sharepoint document security

Sharepoint Document Security

Sharepoint Security: Securing sensitive & confidential documents

  Free Trial & Demo

“Fantastic product… outstanding support.”

“We would recommend Locklizard to others”

“The clear leader for PDF DRM protection”

“Our ebook sales have gone through the roof”

“Simple & secure – protects IPR from theft”

Trusted by:

SharePoint Security: Permissions & Document Security Issues


One of the biggest issues facing enterprises when working with SharePoint, is having users with more access privileges to documents than they should.

Planning and assigning permissions is a crucial part of every document management system, not only because of the confidential factor of enterprise content, but because inconsistent security plans can become an obstruction to the document generation process.  Different documents may have to be secured differently for different users and document access permissions may need to be changed during a documents life cycle.

Assigning permissions becomes more complex in environments with lots of documents or where documents are constantly moved around – you can easily lose track of permissions, suffer from performance issues, and compromise document security.

And what happens if a secure document leaves the Sharepoint environment?  How does a company share documents securely with its subsidiaries, and how do you ensure that the access controls remain with the document?

Sharepoint Document Security: Assigning SharePoint Permissions

In Sharepoint you can assign permissions (Sharepoint document access control) to secure sensitive documents at the folder level and the document level.

Folder permissions

Folder permissions ensure that any document placed inside a ‘secure’ folder will automatically be protected with the permissions assigned to that folder.

However, this strategy relies on users putting documents in the correct folders and not copying them to other folders when collaborating with different users.  If folder structures become too complex and users become unsure as to what files go where then they will abandon Sharepoint and copy documents to their desktop or other devices, or use folders they can work with that will most likely not be protected.  And once sensitive documents are placed in folders that do not have the appropriate permissions, the SharePoint environment and the documents are no longer secure.

So Sharepoint folder security relies on an simple folder structure where users want to obey the rules – it only works as long as everyone always puts the files back in the right folder.

Document permissions

Unlike folder level permissions, document level permissions travel with documents regardless of where they are stored in a SharePoint environment.

Administrators can set up Sharepoint so documents are automatically classified based on the presence of sensitive information.  Administrators can also create permissions that prevent documents from being printed, edited, or saved outside of the SharePoint environment.  If that sounds too good to be true, then it is…  To achieve document level security in Sharepoint requires administrators to define security policies against specific metadata, and SharePoint has limited metadata functionality.  In addition, administrators can’t prevent people from accidentally or maliciously editing document metadata in ways that remove security (although this may seem academic as users can find ways around documents being tagged to begin with).

So the bottom line is Sharepoint was not built with security in mind.  It was added later as an afterthought and is as effective as a fig leaf for securing your assets.

Sharepoint Document Security: How to protect confidential & sensitive documents with Locklizard

Providing document protection for documents hosted within Sharepoint

Locklizard’s DRM security makes the problem of securing documents in Sharepoint simple to solve – administrators do not have to worry about assigning access permissions (which can be easily circumvented) in Sharepoint.  With Locklizard, documents are secured before they are stored in Sharepoint and are always protected against unauthorized use and misuse no matter where they reside (within or outside the Sharepoint environment) or who they are shared with.  It is a simple matter of protecting documents, adding them to Sharepoint, and then assigning what users have access to those documents in Locklizard.

Locklizard enables you to leverage Sharepoint access controls by implementing DRM functionality over the secure PDF documents that you load into Sharepoint.  For instance, users logging into a SharePoint account will be shown documents available to them, but still be subject to the overarching rules controlling use, watermarking, start and end dates and so on that Locklizard DRM functionality imposes regardless of whether the recipient is a BYOD, Windows, or a Mac device.  Users cannot change the DRM controls applied to documents, and these controls remain with the documents wherever they go.  If protected documents are given to unauthorized users then they won’t be able to view them.  This allows SharePoint administrators to achieve much higher overall security regardless of the end environment.

And protected PDF documents (PDC files) are stored in Sharepoint just like any other file type so you don’t have to worry about any integration issues.

Locklizard Sharepoint Document Protection

Locklizard protected documents are stored in Sharepoint just like any other file.  You can provide links to the secure Viewer, license files and secure documents.

Why Locklizard for Sharepoint Document Protection?

Locklizard provides many security advantages over Sharepoint document access rights:

  • Simple to use

    You don’t have to worry about setting complicated Sharepoint document access rights, document, group, or folder permissions, in order to control access to confidential and sensitive documents.

    Safeguard enables you to restrict document access and apply DRM controls in one easy step with persistent protection.  Protect your documents using Safeguard and then store them in Sharepoint.  You can then stop sharing and control use of your documents even if they are removed from the Sharepoint environment.

  • DRM Controls

    Safeguard provides additional document security controls beyond Sharepoint access rights.  These ensure persistent document protection regardless of where documents located and enforce secure document sharing.

    • Stop sharing – documents are locked to authorized devices
    • Stop screen grabbing (even from remote locations)
    • Stop printing (or limit the number of prints)
    • Expire documents after a number of days use, views, prints, or on a fixed date
    • Revoke documents instantly (regardless of where they are located)
    • Lock document access to specific locations
    • Track document use – track views and prints
  • Document Expiry & Retention

    Documents can be set to expire:

    • on a fixed date
    • after a number of days use
    • after a number of views
    • after a number of prints

    Automatically enforce document retention policies and ensure that documents can no longer be used after a period of time.

    Safeguard provides flexible document expiry so you can retire documents or user access depending on your requirements:

    • The same document can be set to expire at different times for different users, or not expire for some users but expire for others.
    • If you want to change document expiry dates for individual or all users you can easily do that after a document has been distributed.
    • User accounts can also be set to expire on a fixed date (which you can change at any time) so that individual user access to all documents is automatically revoked when this timeframe is reached.
  • Device & location locking

    • Lock use to authorized devices to stop users sharing documents with others
    • Control the number of devices users can view your protected documents on
    • Lock use to locations (e.g. the office) to prevent users viewing confidential documents from unauthorized locations (e.g. at home)
  • Document Access Tracking

    Track when documents are accessed (viewed and printed).

    Track who opened a document, when it was read and/or printed, at what location and on what device.

  • No Passwords

    With Safeguard there is no need to password protect documents.  Documents are protected using public key technology – there are no keys to manage or distribute.

    There are no passwords or codes for users to enter in order to access a protected document – keys are transparently and securely transferred to authorized devices and documents are decrypted on-the-fly in memory.

Locklizard takes your document security seriously.  Protect documents securely without insecure passwords or plug-ins, and enforce access, location, expiry, and usage controls.  Our DRM technology ensures your sensitive and confidential Sharepoint documents remain safe no matter where they reside with US Gov Strength encryption, licensing, and DRM controls.  Document content is decrypted in memory and no temporary files are used.

Customer Testimonials