We Just Launched a Better Way to Keep Files Inside the Boundary

Most file sharing platforms were built to solve a collaboration problem. Sharetru was built to solve a security problem. And with our latest release, that gap between the two just got a lot wider.

If you're an IT, Security or Compliance leader responsible for data governance, compliance, or just making sure sensitive files don't end up somewhere they shouldn't — this update is worth your full attention.

The Problem with "Sharing" Files

Every time an employee shares a document, you're making a decision: do you trust where that file is going to end up? Traditional file sharing tools give you virtually no control over what happens after someone clicks a link. Files get downloaded, forwarded, screenshotted, or printed — and you often have no way to know it happened, let alone stop it.

For organizations operating under FedRAMP, DoD IL4+, or NIST SP 800-53 frameworks, that's not just an operational risk. It's a compliance failure waiting to happen. But even for teams without formal mandates, uncontrolled data egress is a real and growing threat — and insider incidents account for a significant share of it.

That's the problem Sharetru's latest release is designed to solve.

What Sharetru Launched

View-Only Access — In the Browser and Beyond

Users can now open and view supported documents directly in the Sharetru web app — no download required. What used to be a default download action is now a controlled viewing experience that keeps content inside your security boundary.

This isn't a minor UI tweak. Eliminating the forced download removes one of the most common vectors for uncontrolled data egress. The file stays on your infrastructure. The user gets what they need. You stay in control.

We've extended this to external sharing as well. Administrators and users can now generate view-only share links — links that let external recipients read a document without the ability to download, copy, or save it. True read-only access, enforced at the platform level.

Dynamic Watermarking That Works Static watermarks are theater. They can be cropped, edited, or removed with basic image-processing tools. Sharetru's new watermarking system is different. Every time a document is viewed, a session-unique watermark is applied dynamically — appearing in randomized diagonal positions that change with each session. Because the placement is never the same twice, it cannot be removed using image subtraction techniques. More importantly, the watermark persists even in screenshots and phone-camera captures. What this means practically: if a document leaks, you can trace exactly which session it came from. That's a meaningful insider-threat deterrent and an accountability mechanism that security teams have been asking for. Watermarking is currently available on Sharetru Federal, where FedRAMP Moderate authorization provides the tightly controlled, continuously monitored environment this feature demands.

New Granular Folder-Level Permissions Administrative control over who can do what just got more precise. A new folder-level permission allows administrators to specify exactly which users can create or delete folders within a workspace or individual folder. This might sound simple, but for organizations managing complex content hierarchies — legal, HR, finance, or any team where folder structure reflects business process — accidental or unauthorized reorganization is a real operational risk. This permission closes that gap and is available across all plans.

Why This Matters for Compliance

This release closes a common compliance gap: once a user can download a file, you’ve effectively lost control of it. By combining view-only enforcement (in-app and Shares Links) with dynamic watermarking, you get a layered control set that is both easy to explain to auditors and practical to operate day-to-day.

1. View-only in the web application enforces least privilege by limiting what an authenticated user can do with a file—they can access the content, but they can’t export it.

2. View-only in Shares links extends that same enforcement to externally shared content, which is where most organizations see uncontrolled sprawl.

These controls reduce the number of unmanaged copies that end up on endpoints, in personal cloud drives, or forwarded via email—exactly the “data leaving the boundary” problem that shows up in FedRAMP/DoD environments assessed against the DoD Cloud Computing SRG baseline requirements.

Dynamic watermarking adds accountability at the point of access. When a viewed document is stamped with a viewer-specific identifier (user/email + traceable token ID), it creates a strong deterrent and supports attribution if sensitive content is later found outside approved channels. This aligns directly with the intent of non-repudiation (AU-10): being able to tie actions and information handling back to a specific user or event.

(Important nuance: watermarking won’t *physically* stop screenshots—but it materially increases traceability and reduces “plausible deniability,” which is what auditors care about in governance and insider-risk narratives.)

Taken together, these are not just enhancements to improve your internal workflows. They’re documented technical safeguards you can point to in an audit or authorization package:

• Least privilege & access enforcement: view-only reduces permissions to the minimum necessary (AC-6), and it helps prevent users from bypassing safeguards by converting access into uncontrolled export (relevant to the intent of AC-6(10) around preventing circumvention of controls).
• Non-repudiation / accountability: watermarking supports AU-10 by strengthening attribution for viewed/shared content.
• Content sprawl reduction & sanitization objectives: by preventing routine downloads, you reduce the volume of media that must be controlled, disposed of, or sanitized under MP-6 expectations (fewer unmanaged copies, fewer endpoints implicated).

For compliance officers and security architects, the “so what” is simple: these controls shift file sharing from a trust-based process to an enforceable, auditable control surface—prevention (view-only) + deterrence/traceability (watermarking) across both internal access and external sharing. That’s exactly the kind of concrete safeguard story that holds up under FedRAMP/DoD scrutiny and NIST SP 800-53 control mapping.

How These Features Turn Sharetru Into a CUI Enclave

With this release, Sharetru moves from “a place you can store and share sensitive files” to a defined, enforceable CUI handling boundary. View-Only in the web app and View-Only in Shares links let you grant access without routinely creating unmanaged copies on endpoints, which is the #1 way CUI sprawls and explodes audit scope. Dynamic watermarking adds identity-bound accountability at the moment of access, strengthening deterrence and traceability if content ever shows up outside approved channels.

Combined with Sharetru’s existing access governance and audit logging (and, in Sharetru Federal, a FedRAMP Moderate authorized operating boundary), these controls support the practical definition of a CUI enclave: least-privileged access, constrained handling, and defensible oversight. Next week, we’ll break down further how Sharetru can be used as an enclave, and how it supports CMMC scoping — stay tuned.

The Bigger Picture

This release is the foundation for a larger 2026 roadmap focused on security, permissioning, and administrative control. The features launching are standalone additions for now, but they are the foundational building blocks for capabilities already in development.

If you're evaluating file sharing platforms and security is a priority, the question isn't just what does this platform let users do? It's what does this platform prevent?

That's the question Sharetru was built to answer.

Ready to see it in action?

If you're a current customer, contact us at support@sharetru.com or visit the Sharetru portal to get started. If you're a new potential customer, click here to meet with us to get started..