An IGC White Paper

Securing your content: Brava Protected Libraries and automated redaction

More than 130 million users and 70 percent of large enterprises have adopted SharePoint as their collaboration and content management platform. While we can expect continued market penetration and increased use of SharePoint for managing sensitive and regulated content, numerous industry studies cite challenges with the platform’s security, compliance, and information governance. These challenges are not taken lightly.

A recent Information Week study rated data security controls as the most important feature of collaboration software platforms—higher than all other capabilities. The study found that monitoring content in collaboration platforms for security and policy violations was a challenge for 38 percent of respondents.

This paper describes common security and compliance challenges associated with SharePoint content and details how IGC’s Brava!® viewer can help address those challenges by providing greater control over content access and handling.

Organizations face three key issues when access to sensitive or regulated content in SharePoint libraries is not tightly controlled:

• Preventinginformationleakage via download, copy and paste, or misconfigured access controls • Balancingeaseofaccessanduse with security• Buildingsecuritycontrols to comply with relevant internal and industry regulations

BravaforSharePointaddressesthesesecurityconcernsbyenablingadministratorstolimitwhoseescontent,whatcontenttheyseeandwhattheycandowithitoncetheyseeit.WithBrava,SharePointcontentcanbekeptsafelybehindbars—visibleandtouchable,butnotchangeableortakeable.Itneverleavestherepository.

SharePoint customer security challenges

Brava for SharePoint: Control access to documents and the content within

Page 2 - Securing your content: Brava Protected Libraries and automated redaction

Viewing documents in Brava for SharePoint

IGC’s Brava viewer allows SharePoint users to access and annotate virtually any document content directly through the SharePoint portal without downloading the document to their computer. The Brava server simply converts documents from their native format to an IGC proprietary format, which is then streamed to the viewer for annotation and review.

Brava then takes security two steps further, allowing users to activate protected libraries and create redacted versions of documents with sensitive information removed. Brava’s protected library and redaction capabilities provide end users easy access to the information they need while still securing sensitive document content.

Brava Protected Libraries offer administrators options for securing their repositories. When the Brava Protected Library feature is activated on a library, users with read-only permissions on a document can access that document only through the Brava viewer. Users with write permissions on a document continue to work normally with a document, including checking in a new version, opening it in the original application or viewing it through Brava. When a read-only user tries to access the document, that user is automatically redirected to the Brava viewer.

Brava Protected Libraries do more than block a user’s ability to download a document through the SharePoint web interface. In addition, Brava will trap all requests for a document so users are automatically redirected to the Brava viewer, regardless of whether the user navigates to the document through SharePoint, clicks a link to the document in an email, or enters the URL of the document directly in a browser’s URL bar.

Read-only users are not able to copy and paste text from Brava, print the document, or save a PDF rendition. Brava even blocks the print screen command, so proprietary, personal and other sensitive content remains safe in the repository. Brava Protected Libraries protects from insider threats by ensuring that sensitive information never leaves the controlled confines of the SharePoint environment, while giving users access to the information they need to do their jobs.

Provide true read-only access to content with Brava Protected Libraries

With Brava, SharePoint content can be kept safely behind bars-visible and touchable, but not changeable or takeable.

It never leaves the repository.

Page 3 - Securing your content: Brava Protected Libraries and automated redaction

All of these processes are completely transparent to the user, who only has to click a link to see the document content directly inside the SharePoint portal. This prevents sensitive information from being lost when hard drives are sent outside an organization or replaced without being securely wiped, when laptops are stolen, thumb drives are misplaced, or when hackers access unsecured drives. Content can never be shared with anyone who lacks permission.

Sometimes users need to share documents that include customers’ private information, trade secrets, sensitive human resources information or other privileged information. Corporate governance policies, compliance concerns or government regulations may restrict your ability to share that sensitive content. In these cases, Brava’s redaction capabilities will assist in securing sensitive information.

Brava allows users to mark sensitive information for redaction and generate a new document with that content completely removed. They can manually mark areas for redaction, search for common privacy information such as social security numbers or enter their own text patterns to redact. All the content not marked for redaction is transferred to the new document unchanged, so users are still able to search for and use everything except the sensitive content. The redacted

information will never appear in the new document, so you never have to worry about someone extracting that information from the redacted document. This allows document sharing while still complying with the policies and laws governing management of sensitive information.

Brava consists of a SharePoint solution, a web application and a client-side viewer control. When a user accesses a document through Brava, the web application converts the document to IGC’s proprietary format, which is then streamed to the viewer. The original document is never sent to the user’s computer. The Brava web application can live behind a corporate firewall. This ensures that documents never even have to leave the corporate network, even if users are outside the network. All communication between the Brava viewer and server can be configured to use https, adding another degree of security to the communication.

Employing a robust protection strategy for SharePoint can allow your organization to comply with relevant regulations, secure your sensitive information and avoid expensive data breaches and brand damage. IGC solutions can also enable your organization to confidently deploy SharePoint as a platform for senior management, team collaboration, boards of directors, human resources and more.

IGC is a recognized leader in viewing, collaboration and redaction software, offering products that speed workflows, increase efficiency, and aid in regulation compliance. IGC solutions are deployed across almost every industry, with millions of installed seats worldwide.

Brava gives users access to needed information in documents quickly and allows them to make comments, remove sensitive information and create sanitized versions as PDFs, TIFFs or CSFs. Brava supports virtually any format, including office documents, images (e.g., TIFF, JPG, GIF) and CAD drawings. Redact-It® automatically creates public renditions of documents with sensitive content completely removed as part of a workflow. Blazon™, formerly known as Net-It®, automatically creates a TIFF or PDF version of the source document and enables users to add stamps, a watermark, or other information based on metadata from Microsoft SharePoint. Learn more at www.infograph.com/sharepoint.

A redacted file in SharePoint.

Brava architecture

About IGC

Protect sensitive information with comprehensive SharePoint security

Redact private or sensitive information

Brava’s protected library and redaction capabilities provide end users easy access to the information they need

while still securing sensitivedocument information.

© Copyright 2012 Informative Graphics Corporation

For more information, please contact:

Informative Graphics Corp.4835 E. Cactus Road, Suite 445Scottsdale, AZ 85254Phone: 800.398.7005 (intl +1.602.971.6061)URL: www.infograph.comEmail: info@infograph.com

Securing your content: Brava Protected Libraries and automated redaction