NC Protect for File Shares

Dynamic Data Security for File Shares

Unstructured Data on File Shares Poses a Significant Security Risk

Many organizations have turned to document collaboration and management platforms, including Microsoft  365 and other cloud solutions, to store and collaborate on unstructured content.

However, many companies still use traditional file shares, where terabytes of data are stored and accessed. Some will migrate that content over to systems like SharePoint Online, while others will continue to store and archive information in existing repositories.

With so much focus on new systems and the cloud, how are access and compliance being managed on your file shares? The same data privacy and security concerns that apply to newer technologies are equally important for File Share systems.

NC Protect offers dynamic, real-time data loss prevention for Windows File Shares, NetApp ONTAP and Nutanix Files. It continuously monitors and audits data and documents stored and shared on File Shares against regulatory and corporate policies to protect against data breaches, unauthorized access, and misuse.

Cybersecurity Excellence Award 2022 Gold

Ensure Data Security & Compliance of File Share Content

Stop relying on complex folder hierarchies to protect file share data. NC Protect safeguards your File Shares with data-centric security and encryption without the overhead of manually administered folder shares and NTFS permissions.

NC Protect takes a proactive approach to data security. It uses attribute-based access control (ABAC) and data protection policies to automatically discover, classify, restrict, and encrypt content.  By dynamically adjusting access and security based on real-time comparison of user context and file content, NC Protect ensures that your business regulations and policies are adhered to, giving you peace of mind.


Scan and identify content for privacy and compliance factors, including privacy regulations (CCPA, GLBA, COPPA, GDPR, POPIA, etc.), protected healthcare information (PHI, HIPAA), FISMA, PCI DSS, defense data (ITAR, EAR, CUI) and more.

Easily create custom rules to match your organization’s unique privacy, confidentiality and security policies for HR, financials, M&A and more.


As NC Protect scans and identifies sensitive data or detects specific policy violations, the flagged file is automatically classified via the addition of metadata.

NC Protect audits a document’s entire lifecycle, including who accessed the data and what they did with it.


Once classified, NC Protect applies access and usage rights to automatically:.

• Encrypt files both at-rest and in-transit
• Prevent unauthorized sharing and editing of documents
• Start workflows for approvals and notifications
• Report on sensitive data issues, permissions and user activity

The NC Protect Difference:
Data-Centric Access Control & Protection

NC Protect allows you to discover and classify data, dynamically protect data and collaborate securely using dynamic attribute-based policies. 

It enhances Windows File Share security to not just control access to sensitive data, but also apply conditional data-centric protections such as read-only access, user-based watermarks, encrypt or restrict attachments sent through Exchange Email, and more. It is entirely transparent to end-users and does not require any additional client-side applications.

Classify Data

With NC Protect users can easily configure secure metadata and define choice values to suit any business requirement. Authorized users can classify documents according to their content, unlike standard metadata that can be modified by anyone that is allowed access. Users can define the level of sensitivity of the document, e.g. confidential, private or secret, then depending on their selection additional levels of classification can be added as required, including selecting the audience, department or project.

Restrict Access

Based upon the business rules associated with its classification, access to a document or content item within a File Share can be restricted to a specific individual or group, even if a wider audience has access to the site or library where the item physically resides. With file level permissions, administrators can reduce the number of folder locations that get created (folder location proliferation) just to cope with another set of collaborative users. Managing file permissions with NC Protect is easy since they are based on the metadata values added at the time of classification.

Encrypt At-Rest & In-Motion

Data loss prevention is a critical issue for many organizations. In addition to securing a document based on its classification (metadata), NC Protect can further secure File Share content by encrypting it. This means only properly credentialed users will be able to read the content – whether inside or outside of the File Share – even if they have administrator privileges, making it safe to store confidential documents such as Board and HR documents. It also ensures any documents that make it out of the file system can only be accessed by the credentialed users.

Prevent Sharing

To further extend the tracking process you can also define rules in NC Protect to prevent the distribution of sensitive information or confidential documents or or educate users of the risk. For example, if a document is going to be emailed to a group and a listed recipient does not have proper access to that category of document, then the email cannot be sent until the individual is removed from the distribution list. Users can also be prevented from printing, saving or copying the contents of Microsoft Office documents outside of the File Share.

Advantages of Metadata-driven, Item-level Security

archTIS’ granular approach to security limits access at the data level using dynamic attribute-based policies. This approach better protects your organization from an accidental breach and controls the proliferation of folders on File Shares used to control access.

NC Protect looks at an entire folder of content and the data contained within the items to identify individual documents and files to secure based on specific policies defined in the policy manager. It then classifies, via secure metadata, and if desired, restricts access to and encrypts the item(s)

Since permissions are applied at the individual file level (using classification), as compared with solutions that secure or encrypt at the folder level, sensitive content can be stored, shared and collaborated on from any folder in the File Share. It ensures access to the file is restricted to only those who have permission to access it as defined by its classification.


  • Centralized, cost-effective policy compliance management and data loss prevention.
  • Monitor and audit content against regulatory and corporate policies.
  • Automatically classify, restrict access to and encrypt content based on the presence of sensitive data including PII, PHI, IP and other factors.
  • Supports common file types, including Word, Excel, PowerPoint, PDF, OCR, CAD files, images, text files and more.
  • Granular policy-enforced approach to security limits access at the item-level using file and user attributes. 
  • Supports common file types, including Word, Excel, PowerPoint, PDF, OCR, CAD files, images, text files and more.
  • Audit trails and forensics track access to sensitive data to ensure transparency and accountability.



NC Protect for File Shares Data Sheet

Technical Specifications


Video: NC Protect Overview


More Resources

Experience NC Protect. Request a Demo.

See how we enable secure collaboration in Windows File Shares with data-centric security.