My SharePoint Rights Management Wish List

By Yann Lejas, Director of Sales Engineering at NextLabs |

Most enterprises are using browser-based applications, such as Microsoft SharePoint, to store and share documents and files with their colleagues, business partners, and customers. This platform presents certain advantages: it makes information easy to share and quick to transfer. Digital documents can be accessed anywhere, any time and from pretty much any device. more “My SharePoint Rights Management Wish List”

Data Segregation: Missing piece in securing Enterprise Content

By Soujanya Madhurapantula, Senior Product Manager at NextLabs

I have had the same conversation with a lot of our customers… it keeps me awake at night.

Here is how many customers have described it to me:

We have millions of documents sitting in our enterprise application servers that we know are accessible to all our users. We are subject to regulations that require us to identify classified documents within these large sets of data, and segregate them into restricted servers. It is also important for us to restrict users from storing documents in the wrong servers. We are not sure how to segregate this data and put them into the right physical servers. This project is so complex, we do not even know where to start. more “Data Segregation: Missing piece in securing Enterprise Content”

SAP Field Level Security – what are my options?

By Ashwin Bhaskar, Senior Software Engineer at NextLabs

Today’s ERP systems demand tight security controls at multiple levels of the application design. Most ERP systems, including SAP, are transactional in nature. Our customers have frequently asked us about extending security controls beyond transactions at a field level. For example, take a digital product catalog used by multiple departments within an enterprise, the view screen hides pricing information for products from a customer support rep that just needs to view technical product information. Whereas, a sales rep viewing the same product catalog would be able to view both technical and pricing information, but cannot make modifications.   Granted another level of access. is the pricing team, that can view and modify the price fields of the product catalog. more “SAP Field Level Security – what are my options?”

SharePoint 2014 Key Security Takeaways – Our Top 5

By Mandy Pang, Senior Product Manager

SharePoint 2014 Key Security Takeaways – Our Top 5

  1. The conference attendees were buzzed on Attributes.  Specifically, attribute-based security models for SharePoint.  Role-based models are no longer making the cut – they leave collaboration vulnerable.  Attribute-based solutions have fine-grained control.
  2. Clouds, of course was big, even bigger was the topic of protecting data in-transit to/from cloud and at rest in the cloud.  Securing Office 365 was another hot topic.  There was a great deal of discussion around the need for comprehensive end-to-end protection of intellectual property while satisfying the regulations set forth by a company’s compliance office.  If the data or IP was to be accessed by or transmitted to an employee or contractor outside of the company’s firewall, then concern was expressed on how to safeguard the data.
  3. SPC14 was global with a good portion of attendees coming from Europe.  Interestingly enough, a lot of European companies are looking to the U.S., particularly Silicon Valley, for solutions on automated information rights management.
  4. The architects, developers, and I.T. leaders with which I spoke were eager to learn about how to automate fine-grained access control for all work-product in a SharePoint environment.
  5. Extensibility was also discussed.   At SPC14 the conversations were about information rights management extensibility – starting off with one Microsoft solution such as SharePoint, then extending the same information rights management solution to Office 365 and other products.

more “SharePoint 2014 Key Security Takeaways – Our Top 5”

Do you have SharePoint Site Explosion?

By Mandy Pang

Microsoft SharePoint server is an outstanding and widely adopted collaboration platform for sharing business-critical data. However, enterprises are finding that SharePoint’s permissions-based security model is not scalable and doesn’t provide adequate controls for sensitive, regulated, and highly valuable data. There is a rapid proliferation of SharePoint sites and data, as well as SharePoint’s ad-hoc collaboration and discretionary access control model.  Due to the rapid proliferation, organizations face an increased risk that their sensitive data will be leaked or mishandled. Because of this, users are more likely to grant access to critical assets in SharePoint in ways that may result in non-compliance and intellectual property (IP) leakage. more “Do you have SharePoint Site Explosion?”

Can we turn off Snowden’s access after the fact?

By E.K. Koh

In my last blog, Would data-level controls have stopped Snowden, I highlighted the importance to separate system rights from data rights. But what if Snowden was using a login credential that in fact grants him rights to sensitive data? Accounts vary, but in the blog What the Snowden affair taught us , Anand alluded to the fact that Snowden gained access by stealing credentials of users with higher privilege. Unfortunately, even a system with fine grained data entitlement capabilities will not be able to stop Snowden, under his new identity, from copying sensitive data. more “Can we turn off Snowden’s access after the fact?”

Would data level controls have stopped Snowden?

By E.K. Koh

The blog What the Snowden affair taught us questioned, “Why should a system administrator be allowed to download and move files? Shouldn’t system privilege and data privilege be separate?”

Ideally “yes”, but in practice, that has not been the case.

Most system administrators have unfettered access to data given their system privilege. This happens because their jobs often require them to be able to move and copy data and documents. However, not all documents are the same and depending on the classification of the document, certain restrictions may be required. For example: more “Would data level controls have stopped Snowden?”

Common Headaches About Permissions

By Mandy Pang.

In my last post, I talked about the high level challenges with permissions, and how new capabilities such as Active Directory Rights Management Server (AD RMS) and Windows Server 2012 Dynamic Access Control (DAC) offer some promising options for access control, but remain siloed within Windows File Server environments.
In this post, I would like to elaborate on the challenges of permissions. more “Common Headaches About Permissions”