HiSoftware Security Sheriff™ SP for SharePoint
The SharePoint Security Gap
While thousands of organizations are deploying SharePoint to manage enterprise content, streamline business processes, and deliver “enterprise 2.0” collaboration capabilities, compliance and security concerns − and their associated risks − remain top of mind. As the amount of content and user interaction increases, particularly given the enhanced collaborative capabilities of SharePoint 2010, the chance for a SharePoint security breach or a compliance violation increases as well. A solution that automatically classifies, applies permissions, tracks, encrypts and prevents the inappropriate storage, access and distribution of sensitive content stored in SharePoint is clearly necessary to overcome this confidence gap.
Securing Sensitive Content with Metadata-driven, Item-level Security
The award-winning HiSoftware Security Sheriff SP uses metadata-driven, item level security to restrict access to, encrypt, track and prevent the publishing or emailing of content based upon the presence of sensitive and/or non-compliant information, offering content-aware data loss protection (DLP) capabilities for SharePoint. When used in conjunction with Compliance Sheriff SP, it leverages the product’s policy scanning and auto classification features to perform these actions automatically.
HiSoftware’s granular approach to SharePoint security limits access at the item-level using secure metadata. In addition to better protecting your organization from an accidental breach, this approach also controls the proliferation of sites and libraries in SharePoint. For example, if a company’s board of directors is considering a potential merger, the confidential merger documents can be stored anywhere in SharePoint classified as “Board Only,” making the sensitive content visible only to relevant parties. Other solutions would require the provision of a new site every time such a restricted project was undertaken. Most importantly, without metadata-driven, item-level security the end user has to remember the proper location for every sensitive item they create or edit to ensure appropriate access – a certain recipe for a breach.
Security Sheriff SP enables both users and administrators to:
Classify: With Security Sheriff, users can easily configure secure metadata and define choice values to suit any business requirement. Authorized SharePoint users can classify documents according to their content, unlike standard SharePoint data that can be modified by anyone that is allowed access. Using Security Sheriff users can define the level of sensitivity of the document as confidential, private or secret. Then depending on their selection additional levels of classification, including selecting the audience, department or project, can be added as required.
Restrict: Based upon the business rules associated with its classification, access to a document or content item within SharePoint can be restricted to a specific individual or group, even if a wider audience has access to the site or library where the item physically resides. With file level permissions, administrators can reduce the number of sites that get created (site proliferation) just to cope with another set of collaborative users. Managing file permissions with Security Sheriff is easy since they are based on the metadata values added at the time of classification.
Encrypt: Data loss prevention is a critical issue for many organizations. In addition to securing a document based on its classification (metadata), Security Sheriff can further secure SharePoint content by encrypting it. When Security Sheriff identifies sensitive content, it can encrypt the information immediately. This means only properly credentialed users will be able to read the content – whether inside or outside of SharePoint – even if they have SharePoint administrator privileges, making it safe to store confidential documents such as Board discussions and HR documents. It also ensures any documents that make it out of SharePoint can only be accessed by the credentialed users.
Track: With the optional HiSoftware Sheriff Workspace Windows and the Office Connectors, Security Sheriff can also track the entire lifecycle of Office documents. This means that a policy manager or security officer can see if and when a document has been read, emailed, or printed and by whom. A document’s entire “chain of custody” is recorded and easily available in the event of a breach or a regulatory audit.
Prevent: To further extend the tracking process you can also define rules in Security Sheriff to warn users on or prevent the distribution of sensitive information or confidential documents. For example, if a document is going to be emailed to a group and a listed recipient does not have proper access to that category of document, the email cannot be sent until that individual is removed from the distribution list. Users can also be prevented from printing and saving Microsoft Office documents outside of SharePoint.
Control: Using Sheriff Workflow, Security Sheriff can trigger workflows to quarantine, move, request approval from policy officers / managers or request explanations from users. Complete business rules can be developed so that you can remediate compliance issues and/or task the proper individual(s) in the organization to review and potentially classify, re-classify or encrypt the content. Workflow can also be used to prevent the publication of confidential documents. With Sheriff Workflow organizations can also block documents from being added, published or moved in SharePoint.
Learn more about the HiSoftware Security Sheriff SP
Contact a HiSoftware solutions specialist to discuss your SharePoint security needs.
Download Managing Compliance Risk in SharePoint: A Step by Step Illustrated Guide
Download the HiSoftware SharePoint Solutions Brochure (1MB PDF) | Need Alternative Content?
Request a Demo