Post on 12-Apr-2017
Security Sheriff:Dynamic SharePoint File Protection
JaneManagerProject A
AdamDeveloperProject A
JoeSystem Analyst
Project B
Coffee Shop
Consultant
Enterprise Headquarters
Office 365 /SharePoint Online
SharePoint 2016
SharePoint 2013
Protecting Usersin Motion
2
Protecting Files in Motion
3
Security depends on content and context
Implement consistent policies throughout hybrid environments
Tailor protection to the file’s location and content
Secure SharePoint files even after they leave the company
DEVICE TIME
CUSTOMATTRIBUTES SECURITY
CLEARANCE
LOCATIONGROUPPERMISSIONS
User Properties
CUSTOM ATTRIBUTES
DATE
SITE PERMISSIONS
AUTHOR
LOCATION
File Identity
Security Sheriff: User and Data Security
4
DEVICE TIME
CUSTOMATTRIBUTES SECURITY
CLEARANCE
LOCATIONGROUPPERMISSIONS
User Properties
CUSTOM ATTRIBUTES
DATE
SITE PERMISSIONS
AUTHOR
LOCATION
File Identity
Security Sheriff: User and Data Security
What a user sees when viewing and searching for files
Real-Time Authentication Determines
5
DEVICE TIME
CUSTOMATTRIBUTES SECURITY
CLEARANCE
LOCATIONGROUPPERMISSIONS
User Properties
CUSTOM ATTRIBUTES
DATE
SITE PERMISSIONS
AUTHOR
LOCATION
File Identity
Security Sheriff: User and Data Security
Real-Time Authentication Determines
6
Whether a user can open, export, or copy a file
DEVICE TIME
CUSTOMATTRIBUTES SECURITY
CLEARANCE
LOCATIONGROUPPERMISSIONS
User Properties
CUSTOM ATTRIBUTES
DATE
SITE PERMISSIONS
AUTHOR
LOCATION
File Identity
Security Sheriff: User and Data Security
Real-Time Authentication Determines
7
What actions are enabled in the Microsoft ribbon
DEVICE TIME
CUSTOMATTRIBUTES SECURITY
CLEARANCE
LOCATIONGROUPPERMISSIONS
User Properties
CUSTOM ATTRIBUTES
DATE
SITE PERMISSIONS
AUTHOR
LOCATION
File Identity
Security Sheriff: User and Data Security
Real-Time Authentication Determines
8
If a file is encrypted when saved, copied, or emailed
DEVICE TIME
CUSTOMATTRIBUTES SECURITY
CLEARANCE
LOCATIONGROUPPERMISSIONS
User Properties
CUSTOM ATTRIBUTES
DATE
SITE PERMISSIONS
AUTHOR
LOCATION
File Identity
Security Sheriff: User and Data Security
Real-Time Authentication Determines
9
If a file should be emailed
DEVICE TIME
CUSTOMATTRIBUTES SECURITY
CLEARANCE
LOCATIONGROUPPERMISSIONS
User Properties
CUSTOM ATTRIBUTES
DATE
SITE PERMISSIONS
AUTHOR
LOCATION
File Identity
Security Sheriff: User and Data Security
Real-Time Authentication Determines
10
If a user must view the file securely
Configurable Policies and Rules
• Centrally or Locally Managed
• Leverage Classifications
• Server Application Only
11
Office 365 /SharePoint Online
SharePoint 2016
Remote Collaboration
12
HeadquartersFull Clearance
Project AOffice 365 /
SharePoint Online
SharePoint 2016
• Encrypt Top Secret Files on Download• Employee Access to Internal Files• Access to Project A Files Only• Full Usage on Secured Network and Device
Remote Collaboration
13
Coffee ShopFull ClearanceProject A & B
Office 365 /SharePoint Online
SharePoint 2016
• Read-Only Secure View of Top Secret Files• Employee Access to Internal Files• Access to Project A & B FilesLimited Usage• Encrypt Download
Remote Collaboration
14
External ContractorLimited Clearance
Project AOffice 365 /
SharePoint Online
SharePoint 2016
• No Access to Top Secret Files• No Access to Internal Files• Access to Project A Files Only• Limited Usage • Encrypt Download
Remote Collaboration
15
Ribbon Rules Secure Reader Rules
Dynamic Access Rules
Top Secret
HeadquartersFull Clearance
External ContractorLimited Clearance
Coffee ShopFull Clearance
ITAR
ITAR
Watermark
ITAR
Remote Collaboration with Security Sheriff
16
Ribbon Rules Secure Reader Rules
Dynamic Access Rules
Top Secret
HeadquartersFull Clearance
RESTRICTIONS: No Save As
External ContractorLimited Clearance
Coffee ShopFull Clearance
RESTRICTIONS: RMS Encrypt on Use
PASS: Can See File
ITAR
ITAR
Watermark
ITAR
Remote Collaboration with Security Sheriff
17
Ribbon Rules Secure Reader Rules
Dynamic Access Rules
Top Secret
HeadquartersFull Clearance
RESTRICTIONS: No Save As
RESTRICTIONS: No Print, No Save As,
No Download
External ContractorLimited Clearance
Coffee ShopFull Clearance
RESTRICTIONS: View with Zero-Footprint
Secure Reader
RESTRICTIONS: RMS Encrypt on Use
PASS: Can See File
PASS: Can See File
ITAR
ITAR
Watermark
ITAR
Remote Collaboration with Security Sheriff
18
Ribbon Rules Secure Reader Rules
Dynamic Access Rules
Top Secret
HeadquartersFull Clearance
RESTRICTIONS: No Save As
RESTRICTIONS: No Print, No Save As,
No Download
External ContractorLimited Clearance
Coffee ShopFull Clearance
RESTRICTIONS: View with Zero-Footprint
Secure Reader
RESTRICTIONS: RMS Encrypt on Use
FAIL: Cannot See File
User Clearance is less than Document Classification
PASS: Can See File
PASS: Can See File
ITAR
ITAR
Watermark
ITAR
Remote Collaboration with Security Sheriff
19
Security Sheriff Benefits…
Consistent security policies across all environments
Automates SharePoint and RMS features (BYOD)
Dynamic access accommodates the variable workforce
No end-user education required
Zero footprint empowers remote users
20