Understanding File Security

Introduction

File Security Configuration in Communication Cloud Service provides a flexible and configurable framework for securing file attachments, such as PDFs, sent through Communication Email, or concatenated PDF produced using Communication Queue. It includes mechanisms, such as PDF accessibility controls, password protection and encryption to prevent unauthorized access to sensitive information. By enabling password protection on PDF documents, File Security ensures that confidential information is only accessible to intended recipients. You can define various encryption types and permission parameters, thereby enhancing risk management and improving overall security. Static passwords are securely managed through a centralized secure store, minimizing the risk of unauthorized disclosure.

For example, using File Security configuration, you can send payslips as password protected PDFs to employees through Communication Email, ensuring that each employee’s sensitive payroll information remains confidential and secure. If documents need to be processed in Communication Queue, File Security applies the configured encryption and password protection to the generated PDFs before they are queued for further actions, such as bulk printing.

Functionalities

The functionalities provided by File Security configuration include:
  • Customizable Security Parameters: Allows you to define detailed security configurations, encryption settings, and user-defined parameters, to tailor protection based on your requirements.
  • Optimized Protection and Access Control: Streamlines document security by enabling strategic organization of access logic, permission settings, and encryption methods, ensuring that only authorized users can access sensitive assets efficiently.
  • Improved Risk Management: Reduces manual oversight by applying standardized security controls and automating protection, minimizing potential vulnerabilities, and maximizing compliance.
Example

Your organization wants to distribute a document in PDF format and ensure it is secured with end-to-end encryption.

Let us see how Communication Cloud Service's File Security configuration can help you achieve this scenario:

You need to perform the following configurations:

  1. File Security: Create a File Security configuration that defines the encryption type, password, and parameters for PDF permission.
  2. Communication Email: If you want to distribute the PDF through email, then create a Communication Email configuration, associating the PDF that you want to make password protected. While creating the Communication Email configuration, associate the appropriate File Security configuration.
  3. Communication Queue: If you want to upload the PDF to an SFTP server for bulk printing, then create a Communication Queue configuration associating the File Security. Communication Queue will use this File Security configuration to apply defined file security configurations to the generated PDF before uploading it to the SFTP server.
Execution Flow
When a request is received from your organization, the Communication initiates the process.

  • Communication Email: If the request is to create and distribute the password protected PDF through Email, then Communication configuration initiates the process of email creation through Communication Email. While creating the email, if you want to configure a password protected PDF to distribute through email, then you need to configure File Security. In File Security, you would configure the password and access parameters for the PDF. Associate this File Security configuration under Communication Email where you have added the PDF while creating the email. Therefore, the Communication calls Communication Email Distribution to start the process of email distribution.

  • Communication Queue: If the request is to upload a password protected PDF to an SFTP server for bulk printing, then Communication calls Communication Distribution Queue which will further calls Communication Queue. Communication Queue will use this File Security configuration to apply password protection to the generated PDF before uploading it to the SFTP server. You can associate the File Security configuration here to make the PDF password protected.

Configuration Movement

Configuring a File Security follows the configuration movement process; that is, if you configure a File Security in one tenancy (non-production), you can move the configuration to different tenancies (pre-production and production) sequentially. However, the Vault Properties setup is tenant-specific and will not be included in the configuration movement process.

For more information see, Understanding Configuration Movement topic.