Securing documents and data in SharePoint begins with an honest appraisal of how the platform is being used, according to CipherPoint CEO Mike Fleck. Once that is determined, an organization can secure the environment with data encryption and an access control layer.

But what happens when you don’t want the SharePoint database administrator to see certain things in the platform, like employee reviews or compensation—things that used to be locked away in a file cabinet?

“It’s more about control than complete denial,” Fleck said. “At a high level, everyone acknowledges that security is an issue, and people are the weakest link. They’ll always find a way” around security.

CipherPoint has been shipping an on-premise security product—CipherPoint Eclipse—for two years, and has been shipping a cloud product for roughly two weeks. It also offers solutions for transparent data encryption and securing remote blog storage, among others.

Fleck said the company began work with financial services and oil and gas companies that realized SharePoint had become a business-critical platform. He said his company has a wide and deep strategy: Cover as many platforms as possible (though returns diminish), and address ever-deeper security and control issues from a single management console.

While SharePoint is the platform, Fleck said “it’s the document collaboration and file-sharing capabilities that we see as the opportunity. There are extranet scenarios, such as SharePoint Online, Box, Google and Dropbox.”

What security comes down to, he said, is that in a regulated environment, “You want to be in a certain tolerance of your peer group. The probability that any healthcare organization will lose patient information is greater than zero. So when it happens, they’d better be able to show they did diligence and took precautions in the way they would be expected to. People don’t get fined for losing data, but they’ll get punished for not trying to stop it to the degree that’s expected for the industry.”