Managing Compliance and Security on Windows Server File Shares
Many organizations have turned to Content Management Systems (CMS) such as Microsoft SharePoint as the solution for storing and collaborating on their unstructured content. That said, many companies still have existing File Shares where terabytes of data are still being stored and accessed. Some will migrate that content over to a CMS like SharePoint, others will continue to store information in existing repositories.
Given all of the information that exists on enterprise File Shares and CMS systems, how are businesses managing this explosion of content? How can they ensure only authorized audiences have access to sensitive content? How can they prove they are meeting regulatory requirements?
Based upon the business rules associated with its classification, access to a document or content item within a File Share can be restricted to a specific individual or group, even if a wider audience has access to the site or library where the item physically resides. With file level permissions, administrators can reduce the number of folder locations that get created (folder location proliferation) just to cope with another set of collaborative users. Managing file permissions with Security Sheriff is easy since they are based on the metadata values added at the time of classification.
To further extend the tracking process you can also define rules in Security Sheriff to warn users on or prevent the distribution of sensitive information or confidential documents. For example, if a document is going to be emailed to a group and a listed recipient does not have proper access to that category of document, the email cannot be sent until that individual is removed from the distribution list. Users can also be prevented from printing, saving and copying the contents of Microsoft Office documents outside of the File Share.
Metadata-driven, Item-level Security
Security Sheriff's granular approach to security limits access at the item-level using secure metadata. In addition to better protecting your organization from an accidental breach, this approach also controls the proliferation of folders on Windows Server File Shares.
Security Sheriff looks at an entire folder of content to identify individual documents and files which should be secured based on specific policies. These policies are applied by scanning the content against the pre-defined checkpoints resident within the policy manager. This approach is possible because Security Sheriff is content-aware and users are able to read the actual data contained in a specific document and classify it against your business rules, using secure metadata. If desired, it restricts access to and encrypts the item(s).
Since permissions are applied at the individual file level using classification, as compared with solutions that secure or encrypt at the folder level, sensitive content can be stored, shared and collaborated on from any folder in the File Share. Security Sheriff also ensures access to the content is restricted to only those who have permissions to the file as defined by its classification.