Workshare keeps sensitive information out of e-mail

Dig beneath the headlines of recent data security breaches and you’ll discover many are the result of hidden metadata left in documents, such as tracked changes or authors’ names. Most data-leak products will catch these problems, but they are costly, complex systems that can hinder worker productivity.

Because IT departments need to balance security enforcement with user needs and cost, Workshare Protect 4.5 is worth considering as one part of a data-leak strategy. It’s a desktop application that protects against e-mail leaks by removing sensitive information from attachments.

So why not simply use Microsoft’s Remove Hidden Data -- a free add-in for Office XP and 2003 -- which performs many of the same tasks? Because Workshare Protect 4.5 also provides content filtering, discovery, and alerting. Plus, it works fast, reading and writing files at the binary level (many add-ins use Microsoft Office automation for this, which drains PC resources).

IT administrators centrally manage Workshare Protect by deploying the software to desktops along with customized security policies. As the first step, I made policies by checking off various options to mitigate hundreds of risks, such as deleting hidden text in Word files. The software and policies are deployed with common tools, such as Microsoft SMS or Altiris deployment solutions. Using group settings within SMS, I distributed different policies to marketing, finance, and manufacturing departments.

A technology called Workshare Hygiene helps the system look for content containing identity information (such as credit card numbers or passwords), offensive words, financial information, intellectual property, and regulatory violations such as sharing of patient data. Although enterprises have some control over what content is flagged, Workshare doesn’t equal systems like Vontu or Reconnex where you can specify exact data to match.

Workshare Protect worked as designed in my evaluation. For example, after opening a Word file with tracked changes, it immediately displayed an alert that the document was high risk. I then easily viewed the report and allowed the cleaning process to proceed.

These functions, and others, are also available on-demand from a toolbar added to Word, Excel, PowerPoint, and Outlook. In another test, I attached a document with social security numbers to an e-mail message and attempted to send it. Protect found the content policy violation and alerted me to the problem. Depending on your policy settings, employees could be allowed to continue sending the document or have it blocked.

Another way to protect confidential documents is by adding restrictions. From the Protect toolbar in Word, I indicated that a certain document could only be e-mailed to people within my organization; other options are no limits, never allow e-mailing, or password protect. The software correctly sensed when I tried to send the document to an external e-mail address; it alerted me and blocked the process.