Features & Benefits
Features & Benefits
Protect your organisation's sensitive information with an enterprise end-to-end information protection solution. Allow information owners to classify their data and have it protected against exfiltration or misuse through the application of mandatory access controls that can be enforced and monitored not only in SharePoint but via e-mail and at the end-point (printing, moving to external storage devices, etc.).
Not classifying data in SharePoint is a data breach waiting to happen. Berkeley's proprietary Enterprise Security Services Platform (ESSP) allows organisations to define an information security policy and enforce that policy within SharePoint. With ESSP you can require information owners to classify all SharePoint content with security metadata and then establish mandatory access controls based on this metadata and user attributes. Ensuring that all SharePoint content, even calendar appointments is classified is the quickest and most cost effective way to prevent a data breach.
Why should users have to classify material in Microsoft Office and then reclassify it when they upload it to SharePoint? This leads to human error and data breaches. Allow users to classify their content in either Microsoft Office or Windows Explorer and have that security metadata automatically applied in SharePoint. When users download content from SharePoint, the security classification goes with the content. If attached to an e-mail your security policy will be enforced, and the e-mail will be classified automatically at the highest classification level of any attachment. Stop individuals accidentally or deliberately bypassing your SharePoint security by e-mailing content to users who should not have access.
ESSP secures your content in SharePoint windows explorer mode, with FAST Search and all API calls - straight out of the box.
Developing a data governance scheme or information security policy can be hard work, but enforcing it is more difficult. Enterprise Security Services Platform (ESSP) ensures your organisation's information security policy is enforced by applying your mandatory access control rules.
Comply with policies such as:
Unauthorised access, inadvertent data breaches and misuse of critical business data can cost your company millions and senior IT staff their jobs. With ESSP content is only visible to, and accessible by users who have attributes that meet your mandatory and discretionary access control rules.
IT staff typically have little to no idea who should be accessing sensitive content, so why have IT staff manage permissions in SharePoint? With little or no training required, business units can manage their permissions groups and use those groups to apply discretionary access controls. An intuitive, familiar user interface gives individual work group leaders a single view to efficiently take personal control of user and group permissions defining who sees, edits and shares sensitive data. ESSP also integrates with ADFS and IBM Tivoli Identity Manager
Out of the box SharePoint and other SharePoint security solutions that utilise item level security suffer badly from performance degradation. As a result, information that should be contained in a single document library is split into many libraries to avoid performance constraints.
Engineered from the ground up to overcome the scale and complexity challenges of large scale SharePoint deployments. ESSP allows users to apply item level security without some of the typical performance problems associated with "Breaking Inheritance*". We mitigate many of the performance degradation issues and Microsoft's officially documented constraints on sites and lists.
* Breaking Inheritance is where permissions on a content item are no longer inherited from the list they are contained in. This is the process in SharePoint of applying item level security.
The "Insider Threat" is the most difficult data security risk to mitigate and yet it's the most dangerous. ESSP ensures your insider threat is mitigated by simplifying the application of mandatory and discretionary access controls. Other functionality includes live notifications when sensitive content is accessed, and the ability to require a work peer or manager to authorise specific one-time access to a content item. ESSP even blocks site-collection administrators from accessing content
Berkeley boasts nearly two decades of experience with the Defence community keeping the world’s most sensitive shared data available to all those who need it yet safe and secure from those who are not meant to see it.
Enterprise Security Services Platform for Sharepoint
Enterprise Security Services Platform for Sharepoint
With an active defence to the Trusted Insider threat
Require information owners to classify all SharePoint content. Limit the visibility of individual documents, calendar appointments, announcements and other types of content. All content is presented with a visible "Security Tag"
Usually site collection administrators can see all content regardless of permissions. Not anymore. Site collection administrators can't access content unless they log in with a normal user account.
We've revolutionised SharePoint security by introducing hierarchical security that maps to your organisation structure. This allows for content owners to limit the visibility of content to areas of the organisation.
Our patented subtractive claims technology will stop users seeing content based on multiple user attributes such as nationality, organisation, organisational group, clearance level etc. Gone are the days of creating thousands of document libraries / sites due to security concerns. ESSP even works with Enterprise Search applications such as FAST and Lexmark Perceptive Search.
Set an expiry date on a user's group membership to make administration easy and ensure staff don't keep access to sensitive content when they move around an organisation.
Content is no longer owned by a user. When adding content the user selects an organisational group against which they have "Add Content" permissions. This ensures as staff come and go, documents don't become orphaned and new staff gain access automatically.
Little or no training required. An intuitive, familiar user interface gives individual work group leaders a single view to efficiently take personal control of user and group permissions defining who sees, edits and shares sensitive data.
Delegate group permission management to the business unit. Lighten the load on IT personnel so they can refocus on more technical tasks instead of wasting valuable time on mundane and repetitive information security and access management processes.
Lock down highly sensitive data by ensuring it can only be accessed when a second authorised user authenticates and only for a defined period of time.
Engineered from the ground up to overcome the high security, scale and complexity challenges of strategic and operational Defence networks. More than capable of meeting all public and private sector information security management needs.
It shouldn’t just be about plugging leaks after they occur and efficiently mopping up the damage. Real time monitoring and validation of security including automated alerts to information owners of inappropriate access stops the loss or damage caused by breaches before they happen.
Allows organisations to fulfil their obligations and demonstrate compliance with regulatory and/or commercial imperatives for data security management. Integrates with your governance framework out-of-the-box.
All data posters are automatically prompted to classify information and define user and group permission boundaries designating who can see, edit and share data via mandatory security metadata.
Go Live straight away. No need for expensive, time consuming rules based configuration that becomes a nightmare to manage. Delivering comprehensive information security peace-of-mind.
Governments: Ensure foreign nationals only see content releasable to their country
Companies: Ensure "Internal-Use-Only" material cannot be seen by external users
Berkeley boasts 16 years of experience with the Defence community keeping the world’s most sensitive shared data available to all those who need it yet safe and secure from those who are not meant to see it.
Minimise the effect of mandatory data classification on users by implementing janusSEAL for documents with ESSP for SharePoint
Frequently Asked Questions
Frequently Asked Questions
Our product actually works. Many people have contacted us and let us know they've tried another product that attempts to do item level security and it just plain doesn't work. If you've experienced the same, contact us and we can let you know about a special deal to help you out.
ESSP is essentially 3 products in one:
Berkeley has spent 16 years doing nothing else but protecting sensitive information at an Enterprise scale. This security logic is currently deployed on systems with tens of thousands of users.
Essentially this makes information security scalable and easy. You don't need to be an IT expert to understand that if you limit the distribution of a document to "SALES" then only people who are in the sales group (or any group below the sales group) will see it.
In addition this allows you to decentralise permissions management. You can grant a user of a group permission to "Manage Group". This combined with a simple and intuitive GUI makes it possible for the business unit to manage its own permissions. Information owners know who should and shouldn't access their content.
The hierarchical security model is deliberately separate from Active Directory. While you can put an Active Directory group into an ESSP group it's important that ESSP groups don't rely on this. This allows content to be automatically ingested into SharePoint and have the document assigned to a group that has no members. This ensures that content owned by external organisations cannot be edited by anyone within the SharePoint environment. In our experience this is a key factor in inter-agency / inter company / international data sharing. The originator of the information can be assured that no-one will be able to alter their content if they provide it to a 3rd party.
Yes. Sites, document libraries and other containers also have ESSP security metadata applied to them. You could limit access to a calendar to a specific part of your organisation.
Typically information managers and IT staff have tried to protect sensitive information by creating a new container (such as a new document list/library, calendar etc.). In medium to large organisations this has resulted in thousands of additional document libraries and sites being created simply to satisfy security concerns.
ESSP allows you to store all information on a given topic in a single container. For example you could have all staff reviews for an organisation in a single library with the reassurance that managers will only see their own and their staff members' reviews. HR staff will see all reviews. Staff members will only see their review.
Information Management is about ensuring decision makers can see the relevant information when they need it. They shouldn't need to know that they need to navigate to 40 different document libraries to cover all information relating to a given topic. Those days are over with ESSP.
The key to data fusion is item level security in which you can have confidence. ESSP is that answer to that.
What's the cost to your organisation of these information stovepipes?
Berkeley’s ESSP solution has been designed to allow organisations to comply with various relevant industry standards in Defence, Health, Government and other sectors in their use of SharePoint to manage sensitive data. Use our pre-configured options or allow us to tailor a configuration for your compliance with:
…and many more.
One of the largest security holes in SharePoint is the ability of site collection administrators to access all content, regardless of permissions. With ESSP site collection administrators can still perform their management role however if they wish to access content they need to log in with a standard user account and be placed into a standard ESSP group. This ensures they cannot access content such as board documents or close-hold material to which they have no right.
Releasabilities typically apply to nationalities or an implied limited distribution (such as "Internal-Use-Only").
Let's say your organisation has some external sales consultants. Normally if you limited the distribution of a document to "SALES" they would be able to see the document as they are members of that group. ESSP allows you to select a releasability such as "INTERNAL-USE-ONLY" which will ensure that while these external consultants are members of the "SALES" group, the "INTERNAL-USE-ONLY" criteria will automatically stop them from seeing the content.
Bradley Manning and Ed Snowden held some of the highest security clearances available.
ESSP allows organisations to share with confidence as the information owner can decide how widely or tightly to share the information.
Mankind learned a lot of lessons with physical security over thousands of years. Unfortunately many organisations ignored these lessons as they moved into the digital world. Organisations spend millions on physical security. Can you access every room in the business, even the CEO's / General's office? You wouldn't let people go through the CEO's desk drawers so why let people do the equivalent online?
Secured with ESSP (Enterprise Security Services Platform)
Secured with ESSP (Enterprise Security Services Platform)
Microsoft SharePoint 2013 is a collaboration environment that organisations of all sizes can use to increase the efficiency of business processes. It's primarily used for intranets, document management, content management and digital file storage, but the product is highly configurable, and usage varies substantially between organisations.
SharePoint 2013 sites provide environments that administrators can configure to provide personalised access to documents and other information. Search features enable users to find content efficiently regardless of the physical location of data.
SharePoint is hands-down the most popular software for creating corporate intranets. Recent surveys showed that around 50% of all intranets are developed using SharePoint, and it is used by 78% of Fortune 500 companies. Microsoft states that SharePoint has 160 million users across 75,000 customer organisations.
Out of the box, SharePoint has a Microsoft Office-like interface and is closely integrated with the Office suite.
SharePoint is extremely flexible – it can be used to provide intranet portals, document and file management, collaboration and real-time document sharing, social networks, extranets, websites, enterprise search, and business intelligence. Sharepoint can be integrated into virtually any other business system. It can also automate business processes, such as document approval, by associating common workflows with data.
A site is a shared work environment. You can set these up without any specialist knowledge using a graphical interface. A site may be accessible to your whole organisation or just a particular group.
Communication and understanding between you and your co-workers happen in communities. Communities grow around shared knowledge and collaboration.
Your organisation’s documents can be stored, found, shared, updated, managed, documented, archived, tracked or restored in SharePoint. All can be done in accordance with the relevant compliance or governance policies.
You and your colleagues can quickly search for relevant communities, documents, people, or sites within your organisation based on keywords, refinement and content analysis.
Information from any part of your organisation can be used inside useful contexts, such as rich interactive dashboards, charts and embedded Excel or Visio content, providing information that can improve effectiveness.
SharePoint lets you combine data, documents and processes to create composite applications or ‘mash-ups’ without any coding knowledge.
Social network-like features allow you to share ideas, post activity updates, get answers from each other and check what colleagues are working on.
Publish your Office documents to SharePoint and share them with anyone inside or outside your organisation.
Update your activity feed and share documents on the move from your smartphone or tablet.
Arrange all your projects and tasks, displaying them as upcoming deliverables across Outlook, SharePoint and MS Project.
Gather your team’s emails, documents and meeting notes into one place by setting up a team site.
Documents are synchronised across all your devices using Microsoft SkyDrive.
Connect with others in your organisation by interests, past projects, and documents published.
Transform data into interactive reports with Excel 2013 and publish them to SharePoint.
Customise and filter your searches to get more relevant results faster, along with recommendations on people and documents to follow.
Develop a public-facing website using new streamlined design features.
A vastly improved Content Management System (CMS) for publishing websites.
Create powerful data mash-ups using PowerPivot, ad hoc reports with Power View, and dashboards; pulling in data from multiple sources with new business intelligence tools.
Build community sites and ‘My Sites’ to share and collaborate with others.
Automatically convert your presentations and spreadsheets from older versions of Office, or even to other formats such as web pages and PDF with automation services.
Create and edit tasks across work management systems including SharePoint, Exchange and Project. For example, tasks edited in Exchange Server from a mobile device are updated in the SharePoint ‘My Tasks’ list.
Business Connectivity Services (BCS) improve the ways in which SharePoint 2013 and Office 2013 can access data stored outside of SharePoint.
Berkeley's ESSP (Enterprise Security Services Platform) provides Sharepoint 2013 with Military-grade data protection by adding an access classification system.
ESSP utilises Governmental and Industry leading security classification standards to mitigate the risk of a data breach, by immediately securing all instances of Sharepoint 2013 from; potentially business destroying insider threats (whether accidental or malicious).
Berkeley's 'off the shelf' ESSP fully supports all versions of SharePoint 2013.