with, many are overlooking the question of data stored in the cache of users’ browser. Call it what you want, but if this is the way your document editor functions, you are operating a series of international data centres. With just a few clicks and the magic password ‘F12’, the browser will show the cached documents straight away.

Conclusion:

Governments or organisations that handle financial records, medical information, intellectual property, or indeed any other data, need to carefully assess whether their document editor is operating in a manner consistent with their own regulations and OWASP guidelines. The implications of sending full copies of documents to every browser are many, and extremely questionable. Genuine server-side policy enforcement is the only way to maintain real security. Collabora Online sends a pixel based view of a document to the end user, whilst the full document data remains safely under your control.

 

Keep your data secure with Collabora Online.

Try the Online Demo

Collabora Online – Safe, Powerful, Flexible.

 

 


1 https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html

2 https://raw.githubusercontent.com/OWASP/ASVS/v4.0.3/4.0/OWASP%20Application%20Security%20Verification%20Standard%204.0.3-en.pdf

V4.1 General Access Control Design
4.1.1 Verify that the application enforces access control rules on a trusted service layer, especially if client-side access control is present and could be bypassed.
4.1.2 Verify that all user and data attributes and policy information used by access controls cannot be manipulated by end users unless specifically authorized.
4.1.3 Verify that the principle of least privilege exists – users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege. (C7)
4.1.4 [DELETED, DUPLICATE OF 4.1.3]
4.1.5 Verify that access controls fail securely including when an exception occurs.

3 https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html

How Collabora Online Makes GDPR Compliance Easy

Is your online office suite state of the art?

What is the General Data Protection Regulation, or GDPR for short?

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.

Well that sounds scary, but what does GDPR really mean for businesses and how they collect and store data? In this quick guide, we will explain what you need to know about GDPR with a focus on how it relates to services such as Office365, Google Docs and Collabora Online.

Under GDPR, if a data ‘controller’ (an organisation that collects any personal data) wants to share personal data with a third-party ‘processor’ (an organization that processes this data, for example Microsoft or Google), they must ensure that the third-party processor provides sufficient guarantees that they will implement appropriate technical and organizational measures to protect the personal data. Even without sharing with third parties, the controller must also show that when “taking into account state of the art” technology, they are incorporating data protection “by design and by default”.

And if all this seems very abstract, it might be worth considering according to German legal firm CMS, there have been over 1,600 fines issued in the last five years, with the average fine a little over €2,400,000. These range from headline grabbing figures for Meta and Amazon, to hundreds and thousands of euros for small and medium businesses, hospitals, government administrations and other companies dotted around the world with European users. After removing the 45 individual fines over 1 million euros for this period, we calculate the average fine comes out at more than €300,000. Got your attention yet?

So what is “state of the art”, and “data protection by design and by default”. At Collabora, we believe the highest level of protection means having the strongest access control requirements, and for this, no-one else does or can do better.

Where is your data?

As technology and the internet has developed, file sharing and collaborative working have become vital for anyone trying to run an efficient business, or even just set a monthly budget or write a letter. We send files in email attachments, in messaging apps, through different file sharing websites, or on a USB stick. We know that there are bad actors ‘out there’, but as long as nothing happens to us, we try not to think about it too much.

 

The internet is a scary place if you’re on your own

But clearly this is not “state of the art”. The internet is a scary place, and if your data is out in the open like this, anyone could access it.

End to end encryption

Most businesses and applications however recognise the issue here, and the current received wisdom is that ‘end-to-end encryption’ will save the day. To offer you a quick refresher – the general idea with end-to-end encryption is that in order to prevent someone reading a letter who shouldn’t have access, the sender puts a padlock on their letter before putting it in the post, which is then unlocked upon arrival by the recipient. Postman Pat and the rest of the delivery company have no idea what was in the letter, everybody is happy. Sounds good right?

Yet there is an obvious issue staring us in the face with this methodology – it is only end-to-end. A well-intentioned attempt to keep corrupt postmen or system administrators away from your letters or stored data perhaps, but in terms of keeping your data safe in the wider scheme of things, utterly useless! As anyone who’s ever misplaced a letter, had someone read over their shoulder, or indeed had their house broken into can attest to. Where either end might be, who or what is going on there is literally anyone’s guess. End to end encryption also means – you can kiss goodbye to any guarantees of having a malware free server, you certainly can’t scan for viruses anymore or respond fully to a lawful freedom of information request. Nevermind the security implications of what happens when you or one of your staff leaves an ‘end’ with confidential data on it in a bar or taxi or train by mistake. The British government alone reported a total of “96 laptops, tablets, smartphones and other devices lost by or stolen from parliamentary staffers between January 2019 and December 2020, with one device disappearing within Downing Street itself”.

End-to-end encryption, then what?

As far as mitigating this issue goes, companies are left up the creek and without a paddle by this approach. Company laptops are issued that must themselves be encrypted to hopefully secure that end if it is ever lost, and personal laptops are banned, or further lengthy BYOD policies enacted with spurious levels of enforcement.

In the same way that welding your front door shut but leaving the window open is hardly safe, it’d be difficult to honestly argue that this is “data protection by design and by default”. In fact this lack of clarity over what happens at the server ‘end’ is precisely why the German and French governments are taking action to ban some public services from using Office 365 or Google Workspace.

Look, but don’t touch!

So must we accept our valuable data can never be truly safe? We don’t think so! The British Crown Jewels are estimated to be worth upwards of £3 billion. They have lived in the Tower of London since 1661, guarded by the British Army, rarely leaving the premises, yet they have been open to public viewing for most of this time. Within the castle grounds they are viewed by 2-3 million visitors every year, and the only attempted theft ended in failure in 1671. Perhaps our modern collaborative working arrangements could learn something from this open, but secure setup. Is there a way to enable users to view documents, without them leaving the safety of the castle? To look, but not touch?

Well, it turns out there is! While it may well be impractical to start your own international parcel delivery company, it turns out there’s very little stopping a company, individual or organisation from hosting their data within their own premises (be it office or castle!), or with a trusted Collabora partner, essentially running the data-delivery company yourself, and crucially with Collabora Online, sending only images of the viewed parts of the document (not the complete file) to the end users, giving as much or as little editing access as they see fit. Operating more like a hyper-efficient remote desktop than a browser-based editor, user activity is processed by the server in real time, meaning the actual file data never leaves the safety of the server, so no amount of malicious malware, technical tomfoolery or pernicious postmen can extract it from a browser or device. Lost your company laptop? Who cares?! There is no company data on it anyway, and before any bad actors even start looking up your mother’s maiden name, your childhood best friend and what street you grew up on, with a click of a mouse, you can make sure your castle server never communicates with it ever again. Remote wipe if you feel like it, but there’s really nothing on the device!

Collaborative data protection by design and by default

You should use the state of the art solution

If that’s not data protection by design and by default, using state of the art technology, then we don’t know what is. It also remains very unclear how any other software provider intends to honestly address the pressing issue of data security or GDPR compliance, as evidenced by weekly reports of leaks and fines. Don’t sweep the problem under someone else’s rug, be state of the art with Collabora Online and take control of your data.

 

How To Keep Your Business Data Secure

Free Codes on Tilt Shift Lens Stock Photo

Long gone are the days when all you needed was a good safe and perhaps some security personnel to keep your business data secure. With the advent of modern computing and online file sharing, the Pandora’s box of data security has been flung open, and the lid appears to be hanging from the hinges.

A quick search will reveal news stories of banks, credit agencies, hotels, hospitals, supermarkets, Dropbox, Google, Microsoft, and most recently the US Department of Defence suffering significant data breaches. Embarrassing at best, often resulting in further financial crime and fraud, and in the last case, potentially life threatening.

So where does that leave the rest of us? Is there any hope of getting the leaking data-security curse back into the box? Let’s go through three key principles needed to keep your data safe and secure.

Host it Locally

Free Code Projected Over Woman Stock Photo

As the adage goes, if you want a job done well, do it yourself, and one way to enhance data security is to host your data on-premise, or with a trusted local hoster. This means that instead of using nebulous cloud-based services with vague guarantees and/or jurisdictional boundaries, you can store your data on servers that are physically located within your own business premises, or with a provider who can give straightforward answers to your security questions. This is preferable for a number of reasons, including:

i. Increased control and flexibility:

When you host your data on-premise or in your locality, you have more control over your data. You don’t have to rely on a third party to manage your data for you. This means you can choose your own hardware and software, and configure your system to meet your specific needs. Alternatively in cooperation with a trusted provider you can find a hybrid cloud solution, leveraging their expertise to find the perfect solution for you. For a small business, this could be a very simple setup without compromising on security, then scaling with size, the system and security measures can be adapted accordingly to ensure that your data is always protected.

ii. A more secure environment:

Hosting data on-premise creates the most compliant environment for your data. With most cloud providers, it is very unclear who might have access to you data, an issue which has led the French and German governments to ban the use of Office365 and Google Workspace in schools due to a lack of clarity over which jurisdiction the student data will ever be in. But if you have physical control over your servers, you can implement security measures that are difficult, or impossible, to achieve with cloud-based services, doing away with regulatory, or even legal issues that may arise from a nebulous cloud. For those with the most stringent of security requirements, private networks can even be configured to detect newly connected unauthorised devices, immediately alerting you, or even setting off physical alarm bells if you should so choose (we all like a bit of drama!).

Go Open Source

Free Open Neon Signage Turned on Stock Photo

As mentioned above, the problem the French and German governments had with Google and Microsoft was a lack of clarity about how and where data is being processed, and to what extent it is accessible to other parties (foreign governments, the service provider themselves, etc). This problem is inherent in any closed-source proprietary software.

With an open-sourced product hosted locally however, there can be no secret back doors, super users, master keys, or hidden access to developers or governments. You can have both global collaboration and indigenous software under your regulatory control. Don’t take our word for it – have a look yourself! Furthermore, open-source software tends to be less expensive than proprietary software, and often of better quality. This is because the source code can be freely reviewed and improved by any developer, bringing together a body of knowledge and ideas far greater than any one private company could ever assemble. Similarly, bugs and security vulnerabilities are likely to be discovered and fixed more quickly than with proprietary software.

One further advantage of open-source software is that it brings greater flexibility and control, whereby any user may modify the software to meet their specific needs, or customise it to integrate with other software and systems they may be using, which brings us to our last point.

Secure View

No matter how much security you may have, a chain is no stronger than it’s weakest link, which in many cases may not be electronic, but your employees or clients. All businesses want to be able to easily share documents both internally amongst fellow staff members and externally with partners and other valued third-parties. Crucially, though, they don’t want to lose control of these documents, as was the case with the most recent Pentagon leak, where an employee was able to simply print entire documents, and upload copies to the internet anonymously.

Free A Man and a Woman Working Together Stock PhotoCollabora Secure View was developed at the request of a leading car manufacturer to solve this problem. Rather than sending full document files to an end-user, it sends pre-rendered pixels to their screen. Downloading, copying and printing can be fully disabled, with policy enforced server-side, and no amount of trickery can extract your original documents against your policy. The document can even be further watermarked with the user’s login information ensuring that they are unable to share a screenshot without identifying themselves.

In this way, companies are able to share confidential pre-release information widely without fear of leaks, receiving valuable feedback from internal staff and users, whilst still keeping everything under wraps before the big release, or in more serious cases guarding against corporate espionage.

This is only a quick overview, but unlike the Greek myth where Pandora was unable to return the curses unleashed on the world, we’re confidant that the data-security box can be safely and securely closed. If you’d like to find out more about how Collabora Online can help you keep your data your own, get in touch at hello@collaboraoffice.com.

Collabora Secure View – The Secure Way to Share Data and Support Productivity

The ability to easily share data is at the very heart of personal and corporate productivity – it’s what helps develop competitive advantage and success, but, arguably, it’s never been more of a challenge. In a modern distributed work environment, outside of the traditional office setting, it’s vital to closely control the data you share, including where it resides, who can access it and what they can do with it. Collabora Secure View has a unique way to enable you to do this.

How to Share Without Sharing

At a very high level, all businesses want to be able to easily share documents, be they presentations, spreadsheets, new designs, etc., both internally amongst fellow staff members and externally with partners and other valued third-parties. Crucially, though, they don’t want to lose control of these documents, which often contain valuable, mission-critical data. This is a common business challenge that Collabora Secure View solves: stopping your secrets leaking!

Rapid Product Feedback & Iteration

Ironically, Collabora Secure View came about as a direct response to a critical business security challenge identified by a leading car manufacturer that approached our partner ownCloud for a solution. This is a real-life example of the value of customer /sales feedback, which, in this case, identified a business-productivity issue – exactly what Collabora Secure View is intended to enable – secure sharing of data that enables reliable and productive collaboration.

Ways Not To Do It?

There are two popular ways to do this wrong.

1. Unreliable, in-browser redaction

Those who adopt this approach use a front end that loads in a browser. They then transmit all of a document’s contents to the browser, often simply by converting it to html, where it is displayed. The main problem here is that in doing this they give the whole content of the document to anyone viewing it, which they can save, modify or pass on – it’s simply not secure!

Often a watermark layer is included on top of the document, but this can be reasonably easy to remove with a little knowledge of how to delete a few html nodes, revealing any restricted or hidden data. This is similar to the horrifying redaction mistakes we’ve seen in the past – and is insecure by design.

2. Hand all your keys to Microsoft

An alternative approach is to use Microsoft’s Digital Rights Management solution, which uses end-to-end encryption. This way of doing it is very secure, but comes with some important business trade-offs!

Firstly, you need to hand over all your document keys to Microsoft; you typically upload your keys onto Microsoft’s Azure Cloud – which provides a central point of failure. Secondly before a device can be given a document key – it is critical to this model to ensure that the end-point is secure and will correctly apply policies such as: “you cannot print this document.” Unfortunately this means that your entire client software stack has to be cryptographically signed from when the PC starts, through to Windows, and all the client software on top – with revocation and other complexity alongside. As a result, you loose control not only of your document keys, but also your entire client software stack, which is then controlled by a single vendor. On top of this, you also need a centralised Cloud infrastructure to share your keys – which seems to be close to the ultimate vendor lock-in.

This approach brings many potential problems, a remote server outage outside your control can loose you access to your most critical documents. Similarly if this is done right, a revocation event can force an immediate upgrade of your client software from the operating system through to the Office suite to regain access to your documents.

When done correctly, this “surrender your keys” scheme can provide the required security benefits, but at some significant expense in flexibility – particularly that you need to share data only with client devices that are fully signed by Microsoft: cutting out Mac, Android, iOS, Linux, etc.

Collabora’s Unique Solution

Secure View, which was developed in partnership with Dell and ownCloud, enables you to securely share all of your valuable data to any un-trusted client via the browser. How can this possibly work?

This high-degree of data security is achieved because your documents never leave your site, staying safe behind whatever security measures you choose, such as firewalls, VPNs and reverse proxys. Collabora Online sends pixels of a document, which can be shown to users on screen, the document itself remains safely in your server room. Only the sections visible on the screen are sent, and even then it’s only the rendered pixels, never the original document. This guarantees that no amount of trickery can extract your documents against your policy. Should the worst happen and a document view ends up where it shouldn’t, there is no way for the unintended recipient to extract the document.

Obviously, for ultimate security we wouldn’t even share the pixels with the client – but this tends to make the document a little hard to read. Having said that – it’s important to avoid even screenshots of the latest product plans being shared so we secure the pixels by including watermarks often with the viewers’ name in them on the server side. This ensures that accountability is obvious to the viewer and stops them getting over-excited about sharing the wonderful new product features, etc. prematurely.

Watermarked Image Using Collabora Secure View

Partners can apply arbitrarily powerful policy rules on top of our granular per-user access controls, customising watermarks and permissions, including the ability to edit, print, share or download. In addition server-side logging can trace who accessed what and when.

Robust Federated Sharing

Each server provides security by keeping the documents on your site – but how can we capture the benefit of a centralised solution when to comes to sharing? Many of our partners, such as Nextcloud and ownCloud, have already solved this problem with an ad-hoc standard. Their interoperable federated sharing allows you to mount file shares from friendly remote servers, in effect creating a custom Cloud of partner Clouds. This means that you can easily create direct share links with other users across your partner and even subsidiary ecosystem as well as to external third parties.

A Real Alternative That Gives You Control

Collabora Secure View provides easy-to-use secure data management functionality that allows you to control who can access a document, what they can see and what they can do with it. Importantly, this is done using your own infrastructure so you can protect digital sovereignty.

“Collabora Online is built with security in mind. We implement a robust, layered approach that helps give our customers the confidence in our products and the peace of mind they demand,” said Michael Meeks, General Manager, Collabora Productivity. “We love to work closely with partners to enrich our products with great new security features that meet their customers needs – it’s what we do.”

Secure View represents a practical and straightforward way of sharing important data that protects data sovereignty, security and integrity.