Enterprise Security Services Platform (ESSP) for MICROSOFT SharePoint

Features & Benefits


Enterprise Security Services Platform (ESSP) for MICROSOFT SharePoint

Features & Benefits

SharePoint Information Protection

Protect your organisation's sensitive information with an enterprise end-to-end information protection solution. Allow information owners to classify their data and have it protected against exfiltration or misuse through the application of mandatory access controls that can be enforced and monitored not only in SharePoint but via e-mail and at the end-point (printing, moving to external storage devices, etc.).


Not classifying data in SharePoint is a data breach waiting to happen. Berkeley's proprietary Enterprise Security Services Platform (ESSP) allows organisations to define an information security policy and enforce that policy within SharePoint. With ESSP you can require information owners to classify all SharePoint content with security metadata and then establish mandatory access controls based on this metadata and user attributes. Ensuring that all SharePoint content, even calendar appointments is classified is the quickest and most cost effective way to prevent a data breach.


INTEGRATED EMAIL, Office document and windows security

Why should users have to classify material in Microsoft Office and then reclassify it when they upload it to SharePoint? This leads to human error and data breaches. Allow users to classify their content in either Microsoft Office or Windows Explorer and have that security metadata automatically applied in SharePoint. When users download content from SharePoint, the security classification goes with the content. If attached to an e-mail your security policy will be enforced, and the e-mail will be classified automatically at the highest classification level of any attachment. Stop individuals accidentally or deliberately bypassing your SharePoint security by e-mailing content to users who should not have access.

ESSP secures your content in SharePoint windows explorer mode, with FAST Search and all API calls - straight out of the box.


Developing a data governance scheme or information security policy can be hard work, but enforcing it is more difficult. Enterprise Security Services Platform (ESSP)  ensures your organisation's information security policy is enforced by applying your mandatory access control rules.

Comply with policies such as:

  • Government Classification Schemes
  • Privacy Acts
  • Gramm-Leach-Bliley (GLBA)
  • RACGP Computer and Information Security Standards
  • APRA/SEC Guidelines

Unauthorised access, inadvertent data breaches and misuse of critical business data can cost your company millions and senior IT staff their jobs. With ESSP content is only visible to, and accessible by users who have attributes that meet your mandatory and discretionary access control rules.


IT staff typically have little to no idea who should be accessing sensitive content, so why have IT staff manage permissions in SharePoint? With little or no training required, business units can manage their permissions groups and use those groups to apply discretionary access controls. An intuitive, familiar user interface gives individual work group leaders a single view to efficiently take personal control of user and group permissions defining who sees, edits and shares sensitive data. ESSP also integrates with ADFS and IBM Tivoli Identity Manager


Out of the box SharePoint and other SharePoint security solutions that utilise item level security suffer badly from performance degradation. As a result, information that should be contained in a single document library is split into many libraries to avoid performance constraints.

Engineered from the ground up to overcome the scale and complexity challenges of large scale SharePoint deployments. ESSP allows users to apply item level security without some of the typical performance problems associated with "Breaking Inheritance*". We mitigate many of the performance degradation issues and Microsoft's officially documented constraints on sites and lists.

* Breaking Inheritance is where permissions on a content item are no longer inherited from the list they are contained in. This is the process in SharePoint of applying item level security.


The "Insider Threat" is the most difficult data security risk to mitigate and yet it's the most dangerous. ESSP ensures your insider threat is mitigated by simplifying the application of mandatory and discretionary access controls. Other functionality includes live notifications when sensitive content is accessed, and the ability to require a work peer or manager to authorise specific one-time access to a content item. ESSP even blocks site-collection administrators from accessing content


Berkeley boasts nearly two decades of experience with the Defence community keeping the world’s most sensitive shared data available to all those who need it yet safe and secure from those who are not meant to see it.



Enterprise Security Services Platform for SharePoint


Enterprise Security Services Platform for SharePoint

SHAREPOINT Data classification AND attribute based access control of sensitive content.

With an active defence to the Trusted Insider threat



Mandatory data Classification of all content

Require information owners to classify all SharePoint content. Limit the visibility of individual documents, calendar appointments, announcements and other types of content. All content is presented with a visible "Security Tag"

Prevent Administrators seeing sensitive content

Usually site collection administrators can see all content regardless of permissions. Not anymore. Site collection administrators can't access content unless they log in with a normal user account.

Hierarchical Security

We've revolutionised SharePoint security by introducing hierarchical security that maps to your organisation structure. This allows for content owners to limit the visibility of content to areas of the organisation.


Item Level Security

Our patented subtractive claims technology will stop users seeing content based on multiple user attributes such as nationality, organisation, organisational group, clearance level etc. Gone are the days of creating thousands of document libraries / sites due to security concerns. ESSP even works with Enterprise Search applications such as FAST and Lexmark Perceptive Search.

Group membership expiry

Set an expiry date on a user's group membership to make administration easy and ensure staff don't keep access to sensitive content when they move around an organisation.

Content is owned by business units

Content is no longer owned by a user. When adding content the user selects an organisational group against which they have "Add Content" permissions. This ensures as staff come and go, documents don't become orphaned and new staff gain access automatically.


So Easy To Use

Little or no training required. An intuitive, familiar user interface gives individual work group leaders a single view to efficiently take personal control of user and group permissions defining who sees, edits and shares sensitive data.

Free up IT Admin Resources

Delegate group permission management to the business unit. Lighten the load on IT personnel so they can refocus on more technical tasks instead of wasting valuable time on mundane and repetitive information security and access management processes.

No Lone Zone and Access Expiry

Lock down highly sensitive data by ensuring it can only be accessed when a second authorised user authenticates and only for a defined period of time.


Robust and Scalable

Engineered from the ground up to overcome the high security, scale and complexity challenges of strategic and operational Defence networks. More than capable of meeting all public and private sector information security management needs.

Proactive Defence against Leaked Information

It shouldn’t just be about plugging leaks after they occur and efficiently mopping up the damage. Real time monitoring and validation of security including automated alerts to information owners of inappropriate access stops the loss or damage caused by breaches before they happen.

Improve Information Security Governance

Allows organisations to fulfil their obligations and demonstrate compliance with regulatory and/or commercial imperatives for data security management. Integrates with your governance framework out-of-the-box.


Empower the information owner

All data posters are automatically prompted to classify information and define user and group permission boundaries designating who can see, edit and share data via mandatory security metadata.

Comprehensive Security Out-of-the-Box

Go Live straight away. No need for expensive, time consuming rules based configuration that becomes a nightmare to manage. Delivering comprehensive information security peace-of-mind.

Collaborate with other companies / countries

Governments: Ensure foreign nationals only see content releasable to their country

Companies: Ensure "Internal-Use-Only" material cannot be seen by external users


Backed by Unrivaled Data Security Experts

Berkeley boasts 16 years of experience with the Defence community keeping the world’s most sensitive shared data available to all those who need it yet safe and secure from those who are not meant to see it.



ESSP Screens

ESSP Screens

Compulsory security compliance. Easy UI. Out of the box functionality



Minimise the effect of mandatory data classification on users by implementing janusSEAL for documents with ESSP for SharePoint

  • Classify MS Office Documents, pdf and media files
  • Visible classification and metadata carried with information object/asset
  • Seamless and automatic detection and enforcement by ESSP SharePoint
  • Seamless and automatic detection and enforcement of ESSP rules by janusSEAL Documents [SharePoint classification reclassifies object if checked out]
  • Capacity for controls in other systems, gateways [DLP, Content gateways, operating systems etc]

We integrate with and recommend the janusNET classification suite of tools. Out of the box, seamless protection.



Frequently Asked Questions


Frequently Asked Questions

How's this different to other products?      

Our product actually works. Many people have contacted us and let us know they've tried another product that attempts to do item level security and it just plain doesn't work. If you've experienced the same, contact us and we can let you know about a special deal to help you out.  


  • Mandatory Data Classification
    Implement your information governance policy with mandatory data classification.
  • Attribute Based Access Control (ABAC)
    Control the visibility of individual content items such as documents and calendar events based on configurable user attributes such as nationality, clearance or employment status (contractor etc). These attributes can be drawn from Active Directory or ADFS Claims.
  • Hierarchical security
    No other SharePoint product implements this technique. It's the key to sharing and protecting information at an enterprise scale. Users adding content can limit the distribution to specific or multiple parts of an organisation. This can also be further controlled when combined with ABAC.
  • Permissions Management
    Other products attempt to protect data through the use of standard SharePoint metadata. They don't help you with managing users' permissions. 
  • Custom security user interfaces
    Again, while other products attempt to protect data through the use of standard SharePoint metadata, they don't provide custom user interfaces to assist users. If a user is simply setting a normal SharePoint metadata field, do you think they'll understand the security implications?  
  • No complex rules
    Other systems require your IT staff to configure complex rules in an attempt to get the same capability as ESSP. These rules would run into the thousands for large organisations. Organisations using those systems have reported that those products are "a nightmare to manage". 
  • Rapid group creation
    If users want to create a small collaboration group they can do it rapidly and without the need to call IT staff. How long does it take to get an IT administrator to create a new Active Directory group and then work out how to limit the distribution of that content in SharePoint? Do you even want to tell the IT administrator? 
  • Content is owned by business units
    Users can no longer own content themselves. It's owned by an ESSP group. This ensures that content cannot be orphaned and helps secure collaboration scale. 
  • Active Insider Threat protections
    No other SharePoint product provides our patented "No Lone Zone" capability along with immediate notifications when sensitive content is opened. ESSP is the world's only product that prevents Site Collection administrators from access all content. 

 ESSP is essentially 3 products in one: 

  1.  Simplified user permissions management
  2.  A powerful, custom security metadata based system for implementing item level security
  3.  An active "Insider Threat" management tool

Berkeley has spent 16 years doing nothing else but protecting sensitive information at an Enterprise scale. This security logic is currently deployed on systems with tens of thousands of users.  

What's the advantage of hierarchical security?      

Essentially this makes information security scalable and easy. You don't need to be an IT expert to understand that if you limit the distribution of a document to "SALES" then only people who are in the sales group (or any group below the sales group) will see it.

In addition this allows you to decentralise permissions management. You can grant a user of a group permission to "Manage Group". This combined with a simple and intuitive GUI makes it possible for the business unit to manage its own permissions. Information owners know who should and shouldn't access their content.  

The hierarchical security model is deliberately separate from Active Directory. While you can put an Active Directory group into an ESSP group it's important that ESSP groups don't rely on this. This allows content to be automatically ingested into SharePoint and have the document assigned to a group that has no members. This ensures that content owned by external organisations cannot be edited by anyone within the SharePoint environment. In our experience this is a key factor in inter-agency / inter company / international data sharing. The originator of the information can be assured that no-one will be able to alter their content if they provide it to a 3rd party.

Can I also secure a document library, calendar and other SharePoint containers with ESSP?

Yes. Sites, document libraries and other containers also have ESSP security metadata applied to them. You could limit access to a calendar to a specific part of your organisation. 

How does ESSP help us to eliminate information stovepipes

Typically information managers and IT staff have tried to protect sensitive information by creating a new container (such as a new document list/library, calendar etc.). In medium to large organisations this has resulted in thousands of additional document libraries and sites being created simply to satisfy security concerns.  

ESSP allows you to store all information on a given topic in a single container. For example you could have all staff reviews for an organisation in a single library with the reassurance that managers will only see their own and their staff members' reviews. HR staff will see all reviews. Staff members will only see their review.  

Information Management is about ensuring decision makers can see the relevant information when they need it. They shouldn't need to know that they need to navigate to 40 different document libraries to cover all information relating to a given topic. Those days are over with ESSP.  

The key to data fusion is item level security in which you can have confidence. ESSP is that answer to that. 

What's the cost to your organisation of these information stovepipes?  

What industry standards will this help me comply with?

Berkeley’s ESSP solution has been designed to allow organisations to comply with various relevant industry standards in Defence, Health, Government and other sectors in their use of SharePoint to manage sensitive data. Use our pre-configured options or allow us to tailor a configuration for your compliance with: 

  • ISO27001 Information Security Management
  • Australian Government Security Classification System (AGSCS) 
  • Protective Security Policy Framework (PSPF) 
  • Information Security Manual (ISM) 
  • International Traffic in Arms Regulations (ITAR) 
  • Health Insurance Portability and Accountability Act (HIPAA) 

…and many more.


One of the largest security holes in SharePoint is the ability of site collection administrators to access all content, regardless of permissions. With ESSP site collection administrators can still perform their management role however if they wish to access content they need to log in with a standard user account and be placed into a standard ESSP group. This ensures they cannot access content such as board documents or close-hold material to which they have no right.  

How do releasabilitIEs help secure my content?

Releasabilities typically apply to nationalities or an implied limited distribution (such as "Internal-Use-Only"). 

Let's say your organisation has some external sales consultants. Normally if you limited the distribution of a document to "SALES" they would be able to see the document as they are members of that group. ESSP allows you to select a releasability such as "INTERNAL-USE-ONLY" which will ensure that while these external consultants are members of the "SALES" group, the "INTERNAL-USE-ONLY" criteria will automatically stop them from seeing the content. 

All our staff hold security clearances, why do I need to compartmentalise information?

Bradley Manning and Ed Snowden held some of the highest security clearances available. 

ESSP allows organisations to share with confidence as the information owner can decide how widely or tightly to share the information.

Mankind learned a lot of lessons with physical security over thousands of years. Unfortunately many organisations ignored these lessons as they moved into the digital world. Organisations spend millions on physical security. Can you access every room in the business, even the CEO's / General's office? You wouldn't let people go through the CEO's desk drawers so why let people do the equivalent online? 

ESSP is the risk mitigation answer to these questions

  1. How do we enforce our information governance policy?
  2. How do we stop SharePoint system administrators from seeing sensitive content such as Board documents?
  3. How can we allow other companies / organisations to collaborate with us while securing our internal-use-only documents?
  4. How can we ensure our stakeholders have confidence in the security of our information management solution?
  5. How can we ensure that all content will be appropriately security-marked and available only to those with appropriate access rights?
  6. How can we securely share information across the organisation?
  7. How can we prevent accidental ‘data spills’?
  8. How can we guard against the insider threat?

Microsoft Sharepoint 2013

Secured with ESSP (Enterprise Security Services Platform)

Microsoft Sharepoint 2013

Secured with ESSP (Enterprise Security Services Platform)


Microsoft SharePoint 2013 is a collaboration environment that organisations of all sizes can use to increase the efficiency of business processes. It's primarily used for intranets, document management,  content management and digital file storage, but the product is highly configurable, and usage varies substantially between organisations.

SharePoint 2013 sites provide environments that administrators can configure to provide personalised access to documents and other information. Search features enable users to find content efficiently regardless of the physical location of data.

SharePoint is hands-down the most popular software for creating corporate intranets. Recent surveys showed that around 50% of all intranets are developed using SharePoint, and it is used by 78% of Fortune 500 companies. Microsoft states that SharePoint has 160 million users across 75,000 customer organisations.

Out of the box, SharePoint has a Microsoft Office-like interface and is closely integrated with the Office suite. 

SharePoint is extremely flexible – it can be used to provide intranet portals, document and file management, collaboration and real-time document sharing, social networks, extranets, websites, enterprise search, and business intelligence. Sharepoint can be integrated into virtually any other business system. It can also automate business processes, such as document approval, by associating common workflows with data.


SharePoint 2013 is made up of the following key components 


A site is a shared work environment. You can set these up without any specialist knowledge using a graphical interface. A site may be accessible to your whole organisation or just a particular group.


Communication and understanding between you and your co-workers happen in communities. Communities grow around shared knowledge and collaboration.


Your organisation’s documents can be stored, found, shared, updated, managed, documented, archived, tracked or restored in SharePoint. All can be done in accordance with the relevant compliance or governance policies.


You and your colleagues can quickly search for relevant communities, documents, people, or sites within your organisation based on keywords, refinement and content analysis.


Information from any part of your organisation can be used inside useful contexts, such as rich interactive dashboards, charts and embedded Excel or Visio content, providing information that can improve effectiveness.


SharePoint lets you combine data, documents and processes to create composite applications or ‘mash-ups’ without any coding knowledge.


USe SharePoint 2013 to collaborate and share your work


Social network-like features allow you to share ideas, post activity updates, get answers from each other and check what colleagues are working on.

Publish your Office documents to SharePoint and share them with anyone inside or outside your organisation.

Update your activity feed and share documents on the move from your smartphone or tablet.


Arrange all your projects and tasks, displaying them as upcoming deliverables across Outlook, SharePoint and MS Project.

Gather your team’s emails, documents and meeting notes into one place by setting up a team site.

Documents are synchronised across all your devices using Microsoft SkyDrive.


Connect with others in your organisation by interests, past projects, and documents published.

Transform data into interactive reports with Excel 2013 and publish them to SharePoint.

Customise and filter your searches to get more relevant results faster, along with recommendations on people and documents to follow.


Develop a public-facing website using new streamlined design features.

A vastly improved Content Management System (CMS) for publishing websites.

Create powerful data mash-ups using PowerPivot, ad hoc reports with Power View, and dashboards; pulling in data from multiple sources with new business intelligence tools.

Build community sites and ‘My Sites’ to share and collaborate with others.


Automatically convert your presentations and spreadsheets from older versions of Office, or even to other formats such as web pages and PDF with automation services.

Create and edit tasks across work management systems including SharePoint, Exchange and Project. For example, tasks edited in Exchange Server from a mobile device are updated in the SharePoint ‘My Tasks’ list.

Business Connectivity Services (BCS) improve the ways in which SharePoint 2013 and Office 2013 can access data stored outside of SharePoint. 


Berkeley's ESSP (Enterprise Security Services Platform) provides Sharepoint 2013 with Military-grade data protection by adding an access classification system.

ESSP utilises Governmental and Industry leading security classification standards to mitigate the risk of a data breach, by immediately securing all instances of Sharepoint 2013 from; potentially business destroying insider threats (whether accidental or malicious).

Berkeley's 'off the shelf' ESSP fully supports all versions of SharePoint 2013.

  1. SharePoint Server 2013 
  2. SharePoint Foundation 2013
  3. SharePoint Server 2013
  4. SharePoint Enterprise 2013.