What is cp.Protect?
cp.Protect is a suite of integrated data protection, advanced encryption and privacy compliance solutions for Microsoft SharePoint 2010, 2013, 2016 and 2019 as well as for SharePoint Online (Microsoft Office 365), OneDrive and Windows File servers. cp.Protect provides:
- Transparent Sharepoint file and list encryption for the documents in use, in flight, and at rest
- Centralised SharePoint security permissions management
- Granular activity logging for sensitive and regulated data in unstructured data repositories.
cp.Protect is unique in its ability to control and restrict privileged users (e.g. farm administrators, site collection administrators, database administrators, etc.) access to data.
Why use SharePoint encryption for better security?
Encryption of SharePoint data automatically to protect the sensitive content is vital, especially nowadays during remote work. Here are the several things you should keep in mind about the security and encryption of your SharePoint documents and files (especially highly sensitive data in them like PII, PHI, IP, M&A or Board documents):
- Sensitive document encryption in SharePoint allows you to ensure that your data stays protected in case it is leaked somewhere;
- Automatic sensitive data identification and following encryption is a must for securing SharePoint infrastructure;
- Highly sensitive files in SharePoint shouldn’t be allowed to move without encryption: emails, public folder sharing or even printing should be restricted;
- Automatic or manual content classification in SharePoint allows users to identify, set proper permissions and encrypt the compliant PII data;
- SharePoint encryption must work on the item level to ensure that each file can be accessed by only those who need to work with it.
How data is encrypted in SharePoint with cp.Protect?
Securing and encrypting documents and databases with cp.Protect can be done via easy-to-use rules. Such a rule would contain the actual location of the data you’re securing, a list of users with permissions to view this data, and lastly the key management policy associated with that rule, which governs key length and key rotation.
There are also other useful parts of the cp.Protect’s management console. For example, the encryption key management page allows easy handling of both encryption and actual key management with zero administrators required to manually create or manage keys. Cipherpoint allows you to replace all that with just setting up policies that govern the entire process of key creation and management. An example below shows an existing policy for classified documents that has AES-256 SharePoint encryption applied to it and the system itself changes the keys every two years.
The Access controls tab is all about specifying what user groups have access to the decrypted files in SharePoint. There are four main options for this here:
- “None” – the system is relying entirely on the existing SharePoint permissions;
- “Block Admins” – blocks the admins from anyone with administrative rights to prevent stealing under the administrator account;
- “Specified Users” – specific control over who exactly has access to that specific information;
- “Metadata (ABAC) Based” – allows you to use information’s metadata to make permission decisions dynamically based on a specific document’s classification or a number of other attributes.
Once you’ve created these policies, securing your information in SharePoint is quite easy – you just have to create a few simple rules to tell the system where’s the location of your sensitive information, who should be able to view it and how tightly that info should be encrypted.
How does cp.Protect work for SharePoint data protection?
cp.Protect includes a centralised security server for policy administration & automated encryption key management and an agent that enforces these security policies for documents sitting on file servers, SharePoint (on-premise and online), and OneDrive. Our SharePoint security tool is totally transparent to end users and does not require deployment of software to user devices.
As users upload information or documents to a SharePoint server secured by cp.Protect, that information is immediately and transparently encrypted and remains encrypted in use, in flight, and at rest. This means Sharepoint data is encrypted before it is stored in the database which means any information stored in backups is also encrypted, preventing even database administrators from seeing sensitive information. Only users authorised by the centrally managed cp.Protect security policies may view unencrypted content.
Transparent SharePoint file encryption with key management
Scalable and Flexible
Modular pricing to meet different security needs and budgets
Permissions and Auditing
Centralised access controls and real-time activity logging
Privileged User Controls
Prevent disclosure of sensitive info to IT administrator accounts