The Syncplicity Secure Shared Files feature allows users to protect Office documents (specifically, Word, Excel, and PowerPoint) and PDF documents. The protection remains in place regardless of where those documents reside or if they have been emailed or copied.
The Secure Shared Files components include a Syncplicity Rights Management Server (RMS), Syncplicity Plug-in for Office, Syncplicity Plug-in for PDF, and the Syncplicity for iPad app. Together, they form a system with the primary objective of providing strong, persistent security and control over information in electronic form. Unlike solutions that only ensure secure delivery of information to authorized recipients, the Secure Shared Files system extends control beyond delivery so that the information is always secure and under the control of the information owner. It accomplishes this through the use of strong cryptography, controlling access to decryption keys and locking down viewing applications to prevent undesired use of the information.
Rights Management Server
The RMS is a service that accepts connections from the clients, authenticates users, and manages authorization to, and dissemination of, encryption keys and policies for protected content. The system relies on making sure that individuals, even authorized users, cannot get direct access to encryption keys. To accomplish this, the encryption keys and other sensitive information are also encrypted as they are stored in the server’s database. The key for encrypting these sensitive entries is generated when the RMS instance is created and is encrypted with the server instance password.
An administrator configures the permission sets for the Reader and Editor roles. Users can then protect their documents simply by assigning a role when they choose to apply protection to their shared link and select a role (Editor or Reader).
Secure Shared Files Client
You can direct your Windows desktop users to the Syncplicity web site to download the Syncplicity Plug-in for Office, Syncplicity Plug-in for PDF, or both. These plug-ins are separate from the Syncplicity app.
Mac users can download the Syncplicity Viewer for Mac to view protected files on their Mac.
There is no separate plug-in for iPad. The iPad users only need to have the updated Syncplicity app installed.
Users who do not install the plug-ins are provided instructions on downloading the plug-in when they attempt to open a protected document. Once installed, the plug-ins allow users to view protected Microsoft Office and PDF documents.
Roles and Permissions
The only action a user needs to take to protect a document is to choose a role, Reader or Editor, when protecting a file. The administrator predetermines the permissions for these roles. These permissions include:
- Location Access: Countries where access is restricted.
- View: All authorized recipients are granted this permission by default.
- Edit: Allow or deny modifying and saving the file content.
- Print: Allow or deny permission to print a document.
- Copy: Allow or deny permission to copy content from the file.
- Watermark: If enabled, all protected files display the watermark when printed. For PDF documents only, the watermark is also visible when viewed on a monitor. The watermark consists of the user’s name, IP address, and a “Protected file” label.
- Allow screen capture: When recipients view a protected document, the Syncplicity client disables the use of operating system screen capturing tools and some common 3rd party screen grabbing tools. This feature also prevents protected content from being viewed over teleconferencing tools. When this permission is granted, the recipients have the ability to temporarily turn off this feature and allow screen capture.
- Allow offline access: When checked, recipients have the ability to access protected content when offline (for example, they are traveling or out of the office). You determine the amount of days the recipients can access the document while offline.
- Allow browser viewing: If enabled, users can view protected documents in their web browser before downloading the file. This permission applies only if using a cloud storage deployment.
When unauthorized recipients attempt to open the secure shared file, they are denied access but are given the option to email the file’s owner to ask for permission. The recipients do not see the owner’s email address or name.
When authorized recipients open the secure shared file, they can view the permissions granted to them. Authorized users also have the option to contact the file’s owner to request additional permission, such as a recipient asking to move them from the Reader role to the Editor role or to open the file in a specific geographical location.
NOTE: When setting the expiration date on the shared link, the same expiration date applies to the file. Once expired, the file cannot be accessed. This includes the copies that were downloaded.
NOTE: Recipients of a link to a secure shared file do not necessarily need a Syncplicity account. The recipient only needs an account if the sender or the administrator has set a policy on the shared link to require the recipient to log in. If the link is sent without recipient login required, the client does not have to sign up for an account. The link can be sent with expiration or password required. These do not require the client to sign up for an account to receive the file.
Syncplicity Clients and IRM Clients
If a Syncplicity user also has the EMC IRM product, then installing the Syncplicity plug-in upgrades the IRM client. The same client can then be used to view (and edit as appropriate) Syncplicity-protected documents as well as view and protect IRM-protected documents.
Should a user upload an IRM-protected document then share a link to that document, Syncplicity protection does not override the IRM protection. The file retains its IRM policy but it is shared. Syncplicity users may not be able to open the document; however they can use the Contact Owner feature to request access. Also, if a user downloads a Syncplicity protected file then uploads it to a different Syncplicity folder, the original policy remains in effect.
Once protected either by the Syncplicity RMS or an IRM Server, the document’s policy does not change regardless if the user creates a new secured shared link and assigns a role.