Data Security in SharePoint and Other Sticky Situations

I saw ToneCheck mentioned on Fast Company's fastcodesign site in a blog post. It reminded me of products I've seen demoed, on a larger scale, for SharePoint. First, though, let's see what Fastcodesign says about ToneCheck:

"ToneCheck is a sort of e-superego to your e-id. By scouring email for name-calling, profanity, nasty wordplay -- whatever -- it helps turn epistolary venom into sugar. ... The plug-in was created by Lymbix, a Canadian company (natch), and it's featured in the New York Times Magazine's Year In Ideas, which prints on Sunday."

Security professionals will likely recall enterprise solutions over the years that employ word recognition, heuristics, and Group Policy (or Group Policy-like) settings to control what information leaves an organization via email or other routes.

Recently, I sat in on a briefing from HiSoftware, a company whose main purpose in life is helping others achieve compliance. With the proliferation of SharePoint sites, it's only a matter of time, it seems, before we hear of some security/data breach via SharePoint--somebody mentions a confidential fact on the company intranet and it gets spread or a file gets loaded into the wrong place.

"Privacy right now is where security was 10 years ago," says HiSoftware CTO Thomas Logan. As the number of organizations using SharePoint grows and as the many ways to interact on SharePoint have increased, so does the potential for a data breach, if even accidental. HiSoftware's Larry Kincannon uses an example of a bank with thousands of employees using SharePoint--"Somebody mentioned the code name for an acquisition and it caused concern in the organization and with regulators."

HiSoftware's Compliance Sheriff for Microsoft SharePoint Server provides out-of-the box "checkpoints" that are run against content (372 checkpoints so far), gleaned from customer scenarios. And of course, they can be customized to a particular organization's needs and customized to various groups or departments within an organization.

Because Compliance Sheriff leverages the SharePoint API, it in essence becomes a built-in workflow. When a user types in a particular word or phrase, the solution analyzes it against the checkpoints and either flags it and asks that it be fixed—and offers suggestions for how to fix it—or disallows the use of that word or phrase entirely. It can also prevent the uploading of, say, a spreadsheet or other document with confidential information in it, such as patient information or credit card numbers. Because it works within SharePoint workflows, it can also enforce SharePoint governance policies. It also offers reporting capabilities include privacy/security scorecards to demonstrate compliance and can offer insight into who needs more education about compliance in an organization.

While it’s working to safeguard data and information by reducing access to data, Compliance Sheriff can also provide another benefit—working to enhance access to data. While the Americans with Disabilities Act (ADA) doesn’t currently require that online data be accessible to those with disabilities, there is interest in various sectors in making online sites accessible. For example, the Veteran’s Administration is one government agency that not only needs to protect patient data but needs to ensure its employees and clients, many of whom are disabled, are able to get access to the VA’s content on its sites. HiSoftware’s Compliance Sheriff interestingly meets both of those needs. To learn more, see the HiSoftware website.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.