Secure Internal and External Sharing Through SharePoint
A public research body secures its shared document bases
Challenges
This public research body works in the fields of Defence & Security, nuclear power and Research.
Thousands of employees, sub-contractors, facility managers, scientists, researchers, interns… take part in these international research programmes and this requires information to be compartmentalised.
In particular this OIV (crucially important operator) is bound to comply with legal obligations with respect to confidentiality: use of an ANSSI-approved solution when processing documents having Restricted status, for example.
Requirements
Sensitive documents stored in SharePoint document bases must be secured in an intranet zone for information exclusively reserved for the organisation with a separate partner zone accessible over the Internet for exchanges with partners.
The entity must keep control over its information system. More and more maintenance tasks are outsourced, so the solution must also guard against the risk of data leaks on the part of the facilities manager.
Each department has a CISSO who defines the degree of sensitivity of the information shared. If the CISSO indicates this information as “Restricted”, then it must be encrypted. In the access management process, the Right-to-know is granted by the CISSO. The IT department or facilities manager do not have this power.
Solution
The servers on which the documents are stored are not typically trusted.
ZONEPOINT has been deployed on over 5,000 workstations in order to protect some 100 encrypted libraries dedicated to Restricted Distribution documents and amounting to several terabytes of data.
Presenting the same functional level as classic SharePoint document libraries, encrypted libraries enable cryptographic constraints governing the Right-to-know to be defined.
The documents are encrypted and decrypted on users stations and stored encrypted on SharePoint.
A key management infrastructure delivers encryption certificates to the entire entity, passwords are used with partners.
The ZoneBoard supervision console enables department CISSOs to compartmentalise spaces and impose security through the easy allocation of the Right-to-know to users.
Experience
IT SERVICES: Easy deployment on Microsoft SharePoint servers.
USERS: Transparent encryption and decryption once the user key is provided.
SECURITY DEPT: Management of the Right-to-know and supervision with no action required by the facilities manager.
Benefits
ZONEPOINT is easy to install (deployment of an SharePoint functionality without recourse to a specific server) and is fully compatible with conventional document sharing features.
A module for browser can be installed with no administration rights on client workstations to automatically encrypt or decrypt documents accessed by users.
Security officers have a supervision console to manage the Right-to-know. The product has an API that can be integrated into applications or business processes enabling the use of encrypted documents.
The ZoneMobile application is available from app stores, for consulting encrypted documents on iOS or Android smartphones and tablets.
ZONEPOINT is a product certified CC EAL3+, Qualified by ANSSI, EU Restricted and NATO Restricted.
