In our previous posts (Part 1) (Part 2), we identified three common SharePoint security concerns and how to address them using externalized authorization and attribute based access control. Now that we have ensured the data in SharePoint is secure, how do we extend that security beyond SharePoint?
Users who are authorized to access sensitive data in SharePoint can download that data and share it with anyone outside of SharePoint. The most common way to prevent this data from being shared with unauthorized users is through encryption and digital rights management.
Traditional DRM solutions can lead to the same concerns that we already addressed in SharePoint such as decentralized permissions/rights and relying on end users to properly determine who should have access to sensitive data outside of SharePoint. The optimal solution would be to extend our SharePoint security to the files that are shared outside of SharePoint which is possible with NextLabs EDRM.
NextLabs EDRM allows us to automatically encrypt and protect files in SharePoint while simultaneously protecting the files with the same NextLabs policies that we are already using to secure data in SharePoint. Policies determine which files are automatically protected based on classification or location in SharePoint.
When the file is protected in SharePoint, classification information from SharePoint is stored in the protected file. This means that column values in SharePoint will now follow the file throughout the lifecycle of the file even after it is downloaded and shared outside of SharePoint. These classifications are then used to enforce NextLabs policies.
The following file was uploaded to SharePoint and automatically protected based on the Top Secret classification.
When we download the file and view the classification of the protected file using NextLabs EDRM, we can see the SharePoint classification information which includes the Top Secret column value.
When we view the rights that the user has to the file, we can see that the same NextLabs policies that we used to secure SharePoint are also being enforced for the files that are downloaded and shared outside of SharePoint.
In this case, the user outside of the United States who could not access the top secret file in in SharePoint due to NextLabs policies is also denied access to the file shared outside of SharePoint. NextLabs EDRM allows us to automatically enforce policies throughout the lifecycle of the file.
nextlabs.wordpress.com 