File Shares - Security and Compliance

Security Sheriff®: File Share

Managing Compliance and Security on Windows Server File Shares

Many organizations have turned to Content Management Systems (CMS) such as Microsoft SharePoint as the solution for storing and collaborating all this unstructured content. That said, many companies still have existing File Shares where terabytes of data are still being stored and accessed. Some will migrate that content over to a CMS like SharePoint, others will continue to store information in existing repositories.

Given all of the information that exists on enterprise File Shares and CMS systems, how are businesses managing this explosion of content? How can they ensure only authorized audiences have access to sensitive content? How can they prove they are meeting regulatory requirements?

Secure File Share Content at the Document Level

The award-winning Security Sheriff® offers content-aware data loss protection (DLP) capabilities for Windows Server File Shares with metadata-driven, item level security to inspect and automatically restrict access to, encrypt, track and prevent the emailing of content based upon the presence of sensitive and/or non-compliant information.


With Security Sheriff, users can easily configure secure metadata and define choice values to suit any business requirement. Authorized users can classify documents according to their content, unlike standard metadata that can be modified by anyone that is allowed access. Using Security Sheriff users can define the level of sensitivity of the document as confidential, private or secret. Then depending on their selection additional levels of classification, including selecting the audience, department or project, can be added as required.


Based upon the business rules associated with its classification, access to a document or content item within a File Share can be restricted to a specific individual or group, even if a wider audience has access to the site or library where the item physically resides. With file level permissions, administrators can reduce the number of folder locations that get created (folder location proliferation) just to cope with another set of collaborative users. Managing file permissions with Security Sheriff is easy since they are based on the metadata values added at the time of classification.


Data loss prevention is a critical issue for many organizations. In addition to securing a document based on its classification (metadata), Security Sheriff can further secure File Share content by encrypting it. When Security Sheriff identifies sensitive content, it can encrypt the information immediately. This means only properly credentialed users will be able to read the content – whether inside or outside of the File Share – even if they have administrator privileges, making it safe to store confidential documents such as Board discussions and HR documents. It also ensures any documents that make it out of the files system can only be accessed by the credentialed users.


To further extend the tracking process you can also define rules in Security Sheriff to warn users on or prevent the distribution of sensitive information or confidential documents. For example, if a document is going to be emailed to a group and a listed recipient does not have proper access to that category of document, the email cannot be sent until that individual is removed from the distribution list. Users can also be prevented from printing, saving and copying the contents of Microsoft Office documents outside of the File Share.