Unstructured Data on File Shares Poses a Significant Security Risk
Many organizations have turned to document collaboration and management platforms including Microsoft SharePoint, Office 365, Dropbox and other cloud solutions to store and collaborate on this unstructured content.
However, many companies still use traditional File Shares where terabytes of data are continue to be stored and accessed. Some will migrate that content over to systems like SharePoint; others will continue to store and archive information in existing repositories.
With so much focus on new systems and the cloud, how are access and compliance being managed on your legacy file shares? The same data privacy and security concerns that apply to newer technologies are equally important for legacy systems.
NC Protect offers dynamic, real-time data loss prevention for Windows file shares and Nutanix Files. It continuously monitors and audits data and documents stored and shared on Windows File Shares against regulatory and corporate policies to protect against data breaches, unauthorized access, and misuse.
Ensure Data Compliance & Security for Your File Share Content
Stop relying on complex folder hierarchies to protect File Share data. NC Protect safeguards your File Shares with file-level security and encryption without the overhead of manually administered folder shares and NTFS permissions. Data can be automatically classified and encrypted based on user and file attributes associated with the file to ensure sensitive data is appropriately protected.
NC Protect delivers unmatched File Share security with data discovery, classification and protection
Scan and identify sensitive content on your file shares for privacy and compliance factors including US and international privacy regulations (CCPA, GLBA, COPPA, GDPR, POPIA, etc.), protected healthcare information (PHI, HIPAA), FISMA, PCI DSS, and more.
Easily define and configure custom rules to match your organization’s unique privacy, confidentiality and security policies for HR, financials, M$A and more.
As NC Protect scans and identifies sensitive data or detects specific policy violations, the flagged file is automatically classified via the addition of metadata.
NC Protect audits the entire lifecycle of a document, including who accessed the data and what they did with it.
File Level Security
Once classified, NC Protect applies access and usage rights at the file level to automatically:.
• Encrypt files both at-rest and in-transit
• Prevent unauthorized sharing and editing documents
• Start workflows for approvals and notifications
• Report on sensitive data issues, permissions and user activity
The NC Protect Difference: File Level Access and Sharing Control
NC Protect uses metadata-driven, file level security to restrict access to, encrypt, track and prevent the emailing of File Share content based upon the presence of sensitive or non-compliant information, offering content-aware data loss protection (DLP) capabilities for Windows File Shares. Organizations also using SharePoint for storage and collaboration can leverage NC Protect’s rules across both platforms to centrally manage policies, classifications and controls.
With NC Protect users can easily configure secure metadata and define choice values to suit any business requirement. Authorized users can classify documents according to their content, unlike standard metadata that can be modified by anyone that is allowed access. Users can define the level of sensitivity of the document, e.g. confidential, private or secret, then depending on their selection additional levels of classification can be added as required, including selecting the audience, department or project.
Based upon the business rules associated with its classification, access to a document or content item within a File Share can be restricted to a specific individual or group, even if a wider audience has access to the site or library where the item physically resides. With file level permissions, administrators can reduce the number of folder locations that get created (folder location proliferation) just to cope with another set of collaborative users. Managing file permissions with NC Protect is easy since they are based on the metadata values added at the time of classification.
Encrypt At-Rest & In-Motion
Data loss prevention is a critical issue for many organizations. In addition to securing a document based on its classification (metadata), NC Protect can further secure File Share content by encrypting it. This means only properly credentialed users will be able to read the content – whether inside or outside of the File Share – even if they have administrator privileges, making it safe to store confidential documents such as Board and HR documents. It also ensures any documents that make it out of the file system can only be accessed by the credentialed users.
To further extend the tracking process you can also define rules in NC Protect to prevent the distribution of sensitive information or confidential documents or or educate users of the risk. For example, if a document is going to be emailed to a group and a listed recipient does not have proper access to that category of document, then the email cannot be sent until the individual is removed from the distribution list. Users can also be prevented from printing, saving or copying the contents of Microsoft Office documents outside of the File Share.
Advantages of Metadata-driven, Item-level Security
Nucleus Cyber’s granular approach to security limits access at the item-level using secure metadata. In addition to better protecting your organization from an accidental breach, this approach also controls the proliferation of folders on Windows Server File Shares. NC Protect looks at an entire folder of content and the data contained within the items, to identify individual documents and files to secure based on specific policies built in the policy manager. It then classifies, via secure metadata, and if desired, restricts access to and encrypts the item(s).
Since permissions are applied at the individual file level (using classification), as compared with solutions that secure or encrypt at the folder level, sensitive content can be stored, shared and collaborated on from any folder in the File Share. It ensures access to the file is restricted to only those who have permissions to it as defined by its classification.
- Centralized, cost-effective policy compliance management and data loss prevention.
- Monitor and audit content against regulatory and corporate policies.
- Automatically classify, restrict access to and encrypt content based on the presence of sensitive data including PII, PHI, IP and other factors.
- Detect potential violations and initiate workflows to remediate and minimize risk.
- Granular approach to security limits access at the item-level using secure metadata.
- Store document ‘fingerprint’ to enable policy rules to be applied if file share documents are emailed/socialized
- Audit trails and forensics track access to sensitive data to ensure transparency and accountability.