Documents are at the center of many organizational processes. They make processes traceable and people accountable. However, documents are by default not protected from manipulation – anyone with access to a document can modify it and it will be hard to reconstruct the original document. Indeed, document fraud is often performed in such a trivial manner.
To prevent that, we have released blockchain-based protection against document manipulation, which is based on our award-winning SentinelTrails blockchain product.
Why is document integrity important to organisations?
While there are document management systems out there that keep track of each version of each document, many organizations rely simply on shared folders for keeping track of their documents, as this is the most straightforward approach. And documents themselves are usually office text documents that don’t have in-built versioning, let alone tamper resistance. That way manipulating documents becomes extremely easy even for not so technically sophisticated users. Realizing the technical solutions taken by many companies don’t give enough safeguards as well as the vast risk that document fraud poses, we extended our SentinelTrails product to provide functionality to keep documents safe. Our agent software can monitor the shared folder and track every change in the documents stored there. Changes are then pushed to our blockchain service, which allows tracking the modifications of all documents monitored this way.
How can Blockchain protect documents?
Document integrity
Blockchain-based document protection ensures full document integrity by creating hash of every single document version, using SHA-512 algorithm. This hash makes it impossible to manipulate the versions without leaving evidences. All hashes are stored on private or public blockchain, so no one is able to delete or manipulate them. They are available at the dashboard, so you can verify them 24/7.
Timestamping
Every single version is being time stamped. Having every hash time stamped, your organisation can keep track on the exact moment when a particular document has been modified and by whom. If any changes happen to the file, stakeholders having access to the version control panel will be able to see this as a separate time stamp.
Origin and authorship protection
As every single modification is being automatically saved as a new version with a new timestamp, it’s easy to follow the origin and authorship of a document – who created, uploaded/ downloaded it, opened or made any changes – it’s all available and broken down by user and date/time. Example: 1. An employee tampers with unprotected document related with company policies, changing a specific statement 2. The employee threatens the company to sue them for not complying with certain statement 3. The company has a version control on the blockchain, which can legally prove that the document has been changed by this employee, providing exact date, time, user name and other details related to this action.
Data verification
Blockchain protection can be used for document verification. When a user uploads a file it can be checked if it has previously been added to the blockchain. In cases of identical documents, the name it originates from will be easy to find. This ensures verification of origin/authorship and eliminates the risk of frauds related with this matter.
Compliance and legal protection
Many data privacy-related regulations such as GDPR, PSD2, and others, require appropriate technological measures to be in place to ensure data is kept safe. Protecting fundamental part of every organisation processes such as its documentation is therefore a big step to achieving data protection regulation compliance. Furthermore, blockchain-based solution providing real-time verification and time stamping can be used as a digital evidence in the court.
Who needs document protection?
While small businesses not processing high volumes of confidential information would find document protection rather desirable than mandatory, to some organisations processing sensitive records this automated document protection might happen to be a game changer in terms of improving information security. We find that there are four main types of companies that need to integrate such protection layer in their systems:
- Companies who need to ensure document confidentiality
- Companies who would like to prevent documents from malicious tampering
- Companies who need to comply with data protection standards and regulations
- Companies who want to demonstrate coverage of high information security standards
What Is Our Document Protection Solution
Our blockchain service allows for both internal and independent verification of the integrity of the documents, thus practically eliminating document fraud that involves tampering with document contents. Internal and external auditors can be given temporary access to inspect the audit trail of the documents as part of regular compliance audits. Data stored on our blockchain can be used as forensic evidence even in case of criminal cases – the way we store data is fully compliant with data integrity regulations (e.g. EU’s eIDAS regulation among others) and our trails possess legal strength that can be extremely useful if fraud gets to court. We believe that data integrity, and document integrity more specifically, are very important for organizations regardless of their size. We also believe that blockchain technology is a great way to protect the integrity of documents against both external and internal malicious actors. In order to get the functionality, our LogSentinel agent should be installed to monitor all changes and send them to our blockchain for safe keeping.
Bozhidar Bozhanov is a senior software engineer and solution architect with 15 years of experience in the software industry. Bozhidar has been a speaker at numerous conferences and is among the popular bloggers and influencers in the technical field. He’s also a former government advisor on e-government, transparency, and information security.
