Securing sensitive and compliance-regulated data in SharePoint: an end-to-end approach


Published on

SharePoint continues to be the collaboration and content
management platform of choice. With more than 130 million
users and adoption by 70 percent of large enterprises, we can
expect continued market penetration, as well as increased use
of SharePoint for managing sensitive and regulated content.
However, numerous industry studies cite challenges with
security, compliance, and information governance associated
with SharePoint sites and the information stored in them. A
recent Information Week study rated data security controls
as the most important feature of collaboration software
platforms—higher than all other capabilities. The study
found that monitoring content in collaboration platforms for
security and policy violations was a challenge for 38 percent of
This white paper describes common security and compliance
challenges associated with SharePoint content and identifies
an end-to-end solution approach to securing confidential and
regulated data in SharePoint.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Securing sensitive and compliance-regulated data in SharePoint: an end-to-end approach

  1. 1. Securing sensitive and compliance-regulated data in SharePoint: an end-to-end approach An IGC and CipherPoint Software White Paper
  2. 2. SharePoint continues to be the collaboration and contentmanagement platform of choice. With more than 130 millionusers and adoption by 70 percent of large enterprises, we canexpect continued market penetration, as well as increased useof SharePoint for managing sensitive and regulated content.However, numerous industry studies cite challenges withsecurity, compliance, and information governance associated CipherPointKM security management console.with SharePoint sites and the information stored in them. Arecent Information Week study rated data security controlsas the most important feature of collaboration softwareplatforms—higher than all other capabilities. The study End-to-end solution architecturefound that monitoring content in collaboration platforms for Beyond evaluating specific threats to your SharePoint content,security and policy violations was a challenge for 38 percent of you may also wish to perform a full risk assessment for yourrespondents. SharePoint sites and information. CipherPoint has created a brief SharePoint risk assessment template, which may beThis white paper describes common security and compliance downloaded for free at associated with SharePoint content and identifiesan end-to-end solution approach to securing confidential andregulated data in SharePoint. Server-side security As a web-based platform with myriad configuration SharePoint customer security challenges possibilities, SharePoint security can be a complex topic, and one that is highly dependent on the use case and theOrganizations face a host of issues when access to sensitive deployment model. The solution architecture described hereor regulated content in SharePoint libraries is not tightly provides the recommended end-to-end, “defense in depth”controlled: approach to securing information in SharePoint. furthering • Understanding what content is stored in SharePoint the ‘just, speedy and inexpensive’ determination of this case. “ and whether the data is sensitive or governed by compliance regulations. It is important to not just write policy, but to inspect SharePoint file storage and determine Protecting information stored in SharePoint what is actually being stored in SharePoint sites. • Classifying data in SharePoint and establishing access with CipherPoint controls and required protection mechanisms for data in storage, in transit and when downloaded to or being Threats to data while stored in SharePoint can come from used on client device. insiders, administrators, external attackers, and from loss or • Understanding the insider and administrator threat theft of servers and media. To ensure SharePoint is secured to data in SharePoint since native platform controls are against those threats all the way from the front end back into trivially easy for a farm or site administrator to circumvent. storage, a combination of user authentication, strong access • Preventing information leakage from SharePoint, control, encryption and audit logging are recommended. including via download, copy and paste, or just by misconfiguring access controls. CipherPoint’s transparent web-tier encryption technology for • Balancing ease of access and use with security. SharePoint secures sensitive or regulated content through the • Building security controls to comply with relevant use of encryption, access control and activity logging. regulations for your organization, in your industry. • Providing separation of duties for SharePoint CipherPoint’s SharePoint products provide transparent data administrators, particularly if your sites house trade encryption for on-premise SharePoint installations, using secrets, IP, business plans, customer lists, and human technology that delivers distinct advantages over other resources data approaches to securing SharePoint content: A useful mechanism for thinking through content security • Inserts at the web tier, providing a higher level of threat and SharePoint is to consider threats to the data and content protection against insiders and other threats to sensitivefrom end to end. The diagram below can be used to build a datarisk model that describes the threats facing your organization • Transparent to end usersgiven how you use the SharePoint platform. Sensitive • Gives security control back to IT security management information is potentially vulnerable at any stage, from the • Enables compliance to numerous regulations requiringpoint of SharePoint access all the way to your backups. This encryption of regulated contentmodel can be used to help you evaluate how to best protect • Makes content protection for SharePoint easy, secure against different threats at different points. and scalablePage 2 - Securing sensitive and compliance-regulated data in SharePoint: an end-to-end approach
  3. 3. The CipherPoint product solution for SharePoint comprises This process is completely transparent to the user, who onlyCipherPointKM, the central key management console has to click a link to see the document content directly insideproviding administration capabilities for multiple SharePoint the SharePoint portal. This prevents sensitive information fromservers, and CipherPoint agent software, with three versions being lost when hard drives are replaced or sent outside ansuitable for use by small SharePoint farms, mid-sized organization without being securely wiped, or when laptopsenterprises, and large enterprises with multiple locations and are stolen, thumb drives are misplaced, or hackers accessvery large SharePoint farms. unsecured drives. Brava eliminates these concerns by allowing users to access the document content they need without the original document ever being downloaded. Protected libraries—Brava Protected Libraries offer administrators even more options for securing their repositories. When the Brava Protected Library feature is activated on a library, users with read-only permissions on a document can access a document only through the Brava viewer. Users with write permissions on a document continue to work normally with a document, including checking in a new version, opening it in the original application or viewing it through Brava. When a read-only user tries to access the document, that user is automatically redirected to the Brava viewer. CipherPointKM security management console. Brava Protected Libraries do more than block a user’s ability to download a document through the SharePoint web interface.CipherPointCS is a SharePoint content scanner that enables In addition, Brava will trap all requests for a document so usersSharePoint administrators and security staff to scan are automatically redirected to the Brava viewer, regardlessSharePoint sites and find sensitive or compliance-regulated of whether the user navigates to the document throughdata. CipherPoint is pleased to provide this content scanning SharePoint, clicks a link to the document in an email, or entersutility for free as part of its philosophy that SharePoint site the URL of the document directly in a browser’s URL starts with understanding exactly what content isbeing stored in SharePoint sites. Read-only users are not able to copy and paste text from Brava, print the document, or save a PDF rendition. Brava even blocks the print screen command. Brava Protected Libraries Client-side security protects from insider threats by ensuring that sensitive information never leaves the controlled confines of yourThreats to SharePoint data while in use on client devices or SharePoint environment, while giving users access to thewhen checked out from SharePoint sites can come from a information they need to do their jobs.variety of sources, including device loss or theft and malicioususers who copy data to unauthorized devices or storage. Addressing information access and security with Brava!® for SharePointIGC’s Brava viewer allows SharePoint users access to theirdocument content directly through the SharePoint portalwithout ever needing to download the document totheir computer. Brava users are able to view and annotatevirtually any document type and create redacted versionsof documents with sensitive information removed. Brava’scapabilities provide end users easy access to the informationthey need while still securing sensitive document content. Viewing documents in Brava for SharePointBrava protects sensitive content in multiple ways: Redaction—Sometimes you will need to share documentsUntouched originals—When a document is viewed through that include customers’ private information, trade secrets,the Brava viewer, the original document is never downloaded sensitive human resources information or other privilegedto the user’s computer. The Brava server converts documents information. Corporate governance policies, compliancefrom their native format to an IGC proprietary format, which is concerns or government regulations may restrict yourthen streamed to the viewer. ability to share that sensitive content. In these cases, Brava’s Page 3 - Securing sensitive and compliance-regulated data in SharePoint: an end-to-end approach
  4. 4. redaction capabilities will assist you in securing sensitive concert, the CipherPoint and IGC solutions can also enableinformation. your organization to confidently deploy SharePoint as a platform for senior management, team collaboration, boards of directors, human resources, and more. CipherPoint secures sensitive and regulated content in web- based application environments including cloud, SaaS and premise-based collaboration platforms such as Microsoft SharePoint. Headquartered in Denver, Colorado, CipherPoint was founded by IT security experts with deep experience in building successful security technology companies. CipherPoint is committed to helping customers meet their security objectives, building value for our shareholders, fostering a stimulating work environment for employees and improving the community through volunteering. Customers in manufacturing, financial services, federal and state government, defense, healthcare, and business A redacted file in SharePoint. services use CipherPoint’s content security solutions to secure their sensitive and compliance-regulated data. Customers throughout North America, the UK and Europe, the Middle Brava architecture East, and Asia rely on CipherPoint to secure their sensitive information. Learn more at allows you to mark sensitive information for redactionand generate a new document with that content completelyremoved. You can manually mark areas for redaction, search About IGCfor common privacy information such as social securitynumbers or enter your own text patterns to redact. All the IGC is a recognized leader in viewing, collaboration andcontent not marked for redaction is transferred to the new redaction software, offering products that speed workflows,document unchanged, so you are still able to search for and increase efficiency, and aid in regulation compliance. IGCuse everything except the sensitive content. The redacted solutions are deployed across almost every industry, withinformation will never appear in the new document, so millions of installed seats never have to worry about someone extracting thatinformation from the redacted document. This allows you to Brava gives users access to needed information in documentsshare documents while still complying with the policies and quickly and allows them to make comments, removelaws governing management of sensitive information. sensitive information and create sanitized versions as PDFs, TIFFs or CSFs. Brava supports virtually any format, including office documents, images (e.g., TIFF, JPG, GIF) and CAD Protect sensitive information with comprehensive drawings. Redact-It® automatically creates public renditions of documents with sensitive content completely removed SharePoint security as part of a workflow. Blazon™, formerly known as Net-It®, automatically creates a TIFF or PDF version of the sourceBrava consists of a SharePoint solution, a web application and document and enables users to add stamps, a watermark,a client-side viewer control. When a user accesses a document or other information based on metadata from Microsoftthrough Brava, the document is sent from SharePoint to IGC’s SharePoint. Learn more at format, which is then streamed to the viewer. Theoriginal document is never sent to the user’s computer. TheBrava web application can live behind a corporate firewall.This ensures that your documents never even have to leaveyour corporate network, even if users are outside the network.All communication between the Brava viewer and server can For more information,be configured to use https, adding another degree of security please contact:to the communication. Informative Graphics Corp. CipherPoint Software About CipherPoint 4835 E. Cactus Road, Suite 445 4600 S. Syracuse, 9th Floor Scottsdale, AZ 85254 Denver, CO 80237-2719Employing an end-to-end protection strategy for SharePoint Phone: 800.398.7005 +1.888.657.5355can allow your organization to comply with relevant (intl +1.602.971.6061) URL: www.cipherpoint.comregulations, secure your sensitive information and avoid URL: Email: info@cipherpoint.comexpensive data breaches and brand damage. When used in Email: © Copyright 2012 Informative Graphics Corporation