HiSoftware Security Sheriff®

SharePoint® and Office 365™

The SharePoint and Office 365 Security Gap

While thousands of organizations are deploying SharePoint and Office 365 to manage enterprise content, streamline business processes, and deliver enterprise 2.0 collaboration capabilities, compliance and security concerns − and their associated risks − remain top of mind. As the amount of content and user interaction increases, particularly given the enhanced collaborative capabilities of Microsoft's collaboration platforms, the chance for a SharePoint or Office 365 security breach or compliance violation increases as well. A solution that automatically classifies, applies permissions, tracks, encrypts and prevents the inappropriate storage, access and distribution of sensitive content stored in SharePoint and Office 365 is clearly necessary to overcome this confidence gap.

Securing Sensitive Content with Metadata-driven, Item-level Security

The award-winning HiSoftware Security Sheriff® offers content-aware data loss protection (DLP) capabilities for SharePoint 2010 and 2013, as well as Office 365 and hybrid environments by providing the ability to inspect and automatically restrict access to, encrypt, track and prevent the publishing of content based upon the presence of sensitive and/or non-compliant information.

Security Sheriff's granular approach to SharePoint and Office 365 security limits access at the item-level using secure metadata. In addition to better protecting your organization from an accidental breach, this approach also controls the proliferation of sites and libraries in SharePoint. For example, if a company’s board of directors is considering a potential merger, the confidential merger documents can be stored anywhere in SharePoint classified as Board Only, making the sensitive content visible only to relevant parties. Other solutions would require the provision of a new site every time such a restricted project was undertaken. Most importantly, without metadata-driven, item-level security the end user has to remember the proper location for every sensitive item they create or edit to ensure appropriate access – a certain recipe for a breach.

Security Sheriff secures content and enforces compliance in SharePoint and Office 365



Organizations can scan information at rest within their SharePoint and Office 365 sites against hundreds of existing and easily configurable policy checkpoints to assess the level of sensitive information present and identify compliance issues. You can also scan data in motion against these or custom corporate policies as documents are added, updated or moved in and out of your environment.



Based upon the business rules associated with its classification, access to a document or content item within SharePoint can be restricted to a specific individual or group, even if a wider audience has access to the site or library where the item physically resides. With file level permissions, administrators can reduce the number of sites that get created (site proliferation) just to cope with another set of collaborative users. Managing file permissions with Security Sheriff is easy since they are based on the metadata values added at the time of classification.



Data loss prevention is a critical issue for many organizations. In addition to securing a document based on its classification (metadata), Security Sheriff can further secure content by encrypting it. When Security Sheriff identifies sensitive content in SharePoint or Office 365, it can encrypt the information immediately. This means only properly credentialed users will be able to read the content – whether inside or outside of SharePoint – even if they have SharePoint administrator privileges, making it safe to store confidential documents such as Board discussions and HR documents. It also ensures any documents that make it out of SharePoint can only be accessed by the credentialed users.



With the optional HiSoftware Sheriff Workspace Windows and the Office Connectors, Security Sheriff can also track the entire lifecycle of Office documents. This means that a policy manager or security officer can see if and when a document has been read, emailed, or printed and by whom. A document’s entire “chain of custody” is recorded and easily available in the event of a breach or a regulatory audit.



Security Sheriff can trigger workflows to quarantine, move, request approval from policy officers / managers or request explanations from users. Complete business rules can be developed so that you can remediate compliance issues and/or task the proper individual(s) in the organization to review and potentially classify, re-classify or encrypt the content. Workflow can also be used to prevent the publication of confidential documents. Organizations can also block documents from being added, published or moved in SharePoint. HiSoftware has built special purpose connectors for integrating with Nintex Workflow to create custom actions. You can also define rules in Security Sheriff to warn users on, or prevent the distribution of sensitive information or confidential documents. For example, if a document is going to be emailed to a group and a listed recipient does not have proper access to that category of document, the email cannot be sent until that individual is removed from the distribution list. Users can also be prevented from printing and saving Microsoft Office documents outside of SharePoint.

Resources & Related Literature

Video: Managing Compliance & Security Risk in SharePoint

Take 5 minutes and learn how to manage SharePoint Compliance & Security Risk in 6 easy steps!

Cryptzone Managing Compliance Risk Webinar

Video: Securing Office 365 Content

Cryptzone for Office 365 Webinar