SharePoint DLP

By default, SharePoint mirrors the traditional IT approach to permissions and access management. SharePoint secures access by applying permissions to specific libraries or lists based on Active Directory groups defined by the SharePoint Administrator. The Active Directory groups are often tied tightly to the organizational structure, yet frequently this approach does not reflect the cross-functional reality of how business gets done, and is often at odds with the use of SharePoint as an enterprise collaboration platform. This approach is also an underlying cause of the many governance headaches associated with SharePoint, including proliferation of sites and document libraries.

Cryptzone’s content-aware solutions look at an entire library of content to identify individual documents and files which should be secured based on specific policies. These policies are applied by scanning the content against the pre-defined checkpoints resident within the policy manager. This approach is possible because Cryptzone’s solutions for SharePoint are content-aware, and are able to read the actual data contained in a specific document or item. Cryptzone then classifies, and if desired, restricts access to, and encrypts the item(s).

Since permissions are applied at the individual file level (using classification), as compared with solutions that secure or encrypt at the library level, sensitive content can be stored, shared and collaborated on from any site or library in the SharePoint farm. It also ensures access to the content is restricted to only those who have permissions to the file as defined by its classification.

Cryptzone is the only solution which limits access at the item-level. In addition to protecting your organization from an accidental breach, this approach also controls the proliferation of sites and libraries in SharePoint. For example, if a company’s board of directors is considering a potential merger, the documents generated prior to the merger becoming public can be stored anywhere in SharePoint and classified as Board Only, making the sensitive content visible only to relevant parties. Other solutions would require the provision of a new site every time such a restricted project was undertaken. Most importantly, without item-level security, the end user has to remember the proper location for every sensitive item they create or edit to ensure appropriate access – a certain recipe for a breach.