By Mandy Pang
Microsoft SharePoint server is an outstanding and widely adopted collaboration platform for sharing business-critical data. However, enterprises are finding that SharePoint’s permissions-based security model is not scalable and doesn’t provide adequate controls for sensitive, regulated, and highly valuable data. There is a rapid proliferation of SharePoint sites and data, as well as SharePoint’s ad-hoc collaboration and discretionary access control model. Due to the rapid proliferation, organizations face an increased risk that their sensitive data will be leaked or mishandled. Because of this, users are more likely to grant access to critical assets in SharePoint in ways that may result in non-compliance and intellectual property (IP) leakage. more “Do you have SharePoint Site Explosion?”
By Sudhindra Kumar, Principal Software Engineer at NextLabs
In my previous blog, we discussed about Data Governance Policies and Regulatory Compliance.
In this post, we’ll see some of the options available to protect data at rest and in transit. A few years ago, protecting data in transit was considered more important than protecting data at rest. However, with the proliferation of Internet and cloud technologies, and the subsequent issues related to data breaches have put the spotlight on protecting data at rest as well. Let us take a look at different solutions for protecting data at rest and in transit: more “Cloud Security – Protecting data at rest and in transit – Information Risk Management for the Cloud”
By E.K. Koh
In my last blog, Would data-level controls have stopped Snowden, I highlighted the importance to separate system rights from data rights. But what if Snowden was using a login credential that in fact grants him rights to sensitive data? Accounts vary, but in the blog What the Snowden affair taught us , Anand alluded to the fact that Snowden gained access by stealing credentials of users with higher privilege. Unfortunately, even a system with fine grained data entitlement capabilities will not be able to stop Snowden, under his new identity, from copying sensitive data. more “Can we turn off Snowden’s access after the fact?”
By Sandeep Chopra.
“Attributes” is the new Role?
In the last Gartner Identity and Access Summit in Nov 2013, Gregg Kreizmann, Research VP in Gartner, made a prediction that by 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today.
In Oct 2013, NIST published their report titled “Guide to Attribute-based Access Control Definition and Consideration”, which we discussed in an earlier blog. This is recognition that organizations, including the federal government, need to govern how information is shared across systems, applications, and organizations. more “Attributes is the new role?”
By E.K. Koh
The blog What the Snowden affair taught us questioned, “Why should a system administrator be allowed to download and move files? Shouldn’t system privilege and data privilege be separate?”
Ideally “yes”, but in practice, that has not been the case.
Most system administrators have unfettered access to data given their system privilege. This happens because their jobs often require them to be able to move and copy data and documents. However, not all documents are the same and depending on the classification of the document, certain restrictions may be required. For example: more “Would data level controls have stopped Snowden?”
By Mandy Pang.
In my last post, I talked about the high level challenges with permissions, and how new capabilities such as Active Directory Rights Management Server (AD RMS) and Windows Server 2012 Dynamic Access Control (DAC) offer some promising options for access control, but remain siloed within Windows File Server environments.
In this post, I would like to elaborate on the challenges of permissions. more “Common Headaches About Permissions”
By Mandy Pang.
Collaborative technologies such as e-mail, instant messaging, Microsoft SharePoint, extranet portals, and software-as-a-service (SaaS) applications make it easier to share information and communicate innovations. In a typical Microsoft environment, Office documents may be created on the desktop, then loaded to a File Server for internal sharing. Or they may be uploaded to SharePoint for sharing with your supply chain, or be emailed to a fellow employee overseas. Note the ease with which IP can be transformed, duplicated and shared. more “Problems with Permissions”
By Andy Han
SharePoint 2013, made generally available (GA) earlier this year, introduces several new features that will impact how information is shared across the enterprise: new social capabilities, improved search, cross-site publishing, and a roadmap for companies that want to move to Office 365 in the Azure cloud. The net impact seems to be that sharing information inside and outside an organization will be even easier. This will likely create new challenges for organizations that want to control how teams are accessing and distributing data in SharePoint. more “SharePoint 2013: Exciting new capabilities to share (leak?) sensitive data”