Security Sheriff®

File Share

Managing Compliance and Security on Windows Server File Shares

Many organizations have turned to Content Management Systems (CMS) such as Microsoft SharePoint as the solution for storing and collaborating on their unstructured content. That said, many companies still have existing File Shares where terabytes of data are still being stored and accessed. Some will migrate that content over to a CMS like SharePoint, others will continue to store information in existing repositories.

Given all of the information that exists on enterprise File Shares and CMS systems, how are businesses managing this explosion of content? How can they ensure only authorized audiences have access to sensitive content? How can they prove they are meeting regulatory requirements?

Secure File Share Content at the Document Level

The award-winning Security Sheriff® offers content-aware data loss protection (DLP) capabilities for Windows Server File Shares with metadata-driven, item level security to inspect and automatically restrict access to, encrypt, track and prevent the emailing of content based upon the presence of sensitive and/or non-compliant information.


With Security Sheriff, users can easily configure secure metadata and define choice values to suit any business requirement. Authorized users can classify documents according to their content, unlike standard metadata that can be modified by anyone that is allowed access. Using Security Sheriff users can define the level of sensitivity of the document as confidential, private or secret. Then depending on their selection, additional levels of classification, including selecting the audience, department or project, can be added as required.


Based upon the business rules associated with its classification, access to a document or content item within a File Share can be restricted to a specific individual or group, even if a wider audience has access to the site or library where the item physically resides. With file level permissions, administrators can reduce the number of folder locations that get created (folder location proliferation) just to cope with another set of collaborative users. Managing file permissions with Security Sheriff is easy since they are based on the metadata values added at the time of classification.


Data loss prevention is a critical issue for many organizations. In addition to securing a document based on its classification (metadata), Security Sheriff can further secure File Share content by encrypting it. When Security Sheriff identifies sensitive content, it can encrypt the information immediately. This means only properly credentialed users will be able to read the content – whether inside or outside of the File Share – even if they have administrator privileges, making it safe to store confidential documents such as Board discussions and HR documents. It also ensures any documents that make it out of the files system can only be accessed by the credentialed users.


To further extend the tracking process you can also define rules in Security Sheriff to warn users on or prevent the distribution of sensitive information or confidential documents. For example, if a document is going to be emailed to a group and a listed recipient does not have proper access to that category of document, the email cannot be sent until that individual is removed from the distribution list. Users can also be prevented from printing, saving and copying the contents of Microsoft Office documents outside of the File Share.

Metadata-driven, Item-level Security

Security Sheriff's granular approach to security limits access at the item-level using secure metadata. In addition to better protecting your organization from an accidental breach, this approach also controls the proliferation of folders on Windows Server File Shares.

Security Sheriff looks at an entire folder of content to identify individual documents and files which should be secured based on specific policies. These policies are applied by scanning the content against the pre-defined checkpoints resident within the policy manager. This approach is possible because Security Sheriff is content-aware and users are able to read the actual data contained in a specific document and classify it against your business rules, using secure metadata. If desired, it restricts access to and encrypts the item(s).

Since permissions are applied at the individual file level using classification, as compared with solutions that secure or encrypt at the folder level, sensitive content can be stored, shared and collaborated on from any folder in the File Share. Security Sheriff also ensures access to the content is restricted to only those who have permissions to the file as defined by its classification.