HiSoftware assigns Sherrif to SharePoint security

HiSoftware has launched a content-aware compliance and security solution for SharePoint 2010, HiSoftware Security Sheriff SP. The product was built by HiSoftware’s 8-strong Australian development team in Melbourne, and tackles the challenge of securing sensitive documents that reside inside SharePoint.

Mike McAuley, vice-president of R&D at HiSoftware, said Privacy Acts around the world now require that documents containing personally identifiable information (PII), even when at rest, must be encrypted.

McAuley was behind the development of HiSoftware’s Compliance Sheriff six years ago. Compliance Sheriff, scans content in SharePoint and other ECM systems to identify content that should be subject to security, or which infringes other compliance scenarios such as WCAG accessibility. The new Security Sheriff product  allows a Policy Officer to set rules relating to security, identify and monitor content infringements, and automate the application of security profiles to content.

It aims to make SharePoint safe for sensitive enterprise data, from personally identifiable information to financials, strategic product information, HR data and more. 

“A  problem with SharePoint has always been that it decrypts documents when they are placed back into SharePoint. So when Compliance Sheriff identifies a document in SharePoint that contains PII data, Security Sheriff encrypts it. No longer do organisations  need to store secure documents on a separate disk with rights management,” said McAuley.

“Our major US government customers such as Veterans Affairs, Internal Revenue Service and Homeland Security wanted a solution that could keep content in place.”

“It also solves the problem for commercial organisations that don’t want IT administrators to automatically have access to highly sensitive documents such as discussions on mergers and takeovers.”

Options are also available to extend the solution to provide workflow based on document metadata, auditing and allow user-classification. These make use of an OEM license of Nintex, the Australian-developed SharePoint workflow product.

A recent IDM survey found that one third of Australian organisations to respond were using SharePoint as their primary ECM platform.

"Security and compliance are emerging as key stumbling blocks for enterprises who want to take full advantage of the content management and collaboration features within SharePoint 2010," said HiSoftware CEO Kurt Mueffelmann. 

“As SharePoint grows, the type and composition of data organisations want to store and share expands as well, with big implications for information governance and user adoption.  By building on the strength of our content-aware rules engine and allowing organisations to take advantage of new functionality for both policy- and user-based classification, as well as encryption, we’re removing those barriers.”

Leveraging the hundreds of checkpoints built-in to the company’s proprietary rules engine, HiSoftware’s solutions continuously scan all SharePoint content (documents, libraries, lists and sites) as it moves in and out of the environment to identify specific policy violations and classify items via the addition of SharePoint metadata values.

Once classified by the rules engine, these values can then be utilised by Security Sheriff SP to encrypt and/or apply permissions that restrict access to the item, regardless of the permissions applied to the larger SharePoint site, library or list in which the item physically resides. 

Security Sheriff also tracks the document’s full chain of custody and, when deployed with the HiSoftware Connector for Microsoft Outlook, can prevent it from leaving SharePoint via email to an unauthorised user. Classification can also aid in e-discovery, search and retrieval, and provide a persistent form of identification for sensitive content as the SharePoint environment grows and evolves.

Security Sherif will be demonstrated for the first time in Australia at Share 2011 in Sydney at the end of November.
www.hisoftware.com

Request further information - Article