HiSoftware Security Sheriff® for SharePoint and Office 365
The SharePoint and Office 365 Security Gap
While thousands of organizations are deploying SharePoint and Office 365 to manage enterprise content, streamline business processes, and deliver “enterprise 2.0” collaboration capabilities, compliance and security concerns − and their associated risks − remain top of mind. As the amount of content and user interaction increases, particularly given the enhanced collaborative capabilities of Microsoft's collaboration platforms, the chance for a SharePoint or Office 365 security breach or compliance violation increases as well. A solution that automatically classifies, applies permissions, tracks, encrypts and prevents the inappropriate storage, access and distribution of sensitive content stored in SharePoint and Office 365 is clearly necessary to overcome this confidence gap.
Securing Sensitive Content with Metadata-driven, Item-level Security
The award-winning HiSoftware Security Sheriff uses metadata-driven, item level security to restrict access to, encrypt, track and prevent the publishing or emailing of content based upon the presence of sensitive and/or non-compliant information, offering content-aware data loss protection (DLP) capabilities for SharePoint 2010 and 2013, as well as Office 365 and hybrid environment. When used in conjunction with Compliance Sheriff SP, it leverages the product’s policy scanning and auto classification features to perform these actions automatically.
HiSoftware’s granular approach to SharePoint and Office 365 security limits access at the item-level using secure metadata. In addition to better protecting your organization from an accidental breach, this approach also controls the proliferation of sites and libraries in SharePoint. For example, if a company’s board of directors is considering a potential merger, the confidential merger documents can be stored anywhere in SharePoint classified as “Board Only,” making the sensitive content visible only to relevant parties. Other solutions would require the provision of a new site every time such a restricted project was undertaken. Most importantly, without metadata-driven, item-level security the end user has to remember the proper location for every sensitive item they create or edit to ensure appropriate access – a certain recipe for a breach.
Security Sheriff secures content and enforces compliance in SharePoint and Office 365
can scan information at rest within their SharePoint and Office 365
sites against hundreds of existing and easily configurable policy checkpoints
to assess the level of sensitive information present and identify
compliance issues. You can also scan data in
motion against these or custom corporate policies as documents are
added, updated or moved in and out of your environment.
Based upon the business rules associated with its classification, access to a document or content item within SharePoint can be restricted to a specific individual or group, even if a wider audience has access to the site or library where the item physically resides. With file level permissions, administrators can reduce the number of sites that get created (site proliferation) just to cope with another set of collaborative users. Managing file permissions with Security Sheriff is easy since they are based on the metadata values added at the time of classification.
Data loss prevention is a critical issue for many organizations. In addition to securing a document based on its classification (metadata), Security Sheriff can further secure content by encrypting it. When Security Sheriff identifies sensitive content in SharePoint or Office 365, it can encrypt the information immediately. This means only properly credentialed users will be able to read the content – whether inside or outside of SharePoint – even if they have SharePoint administrator privileges, making it safe to store confidential documents such as Board discussions and HR documents. It also ensures any documents that make it out of SharePoint can only be accessed by the credentialed users.
With the optional HiSoftware Sheriff Workspace Windows and the Office Connectors, Security Sheriff can also track the entire lifecycle of Office documents. This means that a policy manager or security officer can see if and when a document has been read, emailed, or printed and by whom. A document’s entire “chain of custody” is recorded and easily available in the event of a breach or a regulatory audit.
Security Sheriff can trigger workflows to quarantine, move, request approval
from policy officers / managers or request explanations from users. Complete
business rules can be developed so that you can remediate compliance issues
and/or task the proper individual(s) in the organization to review and
potentially classify, re-classify or encrypt the content. Workflow can also be
used to prevent the publication of confidential documents. Organizations can
also block documents from being added, published or moved in SharePoint.
HiSoftware has built special purpose connectors for integrating with Nintex Workflow
to create custom actions.
You can also define rules in
Security Sheriff to warn users on, or prevent the distribution of
sensitive information or confidential documents. For example, if a
document is going to be emailed to a group and a listed recipient does
not have proper access to that category of document, the email cannot be
sent until that individual is removed from the distribution list. Users
can also be prevented from printing and saving Microsoft Office
documents outside of SharePoint.
Learn more about HiSoftware Security Sheriff
Contact a HiSoftware solutions specialist to discuss your SharePoint security needs.
Download Managing Compliance Risk in SharePoint: A Step by Step Illustrated Guide
Download the HiSoftware SharePoint Solutions Overview (1.6Mb PDF) | Need Alternative Content?
Request a Demo