Distribute Xcelsius Dashboards Securely

By Takin Babaei

Corporate dashboards and planning models contain sensitive information, but surprisingly, in many firms they are openly available over the network server. Have you ever wondered if you can configure your dashboard so only certain people will be able to view it? With Xcelsius, you can integrate your “live” interactive dashboards into Adobe PDF documents with one click, and distribute your company’s business intelligence to colleagues securely and reliably, using Adobe’s digital rights management (DRM). DRM gives you “remote control” of your digital content.

Document protection goes beyond simply the secure delivery of digital content. It also includes restrictions on the use of the content after it has been delivered. In other words, DRM means “persistent protection”, that is, protection that stays with the content during and after delivery. For example, a corporate dashboard can be delivered over the internet using advanced cryptographic techniques. But if the recipient can save the dashboard in an unrestricted form, then the recipient has full control over the content and can redistribute to whomever he wants.

By now, many of you know that Xcelsius gives you the ability to export fully operational Xcelsius models as Adobe Acrobat PDF documents. The only step involved is just clicking the PDF button in the upper toolbar. However what some of you may be wondering is how you can distribute your corporate dashboards securely. In this article I will discuss how you can create single-page PDF memos that include a fully operational Xcelsius model, and then enhance its security using Adobe Acrobat.

1. Creating a Single-Page PDF Document with Xcelsius

For this step, you will need Acrobat Reader 7 or above installed on your computer. (Download FREE from Adobe)

In the Xcelsius work area, go to File > Properties, and set the size of your canvas to:

• Width: 780
• Height: 900

Basically, what you have done is to create a WYSIWYG PDF template, meaning what you see on your canvas is exactly what will appear in the PDF document. This differs from the regular sized canvas, on which whatever you see will appear smaller in the PDF document.

Go ahead and create your dashboard. For our example, we are going to use the Portability Analysis dashboard. The source file (xlf) is available in the Showcase on the Xcelsius website.

Once you have created your dashboard, while still in the Xcelsius work area you can use other Xcelsius components such as labels, image components, backgrounds, etc. to create your Memo.

After you have completed your document in the Xcelsius work area, export it to PDF by clicking the PDF icon in the upper toolbar.

2. Securing Your PDF Document with Adobe Acrobat

 For this step, you will need Adobe Acrobat installed on your computer. (Download a trial from Adobe).

There are many security features available in Adobe Acrobat, but before you decided which features to use you should outline your document's purpose and intended audience as follows:

• Who is the document's intended audience
• Where are you sending, posting or filing it?
• What kind of information is contained in the PDF?
• How will your intended audience use the document?

Depending on your answers to the questions above, you can implement some or all of these security measures which are available in Adobe Acrobat:

• Protecting a document from being opened
• Preventing alteration of a PDF document
• Preventing extraction of content
• Restricting printing and limiting print quality
• Certifying a document’s content
• Digitally signing a document
• Setting permissions for media content

Our example contains sensitive financial information and the intended audience is internal to the company, so it should be protected from unauthorized changes and access by unauthorized employees. The following techniques can be used to enhance the security of a PDF document:

• Password security : Add passwords and set security options to restrict opening, editing, and printing PDF documents.
• Certification security: Encrypt a document so that only a specified set of users have access to it.
• Adobe Policy Server: Apply server-based security policies to PDF documents. Server-based security policies are especially useful if you want others to have access to the PDF documents only for a limited time.
• Document certification: When an author’s digital signature is added, editing changes are restricted and detected.

The most prominent technique used is Password Security, and most likely you can get what you need using this method. For our example document, the Password Security technique will be sufficient. In Adobe Acrobat, the steps involved are as follows:

Go to: Document > Security > Secure This Document

Create a New Security Policy and select “Use Passwords”

Click “Next”. Move on to Document Restriction, and set the security as follows

• Compatibility: From the drop-down list, set the type of encryption for opening a password-protected document. The “Acrobat 3.0 and Later” option uses a low encryption level (40-bit RC4), while the other options use a high encryption level (128-bit RC4). The “Acrobat 6.0 And Later” option lets you enable metadata for searching. “Acrobat 7.0 And Later” lets you enable metadata for searching and encrypt only file attachments. Be aware that anyone using an earlier version of Acrobat cannot open a PDF document with a higher compatibility setting. For example, if you select “Acrobat 7.0 and Later” compatibility for a document's security setting, the document cannot be opened in Acrobat version 6.0 or earlier.

• Encrypt All Document Contents: Select this option to encrypt the document and the document metadata. If this option is selected, search engines cannot access the document metadata.

• Require A Password To Open The Document: Select this option and type a password in the Document Open Password box to prevent users from opening the document unless they type the password you specify. This option is unavailable if the Encrypt Only File Attachments option is selected.

• Permissions Password: Select the “Use Permissions Password To Restrict Editing Of Security Settings” option, and specify a Permissions password to restrict users from printing and editing. Users cannot change these security settings unless they type the Permissions password that you specify. Note: You cannot use the same password used for the Document Open password.

• Printing Allowed: Specify the quality of printing for the PDF document:

• None prevents users from printing the document.
• Low Resolution: lets users print the document at no higher than 150-dpi resolution. Printing may be slower because each page is printed as a bitmap image. This option is available only if the Compatibility option is set to Acrobat 5.0 and Later or a later Acrobat version.
• High Resolution: lets users print at any resolution, directing high-quality vector output to PostScript and other printers that support advanced high-quality printing features.

• Changes Allowed: Define which editing actions are allowed in the PDF document:

• None: prevents the user from making any changes to the document that are listed in the Changes Allowed menu, such as filling in form fields and adding comments.
• Inserting, Deleting, And Rotating Pages: lets users insert, delete, and rotate pages, as well as create bookmarks and thumbnail pages. This option is available only if a high encryption level is selected.
• Fill-in Form Fields and Signing lets users fill in forms and add digital signatures, as well as allowing the actions in the previous option. This option doesn't allow users to add comments or create form fields. This option is available only if the Compatibility option is set to Acrobat 5.0 And Later or a later Acrobat version.
• Commenting, Filling in Form Fields, and Signing : lets users fill in forms and add digital signatures and comments.
• Any Except Extracting Pages: lets users change the document using any method listed in the Changes Allowed menu.

• Enable Copying Of Text, Images, And Other Content: lets users select and copy the contents of the PDF document. It also lets utilities that need access to the contents of a PDF file, such as Acrobat Catalog, get to those contents. This option is available only if the Compatibility option is set to Acrobat 5.0 And Later or a later Acrobat version.

• Enable Text Access For Screen Reader Devices For The Visually Impaired: lets visually impaired users read the document with screen readers. This option doesn't allow users to copy or extract the document's contents. This option is available only if the Compatibility option is set to Acrobat 5.0 And Later or a later Acrobat version.

Now you have created a security policy that could be applied to any of your PDF documents. To set passwords for your PDF document with security policy you just created:

Go to Document > Security > Secure This Document and select the security policy and double click on it and set the passwords.

Closing Thoughts

With the combination of Xcelsius one-click integration of live dashboards into Adobe PDF documents and the current Adobe DRM technology, it is almost impossible for an attacker to break the “persistent protection” applied to your business information. Though it isn’t necessary to secure every dashboard you create, you should always consider how your information will be distributed, its intended audience, and its content before making it available.