University of Notre Dame
Published: 01 Nov 2007
Workshare Professional allows organizations to maintain control over information throughout the document lifecycle. It provides the ability to send documents to internal and external reviewers, manage changes with a strong audit trail, and protect documents from data leakage.
Workshare has strong integration with Microsoft Office 2007 but is significantly limited in effectiveness by its ties to specific email platforms.
Installation of Workshare Professional on the client uses an intuitive wizard-driven process. Workshare automatically installs Office integration features, allowing the user to quickly begin operating in a Workshare environment. Office 2007 users will find a Workshare pane in the Office Ribbon that offers all Workshare functionality in a familiar format. Administrators create and manage policy through the Workshare Policy Designer in the desktop version of the product. Enterprise installations may distribute policies through a centralized server.
Workshare allows for an impressive degree of granular policy control over user actions, allowing administrators to specify broad or narrow criteria and choose from a large set of policy violation responses. For example, we created a policy to intercept all outbound email including Microsoft Office attachments containing reviewer comments, and scrub those comments from the document before transmitting it to the end user. In addition to cleaning documents, administrators may create policies that block transmission, alert administrators to the violation, send the document for review prior to transmission, convert the document to a secure PDF or compress the file in a secure ZIP. Administrators may create policies based upon document contents (keywords, phrases or regular expression matches) or attributes (classification, hidden metadata, file name, file type, file size).
Workshare met all of its stated document control objectives and correctly enforced our defined policies when we attempted to send protected content via Outlook email. The biggest drawback to this product is its sole reliance upon three supported email environments: Microsoft Outlook, Lotus Notes and Novell GroupWise. This limitation makes the content distribution control features of Workshare useful only to prevent accidental data leakage or deter a novice attacker. In fact, we were able to defeat the content controls by simply uploading the file via a Web-based email connection. Workshare does offer a complementary network appliance that filters all SMTP and HTTP connections, but this device does not support encrypted connections, making it straightforward for a determined attacker to undermine the system's controls.
Workshare offers three types of reports: an audit report that itemizes all changes made to a document by any reviewer, a history report that shows participation in the document review cycle, and a risk report that shows hidden metadata that has the potential for inadvertent information disclosure. Workshare will generate reports in either HTML or XML format.
Workshare Professional is a good document control solution for organizations seeking to prevent inadvertent disclosure of sensitive information. Organizations should supplement it with strict controls on outbound network traffic to filter all content leaving an enterprise.
Testing methodology: We tested Workshare Professional 5 in a Windows XP environment using Microsoft Office 2007.