Protect your SharePoint content at the content level
According to a CNN report last week, there's another Edward Snowden-type leak of national security documents happening in Washington. As you might recall with the Snowden security breach, blame was placed on SharePoint, which the U.S. government, local governments and other public and quasi-public institutions use for document management, intranet and collaboration.
Some tried to put the blame for Snowden's ability to get the documents on SharePoint itself. Security experts, though, see a different cause: access and permissions.
"Edward Snowden is no genius,? said Steve Murphy, CEO of SharePoint solutions provider Metalogix. "The mistake was in hindsight. The content store grows in mission criticality but access to that content was not reassessed or reapplied.?
In other words, Snowden was given the keys to the store even though his job at the U.S. National Security Agency was to build a Web application front end and then move data into it. "He didn't need to know what was in the box,? Murphy added.
And Kurt Mueffelmann, CEO of security company HiSoftware, told me in March that many security leaks aren't necessarily malicious. "It could be people doing their jobs in a lazy way, circumventing rules and policies? regarding document visibility, alteration and movement, he said. It could be SharePoint administrators having access to sensitive organizational data, or an overzealous collaborator who provides access to documents to users not authorized to see those documents.
In Snowden's case, Murphy said, it was "a leak by mistake.? The resolution to these kinds of leaks, he detailed, is to look at collaboration as a substantive application that requires business management based on the sensitivity of content. "You need to do security from the content out, not just around the perimeter. You need to the protect the integrity of the data store from the inside out.?
Murphy offered two methods for dealing with these kinds of leaks. The first involves auditing, document thresholding and alerts. This means companies must set limits on how much information an employee can see in a day, auditing his behavior over time, and sending off an alert if he exceeds the threshold. "No one can absorb gigabytes of data in a day,? Murphy said. "The question is, what are they doing with all that data??
In Metalogix's lab, Murphy said the company is working on automating the movement of data from one machine to another without human intervention. "We want to eliminate the need for administrators to be inside the content layer, so data moves without human hands or eyeballs.? And tiering permissions (so that not everyone has "uber access? to data and content) also play a critical role in security.
Enterprises, said Murphy, won't shut down collaboration to cut down on leaks. "They can embrace the productivity gains (of collaboration) but put the infrastructure in place to ensure the right people have the right access, to eliminate some nefarious activity.?
As organizations move from having departmentally shared repositories to offering mission-critical front-end applications, Murphy said that collaboration and content management must go together. "The sensitivity of content has changed. You need to look at permissions and security access. You're dealing with an inside threat,? he said.