Challenges

This public research body works in the fields of Defence & Security, nuclear power and Research.
Thousands of employees, sub-contractors, facility managers, scientists, researchers, interns… take part in these international research programmes and this requires information to be compartmentalised.

In particular this OIV (crucially important operator) is bound to comply with legal obligations with respect to confidentiality: use of an ANSSI-approved solution when processing documents having Restricted status, for example.

Requirements

Sensitive documents stored in MS SharePoint™ document bases must be secured in an intranet zone for information exclusively reserved for the organisation with a separate partner zone accessible over the Internet for exchanges with partners.
The entity must keep control over its information system. More and more maintenance tasks are outsourced, so the solution must also guard against the risk of data leaks on the part of the facilities manager.
Each department has a CISSO who defines the degree of sensitivity of the information shared. If the CISSO indicates this information as “Restricted”, then it must be encrypted. In the access management process, the Right-to-know is granted by the CISSO. The IT department or facilities manager do not have this power.

Solution

The servers on which the documents are stored are not typically trusted.
ZONEPOINT has been deployed on over 5,000 workstations in order to protect some 100 encrypted libraries dedicated to Restricted Distribution documents and amounting to several terabytes of data.
Presenting the same functional level as classic MS SharePoint™ document libraries, encrypted libraries enable cryptographic constraints governing the Right-to-know to be defined.
The documents are encrypted and decrypted on users stations and stored encrypted on MS SharePoint™.

A key management infrastructure delivers encryption certificates to the entire entity, passwords are used with partners.

The ZoneBoard supervision console enables department CISSOs to compartmentalise spaces and impose security through the easy allocation of the Right-to-know to users.

Experience

IT SERVICES: Easy deployment on MS SharePoint™ servers.
USERS: Transparent encryption and decryption once the user key is provided.
SECURITY DEPT: Management of the Right-to-know and supervision with no action required by the facilities manager.

Benefits

ZonePoint is easy to install (deployment of an MS SharePoint™ functionality without recourse to a specific server) and is fully compatible with conventional document sharing features.

A module for browser can be installed with no administration rights on client workstations to automatically encrypt or decrypt documents accessed by users.

Security officers have a supervision console to manage the Right-to-know. The product has an API that can be integrated into applications or business processes enabling the use of encrypted documents.
The ZoneMobile application is available from app stores, for consulting encrypted documents on iOS or Android smartphones and tablets.

ZONEPOINT is a product certified CC EAL3+, Standard Qualified by ANSSI, EU Restricted and NATO Restricted.

Used products

Ensuring the confidentiality of documents on MS SharePoint™

ZonePoint allows companies to manage the confidentiality of their document archives by defining an encryption policy for their document libraries in Microsoft SharePoint.

  • Access via Windows Explorer (Webdav) or web browser
  • Depositing / retrieval of encrypted documents is entirely transparent to the user
  • Authentication via X509 certificate or password
  • Enterprise recovery mechanism
View the product