Securing sensitive documents in Sharepoint
Sharepoint Permissions & Document Security Issues
One of the biggest issues facing enterprises when working with SharePoint, is having users with more access privileges to documents than they should.
Planning and assigning permissions is a crucial part of every document management system, not only because of the confidential factor of enterprise content, but because inconsistent security plans can become an obstruction to the document generation process. Different documents may have to be secured differently for different users and document access permissions may need to be changed during a documents life cycle.
Assigning permissions becomes more complex in environments with lots of documents or where documents are constantly moved around – you can easily lose track of permissions, suffer from performance issues, and compromise document security.
And what happens if a secure document leaves the Sharepoint environment? How does a company share documents securely with its subsidiaries, and how do you ensure that the access controls remain with the document?
Assigning Sharepoint Permissions
In Sharepoint you can assign permissions to secure sensitive documents at the folder level and the document level.
Folder permissions ensure that any document placed inside a ‘secure’ folder will automatically be protected with the permissions assigned to that folder. However, this strategy relies on users putting documents in the correct folders and not copying them to other folders when collaborating with different users. If folder structures become too complex and users become unsure as to what files go where then they will abandon Sharepoint and copy documents to their desktop or other devices, or use folders they can work with that will most likely not be protected. And once sensitive documents are placed in folders that do not have the appropriate permissions, the SharePoint environment and the documents are no longer secure. So Sharepoint folder security relies on an simple folder structure where users want to obey the rules – it only works as long as everyone always puts the files back in the right folder.
Unlike folder level permissions, document level permissions travel with documents regardless of where they are stored in a SharePoint environment. Administrators can set up Sharepoint so documents are automatically classified based on the presence of sensitive information. Administrators can also create permissions that prevent documents from being printed, edited, or saved outside of the SharePoint environment. If that sounds too good to be true, then it is… To achieve document level security in Sharepoint requires administrators to define security policies against specific metadata, and SharePoint has limited metadata functionality. In addition, administrators can’t prevent people from accidentally or maliciously editing document metadata in ways that remove security (although this may seem academic as users can find ways around documents being tagged to begin with).
So the bottom line is Sharepoint was not built with security in mind. It was added later as an afterthought and is as effective as a fig leaf for securing your assets.
Sharepoint Document Security & Locklizard Integration
Providing document security for documents hosted within Sharepoint
Locklizard’s DRM security makes the problem of securing documents in Sharepoint simple to solve – administrators do not have to worry about assigning access permissions (which can be easily circumvented) in Sharepoint. With Locklizard, documents are secured before they are stored in Sharepoint and are always protected against unauthorized use and misuse no matter where they reside (within or outside the Sharepoint environment) or who they are shared with. It is a simple matter of protecting documents, adding them to Sharepoint, and then assigning what users have access to those documents in Locklizard.
Locklizard enables you to leverage Sharepoint access controls by implementing DRM functionality over the secure PDF documents that you load into Sharepoint. For instance, users logging into a SharePoint account will be shown documents available to them, but still be subject to the overarching rules controlling use, watermarking, start and end dates and so on that Locklizard DRM functionality imposes regardless of whether the recipient is a BYOD or a Mac device. Users cannot change the DRM controls applied to documents, and these controls remain with the documents wherever they go. If protected documents are given to unauthorized users then they won’t be able to view them. This allows SharePoint administrators to achieve much higher overall security regardless of the end environment.
And protected PDF documents (PDC files) are stored in Sharepoint just like any other file type so you don’t have to worry about any integration issues.
Locklizard Sharepoint document security Demo
Click on the demo below to see our Sharepoint document security demo in action.
You need to login with the following details:
User Name: firstname.lastname@example.org