Customers utilizing StorageZones Controller (version 3 or later) can utilize Restricted Zones to better control employee access to data.
Note: Not all features and apps may be utilized with data stored on a Restricted Zone.
Zone Authentication: In addition to logging on to ShareFile, users must authenticate separately to the StorageZones Controller to access documents stored in a restricted zone. Directory lookup ensures that the user logging on to ShareFile is the same one authenticating to the zone. This extra authentication requirement limits sharing. Documents can be shared only with others who have access to the StorageZones Controller and who can authenticate using enterprise credentials. In a restricted zone, files cannot be shared anonymously. Users must be granted permission to view a file and must always log on to receive a shared file.
Metadata Encryption: All information about files and folders in the zone is encrypted with your key before being sent to ShareFile. As a result, no one outside of your organization can see folder or file names in restricted zones. Access to encryption keys, decrypted files, and metadata is available only through enterprise authentication to StorageZones Controller.
Internal address for StorageZones Controller: For a restricted zone, authorization occurs between StorageZones Controller and ShareFile clients instead of between StorageZones Controller and the ShareFile cloud. As a result, a StorageZones Controller that hosts restricted zones does not require an external address or external SSL certificate. When StorageZones Controller is configured with an internal-only address, users must connect to the company network or VPN to access documents in the restricted zone.
Email notifications from your mail server: When users receive e-mail notifications about shared files and folders in a restricted zone, the e-mail is sent from your internal mail server instead of a ShareFile server.