FinalCode 5.0 Review



by Logan G. Harbaugh

Security and accessibility are two sides of a coin – you can’t have information that is completely and easily accessible and also fully secure. The best you can do is to strike a balance, and FinalCode 5.0 will help you achieve that balance. It won’t keep you from being hacked, or stop a hacker from intercepting your emails, but it will keep unauthorized users from accessing important files and authorized users from misusing files.

FinalCode works by encrypting sensitive files, and granting usage rights to designated recipients. With FinalCode, you can restrict file usage to view-only, or change but only save to the secured file, or print with a watermark, or allow the file to be shared with others (or a combination of these controls). Someone who isn’t authorized can’t see the information, so even if a file is inappropriately shared or stolen, it can’t be compromised. Best yet, the file can be set to delete on authorized access attempt or on-demand by the file owner. Super easy, yet it is full-featured.

FinalCode is not a file sharing program nor is it simply an encryption application. It handles rights management for both internal and external file collaborators, on PCs and mobile devices, so that files can be shared via any storage or transport means without the worry that sensitive data will be misused. It does require that an app (client) be installed on a device before secured data can be viewed or worked on, but the app is lightweight and had no issues in my testing.

There are two parts to the FinalCode product. First, the FinalCode server, which centrally administers users, keys and file rights management. This can be installed on a VM located in your data center, or used as SaaS (Software as a Service) that is managed by FinalCode. Next is the FinalCode client, which enforces file access and usage control on the recipient side at the OS and application level. The client is available for Windows (an apple OS X version will be out this year) as well as for iOS and Android mobile devices. The iOS and Android apps support PDFs.

Once the server component is up and running, the administrator can start configuring the system, adding integration to the corporate domain, directory and syslog services, as well as creating user roles, usage rights and templates. Next, administrators simply assign which internal users can apply security controls to documents and which users will only access secured documents. The installation for end users is really straightforward. The system uses a one time, two-stage authentication process with an authentication code that is emailed to the user’s email address entered during setup. The process effectively binds the user account and the device into the FinalCode system.

Once set up, files to be shared can be protected by FinalCode on a per file basis, by local folder or network folder, or triggered by an external program via FinalCode’s API (I did not test the API). FinalCode has a very modern and easy client interface – I doubt most users will even need to look at a manual. You just open up a file with FinalCode or open the application and drag a file to be secured by FinalCode. The user is offered the option to use system templates or apply custom security to a file. The user then is presented with a visual set of security attributes and respective settings. File security policies can be created (and modified) ad hoc or through personal or system templates. Once the user completes each set of security attributes for files – they can easily create multiple policies per file – the policies can be applied to the file or even saved as a template for subsequent use.

Permission templates are an extremely useful feature. A group of file security attributes can be created (for instance, recipients’ ability to only save in secured file, ability print, deny access after a chosen date) and those attributes can be applied to files or folders. I suggest creating a few default templates for internal and external users, but it is feasible to have dozens or hundreds if required. Templates can also be applied to external organizations – if you have an ongoing collaboration with an external group or set of users, you can create and manage these users and their rights, including adding or subtracting elements dynamically as needed.

System templates are managed and can be enforced by the administrator. Personal templates are set up by each FinalCode user. A domain is the company email domain. If a company has multiple email domains, each one can be added separately. External users, from other organizations or even those with personal emails like Gmail or Google, are treated as view-only users. Enrollment for users outside the company domain is automated as these users by default can only access secured documents. If you add a first-time recipient to a file security policy, when the setting is saved, that recipient can receive an email to inform them of how to obtain the FinalCode client. There is basic integration with Active Directory or LDAP for email configuration. Users and groups can be pulled from Active Directory or LDAP, using one-way synchronization to obtain objects from AD.

Users and administrators can easily manage external collaborators. The first attribute in a FinalCode file security policy is setting the recipients via their email address; which can be internal users, individuals and external domains, such as partnerX.com. User sets can also be pre-defined using templates. For example, if you are collaborating with a handful of internal users and multiple consultants who all happen to have personal email addresses, they can be put into the same policy template. Templates can accommodate multiple policies and each policy can have different sets of users and security attributes.

After you save the security polices to a file, the copy of the original file is encrypted by the client locally. The resulting file can only be unencrypted by the file owner and authorized users as defined in the policy. The security metadata, comprised of the unique encryption key, recipients and rights management associated with the FinalCode secured file, is then sent to the FinalCode server – not the file itself. As stated before, the user can store and share the secured file as needed. The interface for the recipient is practically non-existent, so there is no learning involved. As the recipient attempts to open a FinalCode file, the client on the recipient’s device would then communicate to the server to obtain authorization, the decryption key and the rights management instructions. The recipient only sees a pop-up screen informing of the rights associated with the file, and a message set up by the file owner – then the recipients work with the file right in the application as they would normally do. Any unwanted action, such as taking a screen shot, printing or copying data, is cleverly enforced by the client. Each time the file is opened, the usage rights are checked and updated – the system also allows for off-line secure file use.

In addition to controlling the usual things such as whether a user can open, save or print a file, there are some powerful options such as controlling the number of times a user can open a file, or the number of days they’ll have access. Printing control is not limited to allowing or denying printing – standard or custom watermarks can be specified, and can vary from printer to printer as well, so that a printer in the accounting office would be able to print without watermarks, while others would not. These settings can be changed at any time by the file owner or administrator, by locking the file temporarily or unlocking it. The recipient can even request additional file rights, and upon that request, the file owner has an efficient way to change the file security settings. What is really neat is that these shared files can be deleted from the recipient’s system by the file owner of the file or files can be automatically deleted if an unauthorized recipient tries to open a file.

The system is extremely flexible, You can not only secure files on a per file basis, but folders can be set up to auto-secure anything added to them – any new files copied to the folder will be automatically secured based on templates. Different folders can have different templates, and templates can also be created by the administrator for particular users or groups. While local folder security can be set by the user, administrators can lock in local folder security via Active Directory policy settings. Only administrators can manage an auto-secure network folder. In addition, folder security can be set up to protect files in directory, and place a copy of the original and secured files to other protected folders so that backups can be maintained and replication can occur on unencrypted data.

In my testing, there were no issues with the client installation on Win 7, Win 8, Win 8.1 or Win 10, nor on the iOS client. There were also no issues while using the supported applications on any of the platforms, including all of the Office 2013, 2010 and 2007 applications, various versions of Adobe Reader, OpenOfice 4.0, or other Microsoft apps such as Picture Viewer and Photo Gallery. AutoDesk and Dassault are also supported in an add-on CAD package not tested.

I didn’t attempt to break the encryption, which is 256-bit AES. 256-bit AES is a strong encryption standard, and while the NSA might be able to look at your files, it’s unlikely competitors or garden-variety hackers will be able to. Not only are files maintained locally but so are the keys, so that FinalCode does not have access to the key.

In addition to rights management, there are sophisticated logging and auditing capabilities in FinalCode to track file activity, such as security settings, users making security setting changes, secured files being opened, unsanctioned actions, file deletions, and even when the administrator changes a template or changes rights on a file. This activity is recorded in a log available to the file owner and administrator. FinalCode also supports Syslog, so events can be added to any logging package.

I found the online file security management as intuitive as the client. It is through FinalCode’s web console that you can track the file activity as described above. Through the web console, users and administrators can change permissions dynamically, and there are a number of interesting capabilities. For instance, permissions can be set so that a file is deleted if a user attempts an unauthorized action. If the file is set to view only, for instance, and the user attempts to save or print, the action will not only be blocked but also logged. A user who owns a file can dynamically issue a remote delete to specific files or users, or to everyone, and the file will be deleted the next time the file is opened and the client connects to the service. If a user is working remotely, the file will be deleted the next time the user’s system is connected to the Internet. Working remotely is one of the options that can be set on a file – if this is set to off, then the user will be unable to open a file unless connected to the FinalCode service.

I was unable to find any workarounds for the security measures – even screen captures do not work, as the app intercepts any OS or file application commands including both screen captures and cut and paste when a protected file is opened. Obviously, a photo of the screen could be taken, but that’s really the extent of what can be accomplished (a screen watermark is also in the works).

Licenses are by per domain user – viewer only external users don’t cost extra, so you can send protected data to clients or partners without having to pay additional charges.

Pricing is $27 per user per month for the enterprise edition (starting at 100 users) and includes advanced support, or $20 per user per month for the business edition (starting at 10 users), which provides standard support. Visit www.finalcode.com for full details.

In summary, I found FinalCode to be an excellent addition to the data security framework for most companies. It is fully capable of managing file access and usage rights for both internal and external users, with a small footprint for the client, and comprehensive management capabilities.

 

RATING
Ease of Use                 5
Manageability             5
Suitability to Task      5
Value                          4
Overall                        5

 

About the Reviewer

Logan G. Harbaugh is a longtime technology journalist with experience reviewing a wide range of IT products, and a consultant who has worked in IT for more than 25 years.

 

Reprinted with permission of WestWorldWide, LLC, publisher of Computer Technology Review. Copyright 2016. All rights reserved.

Leave a Reply

WWPI – Covering the best in IT since 1980