Protecting Microsoft SharePoint data.
By Paul Rummery, Securenet Consulting
Microsoft
SharePoint® Data security and encryption solution – providing
document security and access control.
Don't get me wrong, we are living in exciting times from an IT and technology perspective – we have seen the wide spread acceptance and benefits provided by virtualisation, powerful mobile computing, social media and data collaboration mediums – which have boosted businesses ability to operate and transact on the fly, but.....due to competitiveness, rushed eagerness to implement and take advantage of the cosmetic benefits of these technologies - policies, guidelines and regulations that have been put in place to safe guard personal and business sensitive data are being compromised (we are not about scaremongering, you just have to look at the long line of publicly documented stories – the SharePoint System breach of the NSA just happens to be a recent, significant and embarrassing one).
We
at Securenet stand by the age old saying that “a job worth doing,
is worth doing right”, and as you know we are passionate about
finding and bring to light other IT industry visionaries and leaders
that share that ideal – ones that have gone that extra step to
provide a working solution.
Brace
yourselves as we put on our boxing gloves and dish out some tough
love, in an effort to help Senior
management and IT professionals to take steps to better protect
business critical and sensitive content within SharePoint
environments.
The Microsoft SharePoint - Data Security problem;
Its important to note that SharePoint itself, isn't insecure. It's the way it's used that causes problems.
- Microsoft SharePoint is a great document collaboration platform, but it does not come pre-equipped with tools for manual or automated email encryption, data encryption, file encryption or data encryption.
- An increasing number of IT management are holding off implementing Microsoft's 2013 SharePoint as they lack confidence with security issues around cloud technology.
- In turn a large number said they had no plans for storing SharePoint content in the cloud.
- All too easily, anyone can find things they shouldn't. The result is inappropriate snooping; and that spells trouble for every organisation using the tool.
- SharePoint user access rights are based on user location proxies – for example, two colleagues sitting next to each other will have access to data. However, this doesn't mean that they both need to, or, in fact, should. But in reality, if user one discovers he doesn't have access to a particular file, and his colleague does, he'll simply ask for him to 'copy' the file somewhere they can both access. It might even be that two people were allowed to share a document at the beginning of a project, but your business data privacy decision makers says (perhaps a director only wants one project manger to view or continue to work on a particular classified document, and previous participants on the project have left or should not have further knowledge of new sensitive information being added to documents).
- 45 percent of SharePoint users admitted to have copied confidential or sensitive information from SharePoint to a local PC, USB key or even emailed it to a third party, with 18 percent admitting to regularly doing this.
- Sorry to say, but SharePoint administrators are no saints, being nosy themselves, peeking at documents they're not really meant to read – call it curiosity or what you will (employee details, salary details, merger and acquisition details, redundancy notes.)
- From a legal perspective this spells Data Loss and Compliance issues!
Ok, putting the boxing gloves down now. We know organisations need to get the balance right between protecting themselves from the cost of data breaches and at the same time allowing staff to ‘get the job done’.
It would not be feasible to simply disallow any content to move outside of SharePoint. There are many legitimate reasons: For example, there is a strong business case for being able to share documents beyond SharePoint between companies and when collaborating with sub-contractors. Likewise, board members on their way to a shareholder meeting may need to access sensitive information from their tablet.
Data security should form the foundation for a company’s IT infrastructure. While the end user should be affected as little as possible by any security controls put in place, they still should be involved in the process of using SharePoint securely. User awareness of security issues and education about their responsibilities to keep data secure is important.
There are now
solutions that allow encryption of sensitive documents with a few
mouse clicks or automate the process altogether. This ensures
seamless protection while maintaining effective collaboration.
Cryptzone provide document security, access control and compliance auditing capabilities for Microsoft SharePoint.
1. Ensures encryption and access management of document sharing,
2. Provides an integrated method for secure communication, which allows users to share SharePoint content appropriately within and outside the network,
3. Establish rule based access rights management to automate SharePoint security controls, thereby avoiding human errors,
4. Ensures a separation of duties, so that SharePoint administrators cannot circumvent security policies and cause an accidental or malicious breach,
5. Provides reporting of all administrative actions and events involving sensitive SharePoint content to spot security threats early and prevent cover-ups.
Business Benefits
- Classify and report on sensitive content already stored within a SharePoint environment.
- New content is checked as it is uploaded and content matching the security policy criteria can either be completely blocked or encrypted as appropriate.
- SharePoint document security with a simple click - The tools for securing documents are integrated into SharePoint’s user interface.
- Document version and location control – no need to worry how many versions of one document may exist or where they may reside – manage access rights centrally and these policy changes apply to the documents where ever they may be.
Security travels with documents - where the document travel across FTP servers, application servers, desktops, USB flash drives, email, CDs/DVDs and external hard drives, copies taken using backup software. Encrypted documents even carry user access rights.
Sharing secured documents externally - Users can open secured document on ANY device without installing software (on iPad®, Android®, iPhone®, a Mac®, a PC, etc.)
- User Access Control - Integration with Active Directory and other user directory platforms makes it easy to manage access rights and secure groups.
- Seamless integration with Microsoft SharePoint - integrates seamlessly with the SharePoint document management systems ensuring a familiar look and feel for users.
- OTP Support for document access – where organisations require higher security levels, the user has to enter an additional security code sent to their mobile device as a text message.
- Share information with customers, partners or colleagues as secure shared packages – with full audit log trial of users and changes to data.
- SharePoint security in a hosted environment - endpoint client provides the encryption functionality and transports the encrypted document to and from the SharePoint server - even if an external service provider is hosting SharePoint.
IT Regulatory Compliance
Cryptzone's solutions provide regulatory compliance for the following standards and regions.
EMEA
- EU Data Protection Directive
- EuroSOX
UK
- GSi Code of Connection
WORLD WIDE
- Basel II
- Basel III
- PCI/DSS
- Professional Code of Conduct
NORTH AMERICA
- FTC Red Flag
- HIPPA
- HIPPA HITEC
- Sarbanes-Oxley Act
end.
WANT TO LEARN MORE? Contact Securenet Consulting