Like many organizations, you've probably moved a lot of your corporate documents to SharePoint. What used to be hidden away on personal drives or shared folders can now be shared with a wider audience, helping to improve communication and decision making within your organization. But this greater accessibility comes at a cost to security; anyone who can view a document in SharePoint can use the Save As option to copy the document to their local computer. Users can then easily attach the document to an email and send it out. Many times this isn't even a malicious action; the user simply doesn't realize that the document is sensitive, or isn't thinking of the consequences of emailing sensitive information over the internet.
So what can you do to stop this? Short of implementing an enterprise rights management (ERM) solution such as Microsoft Rights Management Services (RMS), you can solve the problem in the following ways:
1) Use a product likeTitus Labs Metadata Security for SharePoint to prevent unauthorized users from seeing the document in the first place. This is a good solution if you want to restrict documents to certain users, rather than allowing access to everyone in the organization.
2) Use a product likeTitus Labs Message Classification to scan the content of attached documents, and warn the user if they are attempting to send a SharePoint document that is sensitive.
The second solution is what I'd like to focus on for today's blog entry. The ability to scan attached documents is something we've recently added to our Message Classification for Outlook product. The solution scans email and attached documents after the user clicks Send, and warns the user if they are about to expose sensitive information to unauthorized recipients. The feedback is immediate, like a spell check, helping to raise awareness and educate users on corporate email policy. Here is a sample screen shot:
You can also view a 3 minute demo here.
Message Classification is a great solution if you have specific keywords or regular expressions/text patterns that identify a sensitive document. For example, you may have SharePoint documents containing special project names or codes, or you may have documents with headers and footers that indicate the document is confidential. Message Classification can identify these types of documents, and prevent the user from sending them in email. It's the best of both worlds; you can still collaborate on these documents in SharePoint, but you can also prevent email slips by users.
As a client-based solution, Message Classification avoids the problem of email being blocked at the gateway due to false positives. If an email is incorrectly identified as sensitive, users can be given the option to override the warning and send the email anyway. This puts accountability on the user, while providing the flexibility to ensure business processes are minimally impacted by false positives. All warnings and overrides are logged, which means organizations can easily identify areas of concern, such as employees generating high numbers of overrides, or keywords that are triggering the most warnings.
Next week, our Product Manager, Stephen Kingston, will go into more detail about how you can use regular expressions to find these sensitive documents in email.