Compliance and Security Solutions for Microsoft SharePoint
Microsoft SharePoint and the ECM Challenge The numbers tell the story. According to the consulting firm Doculabs, 80 percent of the information within organizations is unstructured (word processing files, emails, spreadsheets, Web content, blogs, wikis, etc.), with growth predicted at a rate of 36 percent per year.1 So how are businesses managing this explosion of content?
sensitive content. A recent report by Forrester Research Inc. for Microsoft on “The Total Economic Impact of Microsoft SharePoint Server 2010,” found that companies were, on average, missing 25 percent of the expected cost savings for SharePoint because of the need to maintain legacy document management systems.
Many organizations have turned to SharePoint as the solution to their content management challenges. AIIM’s “State of the ECM Industry” report stated that 70 percent of the largest global organizations are using SharePoint today and 50 percent consider it their primary Enterprise Content Management (ECM) system.
In fact, only 20 percent of the respondents to AIIM’s 2011 survey indicated they had sufficient confidence in SharePoint security to store sensitive information. And more than 60 percent of organizations have yet to bring SharePoint in line with their existing compliance policies.2 Another AIIM study found that 80 percent of companies do not trust SharePoint to store all their confidential and sensitive documents. And 13 percent of those companies feel that their SharePoint security is a “disaster waiting to happen.”3
Despite wide adoption, gaps in SharePoint adoption and business-readiness remain, particularly when it comes to data compliance and the management of private or otherwise
Overcoming SharePoint’s Compliance and Security Gaps As this data shows, many organizations are deploying SharePoint to manage their enterprise content and streamline business processes while enhancing “enterprise 2.0” collaboration. However, compliance and security concerns — and their associated risks — remain top of mind. As the amount of content and user interaction increases, particularly given the enhanced collaborative capabilities of SharePoint, the chance for a security breach or compliance violation increases as well. Without effective compliance and security controls, SharePoint will never realize its potential as a comprehensive, widely adopted ECM platform.
1 Source: http://www.doculabs.com/wp-content/ uploads/downloads/2011/12/A-Doculabs-White-PaperQuantifying-ROI-for-ECM1.pdf
Fully integrated with SharePoint, HiSoftware Compliance Sheriff® SP and HiSoftware Security Sheriff™ SP complement the platform’s powerful content publishing and collaboration features by continuously monitoring and auditing data and documents for compliance requirements such as privacy, information security, accessibility, brand integrity and quality. Managing compliance and security with the HiSoftware Sheriff™ suite of solutions is as easy as 1-2-3. 1
Design Policies and Deploy. HiSoftware’s policy manager features hundreds of pre-defined checkpoints to validate compliance with US and international privacy policies (GLBA, COPPA, EU Privacy Directive), and other regulatory mandates including HIPAA, FISMA, PCI DSS, WCAG 2.0, Section 508 and more. It also allows users to easily define and configure checkpoints for their own unique privacy, confidentiality and security policies without costly consulting and/or programming resources.
Automate Content Compliance. As Compliance Sheriff SP scans and identifies areas of risk, detects specific policy violations or confidential content, the flagged item is classified via the addition of Sheriff metadata.
Secure Content. Once classified, user-defined business rules in Security Sheriff SP can automatically restrict access to the item, encrypt it, track the document’s chain of custody, and prevent it from leaving SharePoint.
2 Source: AIIM’s 2011 ‘State of the ECM Industry’ 3 AIIM White Paper: SharePoint Security– maximizing operability while minimizing risk © AIIM 2012 www.aiim.org / © HiSoftware 2012 www.hisoftware.com
Ensure Data Compliance,
HiSoftware Compliance Sheriff SP ®
HiSoftware Compliance Sheriff SP is an award-winning content-aware compliance solution for SharePoint. Compliance Sheriff SP allows organizations to realize the full ECM potential of SharePoint while mitigating the risk of a privacy breach and ensuring compliance with specific regulations and internal policies including PII, PHI, PCIDSS, HIPAA, HITECH and custom guidelines. With Compliance Sheriff SP organizations can:
AUDIT: Organizations can scan information at rest within their SharePoint sites against hundreds of existing and easily configurable policy checkpoints to assess the level of sensitive information present and identify compliance issues. In addition, Compliance Sheriff SP also scans data in motion against these or custom corporate policies as documents are added, updated or moved in and out of your SharePoint environment.
REPORT: Through the policy dashboard, Compliance Sheriff SP provides executives and policy managers with visibility into SharePoint’s compliance status. Via standard reports, compliance and privacy officers get real-time insight into the compliance status of the SharePoint environment, can identify teams or departments where issues are recurring, and measure progress against compliance objectives over time. The reporting function also provides a detailed analysis of red flag issues allowing users to quickly identify and remediate issues.
CLASSIFY: As Compliance Sheriff SP identifies potentially sensitive content, at rest or in motion, it can dynamically tag the content with metadata that identifies it as having a certain level of risk or as containing sensitive information. Content scans are triggered:
By the HiSoftware policy manager as it scans data at rest within a specific SharePoint site, library, list or event
Automatically as new documents and items are added to SharePoint
By authorized users when they create and/or edit an individual document or content item
search and retrieval, and provide a persistent form of identification for sensitive content as your SharePoint environment grows and evolves.
QUARANTINE: Using HiSoftware Sheriff Workflow, organizations can immediately quarantine documents upon upload using sheriff workflow and stop them from being distributed or moved in SharePoint. Workflows can be designed to match the complex needs of any organization.
CONTROL: Additionally with the Sheriff Workflow module, Compliance Sheriff SP can trigger workflows to remediate compliance issues and/or task the proper individual(s) in the organization to review and potentially quarantine, remove, classify or re-classify the content.
“HiSoftware Security Sheriff SP offers the
Authorized users can also reclassify documents through the ribbon in SharePoint or with the Office Connectors.
most complete solution we’ve seen for
A number of basic classification categories come standard with the solution. Additionally, an organization can easily create custom classification categories for their specific needs.
users to easily share content and collaborate.”
Once an item is classified by Compliance Sheriff SP the classification values can then be utilized by the optional HiSoftware Security Sheriff SP product to automatically restrict, track and encrypt documents, as well as prevent distribution by unauthorized users. Classification can also aid in e-discovery,
securing SharePoint, while still enabling end - Penton Media’s Windows IT Pro on HiSoftware Security Sheriff SP being named a Gold Medal Winner of the “2012 Editors’ Best Awards” in the Best SharePoint Product category
HiSoftware Security Sheriff SP ™
Securing SharePoint Content at the Document Level The award-winning HiSoftware Security Sheriff SP uses metadata-driven, item level security to restrict access to, encrypt, track and prevent the publishing or emailing of content based upon the presence of sensitive and/or non-compliant information, offering content-aware data loss protection (DLP) capabilities for SharePoint. When used in conjunction with Compliance Sheriff SP, it leverages the product’s policy scanning and auto classification features to perform these actions automatically. Security Sheriff SP enables both users and administrators to:
CLASSIFY: With Security Sheriff SP, users can easily configure secure metadata and define choice values to suit any business requirement. Authorized SharePoint users can classify documents according to their content, unlike standard SharePoint data that can be modified by anyone that is allowed access. Using Security Sheriff SP users can define the level of sensitivity of the document as confidential, private or secret. Then depending on their selection additional levels of classification, including selecting the audience, department or project, can be added as required.
RESTRICT: Based upon the business rules associated with its classification, access to a document or content item within SharePoint can be restricted to a specific individual or group, even if a wider audience has access to the site or library where the item physically resides. With file level permissions, administrators can reduce the number of sites that get created (site proliferation) just to cope with another set of collaborative users. Managing file permissions with Security Sheriff SP is easy since they are based on the metadata values added at the time of classification.
ENCRYPT: Data loss prevention is a critical issue for many organizations. In addition to securing a document based on its classification (metadata), Security Sheriff SP can further secure SharePoint content by encrypting it. When Security Sheriff SP
identifies sensitive content, it can encrypt the information immediately. This means only properly credentialed users will be able to read the content – whether inside or outside of SharePoint – even if they have SharePoint administrator privileges, making it safe to store confidential documents such as Board discussions and HR documents. It also ensures any documents that make it out of SharePoint can only be accessed by the credentialed users.
TRACK: With the optional HiSoftware Sheriff Workspace Windows and the Office Connectors, Security Sheriff SP can also track the entire lifecycle of Microsoft Office® documents. This means that a policy manager or security officer can see if and when a document has been read, emailed, or printed and by whom. A document’s entire “chain of custody” is recorded and easily available in the event of a breach or a regulatory audit.
PREVENT: To further extend the tracking process you can also define rules in Security Sheriff SP to warn users on or prevent the distribution of sensitive information or confidential documents. For example, if a document is going to be emailed to a group and a listed recipient does not have proper access to that category of document, the email cannot be sent until that individual is removed from the distribution list. Users can also be prevented from printing and saving Microsoft Office documents outside of SharePoint.
CONTROL: Using Sheriff Workflow, Security Sheriff SP can trigger workflows to quarantine, move, request approval from policy officers / managers, or request explanations from users. Complete business rules can be developed so that you can remediate compliance issues and/or task the proper individual(s) in the organization to review and potentially classify, re-classify or encrypt the content. Workflow can also be used to prevent the publication of confidential documents. With Sheriff Workflow organizations can also block documents from being published or moved in SharePoint.
As the solution scans, tags and encrypts content based on the pre-defined rules, the individual item is updated in the SharePoint library. Encrypted documents are denoted with a lock icon, the original file extension is appended to the file name, the Privacy column shows the classification and the Approval Status shows if the content has passed/failed.
PRIVACY & CONFIDENTIALITY: Automatically scan SharePoint content and sites to detect the presence of PII, PHI, intellectual property, company confidentials and sensitive information, notifying policy officers and privacy managers of potential violations. Depending on your organization’s unique compliance approach and risk threshold, it can confirm the use of secure methods to collect private information with the proper consents, and ensure that whenever information is stored, accessed or moved, it is only by credentialed users and only to appropriate locations. Privacy checkpoints for: HIPAA, FISMA, PCI DSS, COPPA, GLBA and other key US and international privacy standards are included.
SOCIAL: Detect, document and prevent privacy breaches and exposure of confidential information in the SharePoint social environment. Ensure that TeamSite, blog, discussion forum, wiki and third party (NewsGator) social content complies with HR policies for inappropriate or obscene language, PII and PHI, and keep confidential company material out of the public domain, with automated scanning and notifications. Stop posts with non-compliant content using workflows.
ACCESSIBILITY: Establish ongoing, automated checks to ensure SharePoint accessibility concerns are seamlessly managed and that compliance issues are flagged and prioritized for swift remediation. The Accessibility checkpoints map to all common Web accessibility standards including Section 508, WCAG 2.0, Canadian Common Look and Feel (CLF) and XML Accessibility Guidelines (XAG).
Easily Design Workflows As specific areas of content risk are identified in SharePoint, Compliance Sheriff SP and/or Security Sheriff SP triggers HiSoftware Sheriff Workflow to remediate compliance issues and/ or task the proper individual(s) in the organization to review and potentially classify, re-classify and encrypt the content. Workflow can also be used to prevent the publication of noncompliant content (e.g. in a discussion forum or blog) based upon the policies created within the policy manager.
BRAND INTEGRITY & QUALITY: Scan and analyze SharePoint content for brand conformance issues such as logo consistency, correct legal name usage, copyrights and more. Detailed reports help content managers quickly pinpoint and fix identified issues.
OPSEC INFORMATION ASSURANCE: Monitor and verify that SharePoint content complies with federal risk assessment practices and the US government’s OPSEC guidelines. Help to protect against the accidental disclosure of confidential information by scanning content to look for references to operational military information that would reveal sensitive movements of military assets, or the location of units, installations or personnel.
Design workflows easily using an intuitive browser-based visual workflow designer Send notifications, get approvals, request explanations, move/ quarantine documents, remediate Prevent publishing of non-compliant or confidential documents Publish workflows on Sheriff policy sites, allowing policy owners to manage policies centrally Secure business processes with central workflow to prevent users from interrupting execution
HiSoftware Sheriff Workspace™ HiSoftware Sheriff Workspace leverages the rules and workflows that you define in HiSoftware Compliance Sheriff SP and HiSoftware Security Sheriff SP to extend those policies and controls to content when a user accesses it from their workstation, laptop or mobile device. CONTROL WINDOWS CONTENT HiSoftware Sheriff Workspace Windows runs on Windows workstations and laptops to monitor users accessing and creating SharePoint documents, and control document distribution to prevent users from printing, emailing or saving confidential content outside of SharePoint. The features and functions of Sheriff Workspace can be extended using the included HiSoftware Sheriff Office Connectors. Sheriff Workspace and the Sheriff Connectors leverage the pre-defined Sheriff policies and rules to allow individual content contributors to scan and classify content on its way into and out of SharePoint from within the familiar Microsoft ribbon interface. Once classified, credentialed users may choose to override a classification, as needed through the ribbon, to ensure that a specific document is tagged accordingly. SECURE MOBILE COLLABORATION HiSoftware Sheriff Workspace Mobile is an optional component that monitors and controls users accessing individual SharePoint documents on the iPad leveraging the policies and rules already defined in Compliance Sheriff SP and Security Sheriff SP. Users can work offline or online and all of their activities are tracked and stored in the audit trail. They can also be warned or prevented from emailing confidential documents to unauthorized audiences. For added security, SharePoint documents stored on the device can be wiped remotely when there is a violation or when a user leaves the business.
Compliance and Security That Work the Way You Do By default, SharePoint mirrors the traditional “IT” approach to permissions and access management. SharePoint secures access by applying permissions to specific libraries or lists based on Active Directory groups defined by the SharePoint Administrator. These groups are often tied tightly to the organizational structure, yet frequently this approach does not reflect the cross-functional reality of how business gets done. This approach is also an underlying cause of the many governance headaches associated with SharePoint, including the proliferation of sites and document libraries. Compliance Sheriff SP and Security Sheriff SP look at an entire library or list of content to identify individual documents and files which should be secured based on specific policies. These policies are applied by scanning the content against the pre-defined checkpoints resident within the policy manager. This approach is possible because HiSoftware’s solutions for SharePoint are content-aware and are able to read the actual data contained in a specific document or item. HiSoftware then classifies, via secure metadata, and if desired, restricts access to and encrypts the item(s). Since permissions are applied at the individual file level (using classification), as compared with solutions that secure or encrypt at the library level, sensitive content can be stored, shared and collaborated on from any site, library or list in the SharePoint farm. It also ensures access to the content is restricted to only those who have permissions to the file as defined by its classification.
Metadata-driven, Item-level Security HiSoftware’s granular approach to security limits access at the item-level using secure metadata. In addition to better protecting your organization from an accidental breach, this approach also controls the proliferation of sites and libraries in SharePoint. For example, if a company’s board of directors is considering a potential merger, the confidential merger documents can be stored anywhere in SharePoint classified as “Board Only,” making the sensitive content visible only to relevant parties. Other solutions would require the provision of a new site every time such a restricted project was undertaken. Most importantly, without metadata-driven, item-level security the end user has to remember the proper location for every sensitive item they create or edit to ensure appropriate access – a certain recipe for a breach.
Making SharePoint Safe for Sensitive Data HiSoftware delivers comprehensive content-aware compliance and security solutions optimized for SharePoint. Unlike competitive solutions for classification, or enterprise DLP solutions that are significantly more expensive to deploy and maintain, HiSoftware has created a suite of complimentary modules that are highly configurable and focus on a compliance and business-centric approach to managing sensitive data in SharePoint. The suite is tightly integrated to the way your organization already uses SharePoint and its complementary Microsoft applications today. The HiSoftware Sheriff suite scans and classifies SharePoint data both at rest and in motion. Based upon classification, it restricts access to the item, prevents the item from being removed from SharePoint, and tracks its entire chain of custody. Any SharePoint item can then be encrypted to safeguard against a breach inside or outside of SharePoint.The solution also includes a complete set of policy notifications and workflow capabilities to alert privacy and information security officers of a potential risk. Using Sheriff Workspace Windows with the Sheriff Office Connectors, individual content contributors can further manage compliance and privacy settings by applying classification from within the familiar Microsoft ribbon interface. Sheriff Workspace Mobile monitors and controls users accessing individual SharePoint documents on the iPad. S
Key Features and Benefits Secure Sensitive Information – Implement contentaware controls that ensure the right users access the right information, every time. Maintain Compliance with Regulatory Mandates – Leverage pre-defined checkpoints for HIPAA/HITECH, MA 201 CMR, FISMA, COPPA, Section 508 and WCAG 2.0, OMB 10-22 and many other US and international regulatory requirements. Leverage the Full Business Value of SharePoint – Security and permissions functionality expand the community that can now safely use and access your SharePoint environment: internal employees, partners, vendors, customers and prospects.
Apply Unique Classification Parameters Using Metadata – Whether system-applied based on policies, or user-applied, classification can control access to content and aid in e-discovery, search and retrieval, and any audits which may be required in the event of a breach.
Simplify SharePoint Governance and Reduce Administration Costs – Automate SharePoint compliance and security to reduce site proliferation and allow administrators to focus on higher value projects for training, business process management and user adoption.
Secure Mobile Collaboration – Leverage the rules and workflows defined in the policy manager to extend those policies and security controls to content accessed from iPads.
About HiSoftware HiSoftware provides content-aware compliance and security solutions for the monitoring and enforcement of risk management and privacy guidelines across digital environments. The company’s solutions provide a data governance and compliance platform for content management and collaboration processes that support corporate and brand integrity, site quality, accessibility and confidentiality for public websites and portals, as well as internal intranets and SharePoint sites. HiSoftware’s customers include some of the largest US and international government agencies, as well as Global 2000 companies. The company is headquartered in the United States in Nashua, New Hampshire and has international offices in Melbourne, Australia. For more information, visit www.hisoftware.com.
Corporate Headquarters One Tara Boulevard, Suite 104 Nashua, NH 03062 USA T: +888.272.2484 (U.S. & Canada) +1.603.578.1870 F: +1.603.578.1876 E: [email protected]
GRC Technology Innovator
2012 © 2012, Corporate Integrity, LLC
© Copyright 2013 HiSoftware Inc. All rights reserved. HiSoftware Compliance Sheriff, HiSoftware Security Sheriff, Sheriff Workflow and HiSoftware are trademarks of HiSoftware Inc. which may be registered in certain jurisdictions. HiSoftware Workspace Mobile is powered by AsdeqDocs. Any and all other product and company names mentioned herein are the trademarks or service marks of their respective owners.