CORISECIO
Dr. Bruno Quint – CORISECIO - Open Source Security Solutions
Market Requirements
▪ Sensitive information has to get secured against loss, theft, or
unauthorised disclosure.
– Encryption is the most secure solution
▪ Existing encryption solutions are not designed for enterprises
– Performance, High Availability, Client-Less
▪ Companies to exchange and work with encrypted documents
easily
▪ The NSA afffair shows the need secure encryption methods
CORISECIO
Market Requirements
▪ SharePoint is a powerfull tool for collaboration and document
management
▪ SharePoint need security solutions – proofed by the NSA affair **
– A SharePoint Administrator should never get access to sensitive content
▪ Sensitive documents stored in SharePoint need encryption ▪ High demand to search information in Gigabytes of encrypted
documents
Why Encryption in SharePoint?
Market Requirements
▪
Mobile workers need access to company resources
– Especially access to eMail and documents
▪
Companies are faced with the challenge by the exploding
Bring Your Own Device (BYOD) trend
– iOS, Android, BlackBerry, Windows …
▪
Mobile collaboration especially with SharePoint is highly
attactive but needs secure access to sensitive content
CORISECIO
▪ Transparent Encryption of documents – Cloud ready and on premise
▪ A server based Gateway solution provide high performance and availbility for: – Datacenter
– Cloudstorage
– SharePoint
▪ Strong encryption methods provide highest security for sensitive documents ▪ A document centric encryption without clients allows easy exchange
▪ Open standards provide certified security with no backdoors
CORISECIO Solution
▪ Transparent encryption of documents in SharePoint
▪ Priviledged persons like administrators will never get access to
sensitive information
▪ Scalable server based solution for high performance
requirements
– Azure
– On premise
▪ USP : Full text search in encrypted documents
CORISECIO Solution
CORISECIO
▪
Strong encryption of eMails and documents
– SharePoint – Exchange
▪
Open Standard encryption with Web Cryptography
API from W3C consortium
▪
Standard browser as a sandbox system on all
smartphones and tablets
▪
No sensitive content on mobile device
CORISECIO Solution
SharePoint Security Portfolio
SOA SOA secRT secRT DocEnc DocEnc SOA SOA secRT secRT Encryption for SharePoint Encryption for SharePoint DocEnc DocEnc SOA SOA secRT secRT HTML5 Encryption HTML5 Encryption SOA SOA secRT secRT Open Source SecurityPlatform
Document Encryption Gateway
(Server Based Encryption for
Encryption for SharePoint Gateway
(Full Text Search in
Key RollOut Key RollOut
secCollaboration Gateway
Doc
Encryption
Encrypted DocSearch
Gateway
Gateway
DropboxExchange
Gateway
Secure Collaboration Gateway Secure Collaboration Gateway Mail Doc B ro w se r B ro w se rM
o
b
il
e
C
lo
u
d
Document Encryption
for SharePoint and more
CORISECIO
Transparent Document Encryption
• Transparent Encryption • No Client necessary Document Encryption Gateway Dropbox SkyDrive SharePoint Fileshare Encrypted Documents User – works with
documents Encryption of sensitive documents Different Targets supported
The Encryption Gateway Is Designed:
To run in:
▪
Datacenter
▪
Cloudstorage
▪
SharePoint Farms
High Security together with:
▪
High Performance
▪
High Availability
CORISECIO
It is more than
File & Folder
Encryption?
This is a real document encryption !
▪ Open Standard SwA from W3C
▪ Exchangable encr ypted documents
– Self contained access rights in meta information
▪ Strong hybrid encryption
– Role based
▪ Document Signature
▪ Tagging and Labeling of documents
▪ DRM support
▪ Firecall support
Document Encryption Gateway
Document Centric Encryption
adlfkjs3ölsdwöfj03fn3ßr983450oiwu03 4fuoig94jw4ufhwpeuth04tw9hjwqp4ituh 0z93pt9hjq3tadlfkjs3ölsdwöfj03fn3ßr9 83450oiwu034fuoig94jw4ufhwpeuth04t w9hjwqp4ituh0z93pt9hjq3twqp4ituh0z9 3pt9hjq3tadlfkjs3ölsdwöfj03fn3ßr9834 50oiwu034fuoig94jw4ufhwpeuth04tw9h jwqp4ituh0z93pt9hjq3tadlfkjs3ölsadlfkj s3ölsdwöfj03fn3ßr983450oiwu034fuoig 94jw4ufhwpeuth04tw9hjwqp4ituh0z93p t9hjq3tadlfkjs3ölsdwöfj03fn3ßr983450 oiwu034fuoig94jw4ufhwpeuth04tw9hjw qp4ituh0z93pt9hjq3twqp4ituh0z93pt9h jq3tdwöfj03fn3ßr983450oiwu034fuoig9 4jw4ufhwpeuth04tw9hjwqituh0z93pt9hj q3twqp4ituh0z93pt9hjq3tAES RSA 2 Role 2
AES RSA 1 Role 1
AES RSA 3 Role 3
Document Encryption:
• Role based
• AES256
• RSA1024 - 4096 Encrypted Document
Meta Information:
• Who has access to this document?
• Which Keys? • etc…
CORISECIO
Transparent Document Encryption
• Transparent Encryption • No Client necessary Document Encryption Gateway Dropbox SkyDrive SharePoint Fileshare Encrypted Documents User – works with
documents Encryption of sensitive documents Different Targets supported
Transparent
SharePoint Encryption
Full text search in encrypted documents SharePoint 2013 Enterprise
CORISECIO
Transparent SharePoint Encryption
Encryption for SharePoint
User
Normal Mode Secure ModeSecure Mode
Encryption Gateway
Secure Mode
Normal
Encrypted Documents in SharePoint
Where is the challenge?
▪
Full text search in encrypted documents
▪
Administrator should never get access to
CORISECIO
Full Text Search in Encrypted Documents
Search
For not-authorized users only in not
encrypted documents
User – works with documents as usual
Transparent Encryption
Standard Mode Secure ModeSecure Mode
SharePoint Encryption
Gateway
Secure Search
for authorized users in encrypted documentsWorking in
SharePoint –
no learning effort
•
File name can
be encrypted
CORISECIO
Working in
SharePoint
Secure Mode
• Design is configurable• Encrypted file names get transparently
Working in
SharePoint
Secure Mode
• New context menufor secure download
• File is transparently decrypted
CORISECIO
Working in
SharePoint
Secure Mode
•
Transparent
search in
encrypted files
•
Toolbar for secure
search
Working in
SharePoint
Secure Mode
• Secure Search in encrypted documents • Configure where to searchCORISECIO
Working in
SharePoint
Secure Mode
•
Result Secure
Search
•
Original Microsoft
Search !!
Secure Mobile Collaboration
CORISECIO
Secure Mobile Collaboration
e-mail docs
How to access SharePoint
securely?
With a X.509 certificate
authentication!
SecCollaboration Gateway
Overview
HTML5 Rendering HTML5 Encryption Key Store HTML5 Browser HTML5 Rendering HTML5 EncryptionCORISECIO
Secure Collaboration - eMail
HTML5 Enc
HTML5
Secure Collaboration Gateway
Secure Collaboration with OWA
HTML5 Encryption
HTML5 Browser with WCA support
OWA Key Store HTML5 Encrypted HTML5 EncryptedHTML5 e-mail docs
CORISECIO
Secure Collaboration
• Browser is a sandbox• Device Independent
• Standard HTML5 Browser
• Web Cryptography API Standard required • IE11, Firefox
• Other browser in beta versions available
• No sensitive content stored on mobile devices • Browser cache encrypted
Secure Collaboration
-Documents
CORISECIO
Secure Collaboration
Gateway
Secure Collaboration with Encrypted Documents
e-mail docs
HTML5 Encryption
HTML5 Browser with WCA support
HTML5 Enc
Doc
SharePoint Encryption
Gateway DocEnc
Rendering HTML5 Key Store HTML5 EncryptedHTML5docs
Secure Collaboration
• Browser is a sandbox• Device Independent
• Standard HTML5 Browser
• Web Cryptography API Standard required • IE11, Firefox
• Other browser in beta versions available
• No sensitive content stored on mobile devices • Browser cache encrypted
CORISECIO
Summary
▪ CORISECIO provides a comprehensive product family around SharePoint security ▪ Document Encryption for SharePoint
– Sever based solution
– Exchangeable encrypted documents
– Various SharePoint versions
▪ Transparent SharePoint Encryption
– Full text search in encrypted documents – SharePoint 2013
▪ Secure Collaboration
– HTML5 encryption for mobile devices – Device independent security solution
Dr. Bruno Quint CORISECIO GmbH Dolivostr. 9 64293 Darmstadt Tel: 06151 27990 10 Dr. Bruno Quint CORISECIO GmbH Dolivostr. 9 64293 Darmstadt Tel: 06151 27990 10