Frequently Asked Questions (FAQs)
InDorse as an overall solution provider
Q. What is InDorse’s primary business?
A. InDorse is a privately-held information security software firm headquartered in New York, NY. We deliver security solutions which support business collaboration by transparently embedding security capabilities within shared content. Our award-winning products complement data loss prevention (DLP) and digital rights management (DRM) by facilitating data loss discovery and intelligence. InDorse products enable enterprises to easily tag, watermark and track PDFs, Microsoft Office documents and images, monitoring file open activity anywhere on the Internet.
Q. Why do I need InDorse products?
A. Information security is a top concern of IT professionals across the board. However, most security solutions fail to provide 100% protection. Despite best efforts, enterprises continually experience security breaches including data loss, copyright infringement and unauthorized forwarding of confidential data. InDorse supports secure document sharing by detecting data loss and proving ownership without disrupting business processes—providing powerful forensics as well as a strong deterrent to unauthorized use of sensitive data.
Q. What is Call-Home?
A. Call-Home is an easy-to-use security product that supports confidential sharing of documents without disrupting business processes. Call-Home transparently tags confidential documents and then reports back whenever a file is opened. Call-Home does not alter the content of files, nor are users aware of the Call-Home tag when they access or read the file. Call-Home provides for documents, spreadsheets, presentations, and PDFs, what Google Analytics provides for Web sites.
Q. How does Call-Home work?
A. Call-Home leverages native file elements within documents to tag files in sub-second time. The process is transparent to the end-user; no additional software is required. Once files are tagged, the Call-Home Listener in the cloud can detect and report on file opens within the enterprise network or anywhere on the Internet. The Call-Home workflow is as follows:
- A document is submitted to the Enterprise Tagging Server for local processing.
- The Enterprise Tagging Server sends the filename, retrieves a unique ID (tag), embeds the tag in the file, records the tag’s details in the database (which is either local or in the cloud), resaves the tagged file locally.
- The Call-Home API records details in Call-Home Activity Database.
- The tagged document is opened somewhere on Internet.
- An “open” event is registered by the Call-Home Listener.
- The event is pushed to the Call-Home Activity Database. When a user checks for file usage information, the Web site pulls this information from the Call-Home Activity Database.
- Enterprise users can view Call-Home reports and/or pull raw file activity data from Call-Home API to a local reporting repository.
Q. Which file types does Call-Home track?
A. Call-Home can tag the following types of input files:
- Adobe .pdf
- Microsoft Office 2007 - 2010 file formats: docx, .xlsx, and .pptx
- Microsoft Office 97-2003 file formats: .doc, .xls, and .ppt
Q. What underlying technologies are used in Call-Home?
A. Call-Home leverages native elements within files to capture filenames and send file open events to the Call-Home Listener in the cloud. Call-Home executes on the Amazon Web Services cloud to support infinite scalability.
Q. Does Call-Home require software to be installed?
A. Because Call-Home leverages native elements to send file open events, implementation is easy and fast and no additional software is required on endpoints.
Q. If Call-Home does not require agent software on the client side, how is data transmitted to the central server, where one can create policies? How do you implement user authentication?
A. Call-Home transmits data by leveraging native elements within files to send file open events to the Call-Home Listener in the cloud. InDorse offers integration options which can be used to enable Call-Home tagging to be triggered by existing systems providing user authentication and/or access rights management. For example, InDorse offers plug-ins for SharePoint and Salesforce, and an add-in for Microsoft Exchange. Integration with data loss prevention (DLP) and document management systems can be facilitated via InDorse APIs.
Q. Can actions like copy paste, print screen, screen grabbing software etc., be disallowed/allowed as per policies?
A. Call-Home is designed to be transparent and does not restrict the ability of users to manipulate documents. However, using the InDorse Watermark, you can apply password protection, restrict printing, and restrict copying/extraction of PDF content as part of the InDorse Watermark tagging process.
Q. How are Call-Home reports generated?
A. When a document “calls home,” file open activity is visually displayed on the Call-Home Activity Map. InDorse also provides Call-Home File Open Activity Reports which display the location and time that the file was opened, providing insight into unauthorized forwarding of confidential data. Call-Home tracks the document's activity to a network address, physical location, and company name.* File usage data can also be exported into spreadsheets or other reporting systems. The Enterprise edition of Call-Home provides customizable reports.
*Under certain circumstances, PDF files which are Call-Home tagged may return the IP address of an Internet service provider rather than the specific network address, physical location and company name where the file was opened. Please contact InDorse for details about when these scenarios may occur, as well as our solutions for returning specific locations in these scenarios.
Q. How strong are the tags you use to protect and track documents?
A. If you request an output file in an editable file format, such as a Word doc, a highly-skilled technical recipient may be able to remove the tag, however, it is highly unlikely that most users would have the expertise to do so. If the tagged file is in a non-editable format, such as PDF, then the user must first have access to software for editing PDFs.
Q. If a user opens a tagged document on a computer that is offline, does this prevent Call-Home from tracking the file open?
A. Call-Home supports powerful file tracking capabilities without requiring additional software on the client and, as a result, does not currently track file opens when the user’s system is offline.
Q. Since Call-Home requires an Internet connection to report on file open activity, is the user prevented from opening the file offline if it has been Call-Home tagged?
A. InDorse places high importance on avoiding any disruption to the business workflow; therefore, the Call-Home tag will not prevent a document from opening whether it is online or offline.
Q. Does the recipient know that the file is being tracked?
A. Call-Home file tracking is transparent to the recipient.
Q. Does the recipient receive the file as a normal file attachment?
A. If the tagged document is send to the recipient via email, then the file will be received as a normal file attachment.
Q. Does Call-Home report the exact location where the file was opened?
A. Call-Home tracks the document's activity to a network address, physical location, and company name. However, under certain circumstances, PDF files which are Call-Home tagged may return the IP address of an Internet service provider rather than the specific network address, physical location and company name where the file was opened. Please contact InDorse for details about when these scenarios may occur, as well as our solutions for returning specific locations in these scenarios.
Q. Should I tag a file separately for each recipient? Or, should I send the same tagged file to multiple recipients?
A. The answer depends on what you would like to accomplish. Tagging files separately for each recipient enhances the file tracking details, providing document tracking per recipient. Sending the same tagged file to all recipients provides file tracking details on a per document basis. InDorse offers plug-ins and API integrations to automate and facilitate these processes based on business needs.
Q. Does Call-Home support mobile devices?
A. Call-Home gives you the ability to tag files from your mobile device (Android, iPhone and iPad) as well as view the Call Home Activity Map and details about tagged files from your mobile device. However, if a tagged file is opened on a mobile device, Call-Home currently does not detect the file open. InDorse is actively working on a solution for tracking files that are opened on mobile devices.
Q. Can you track files that are opened on a Mac?
A. InDorse is actively working on supporting the ability for Call-Home to track files that are opened on Macs and other Apple devices. We expect to introduce this capability in the first half of 2012.
Q. Can you track files that are opened in Foxit, Google Docs, OpenOffice, or LibraOffice?
A. If a tagged file is opened in Foxit, Google Docs, OpenOffice or LibraOffice, Call-Home currently does not detect the file open. InDorse is actively working on a solution for tracking files that are opened using these applications.
Q. Does Call-Home facilitate compliance with commercial and government regulations?
A. Call-Home strengthens the degree of control over the security environment to better support compliance efforts with numerous types of regulations. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires an Incident Response Plan which, among other things, incorporates alerts from file-integrity monitoring systems (section 12.9.5) which Call-Home provides by detecting data loss of supported file types. Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bailey and California SB 1386 also specify the need for investigations in response to security breaches. Call-Home File Open Activity Reports can provide powerful forensics in the event that an investigation is warranted.
Call-Home tagging and tracking does not expose any personally identifiable information contained with the file (such as Social Security number, birthdate, address, etc.). InDorse customers may create applications or workflows that choose to associate additional information with a document that has been Call-Home tagged, but that is completely in the control of the customer.
Q. What is InDorse Watermark?
A. InDorse Watermark embeds robust, invisible watermarks into documents and images for the purpose of proving ownership. The watermark is capable of surviving change-of-file format and screen captures, and it can be detected and on public Web sites and blogs by InDorse Web Crawler. Optionally, a visible watermark may be added to educate users about the copyrighted content to deter unauthorized use.
Q. How does InDorse Watermark work?
A. InDorse Watermark embeds a unique invisible ID into the pixels of documents and images. The input file is converted to a non-editable output file. The watermarking process can be implemented via plug-in applications for SharePoint and Exchange. Integration is also supported for data loss prevention (DLP) system as well as document management solutions. Watermarked files are then shared with third parties. If a confidential file is posted to a public Web site, the InDorse Web Crawler can be deployed to crawl the content of suspected Web sites (by URL list and/or keyword search). If a match is found, the watermark is read to prove ownership.
Q. Which file types are supported?
A. InDorse Watermark supports the following input formats:
- Microsoft Office (.doc, .docx, .ppt, .pptx)
- Adobe .pdf
- Images including .jpg, .jpeg, .png, .bmp, .gif, .xps
- DICOM medical images (.dcm)
All output files are in non-editable format. Supported output file types include .xps, .pdf, .jpg, .jpeg, .bmp, and.gif.
Q. What underlying technologies are used?
A. The InDorse Watermark is built upon watermarking algorithms provided by Digimarc® Corporation. InDorse has built a sophisticated application on top of the Digimarc libraries to process files and extend watermarking capabilities to documents as well as images.
Q. Does InDorse Watermark require software be installed?
A. InDorse Watermark is easy to implement because no additional software is required on the end-user system. InDorse supports a number of ways to integrate watermarking into a document workflow.
To integrate our solution into the enterprise, InDorse offers Web service, command-line and GUI interfaces to support automated document workflows that can be set up internally on an intranet, as well as cloud service interfaces. Off-the-shelf plug-ins are now in development for SharePoint and MS Exchange. InDorse has exposed a tagging application to an API that makes integration into a specific workflow simple.
Q. How are reports generated?
A. InDorse Web Crawler provides the reporting capabilities associated with the detection of the watermark. Customers instruct Web Crawler to search for the watermark on suspected blogs or Web sites by submitting scan jobs via URL or Keyword search. Web Crawler stores results of each scan job in the Web Crawler Activity Database in the cloud enabling users to easily view the Web Crawl results. Reports can be easily integrated into local reporting systems.
Q. Can the InDorse Watermark survive a screen capture?
A. The InDorse Watermark is designed to survive screen capture. If a high-quality image has been significantly tampered with, by extreme resizing or compression, it is possible that the watermark may not survive. However, in this scenario, it will be clear to the user that the image has been altered.
Q. Does the recipient know that the file is watermarked?
A. The InDorse Watermark is imperceptible to the human eye. You may optionally add a visible watermark to educate users about ownership to create a stronger deterrent against unauthorized use of watermarked content.
Q. Can the recipient still open a watermarked PDF in Adobe Reader?
A. Yes. In addition, text can optionally remain searchable in watermarked PDFs.
Q. Can the recipient remove the InDorse Watermark?
A. InDorse invisible watermarks are strongly encoded into the processed output files; they are also able to survive change-of-file format and screen capture. In order to destroy the invisible watermark, one must degrade the content to the point that it no longer resembles the original file.
Q. Does the watermarking process change the file size?
A. In most scenarios, the watermarking process will slightly change the file size, within a few kilobytes. InDorse Watermark can optionally rasterize all text to invisibly watermarked imagery when watermarking documents. This process further secures the document’s contents because the rasterized text cannot be separated from the invisible watermark. However, this process will also greatly increase the file size.
Plug-ins and Integrations
Q. What plug-ins does InDorse offer?
A. InDorse offers plug-ins for SharePoint and Salesforce, and an add-in for Microsoft Exchange. Integration with data loss prevention (DLP) and document management systems can be facilitated via InDorse APIs.