Microsoft SharePoint is used in many highly secure environments around the world that deal very sensitive information – information that is considered ’secret’ or ‘top secret’ and where security of that data is critical to not only business but also to national security. These deployments exist primarily in military and government installations, or as part of the intelligence community. In these SharePoint deployments, its extremely important that security and access control policies be configured in such a way that they “Fail Safe”.
The concept of “Failing Safe” means that if the security system which implements the access control policies fails, for whatever reason, that sensitive information will automatically have the most restrictive access rights automatically applied. Therefore, in these cases, if such a system failure occurs then the sensitive information that is being protected is not left open and in the clear, allowing non-authorized users to access it.
Examples of an access control policy system failing could be an authorization server going down, it could be an inadvertent reboot of a server, or it could even be an unauthorized user gaining access to the environment and interrupting communication between the authorization system and the content management system (SharePoint). There are many such examples. Hardening critical infrastructure and protecting it against all possible forms of attack or circumstances that might arise is a very difficult task that must be performed. However, you also want to ensure that you look at this problem from the point of view of: if all else fails, then access to my sensitive information will revert back to the most restrictive access rights possible so that my sensitive data is not inadvertently released.
TITUS Metadata Security for SharePoint uses trusted claims about a user, and combines them with document metadata to ensure that the right people are accessing the right information in SharePoint. TITUS Metadata Security automatically applies fine grained access control to SharePoint content using the SharePoint permissions system. This has the advantage of enforcing the access control policies that administrators or site owners configure on all the mechanisms that information workers can use to access content within SharePoint, including the SharePoint web view, the explorer view, search, FAST search, the client object model, the server object model and any web services that may be deployed. With TITUS Metadata Security, policies are dynamically enforced, so that as a user’s identity changes or as metadata changes, security policies are automatically applied and user’s are only accessing the content they are permitted to access.
TITUS allows you to set the default permissions on all content within SharePoint to the most restrictive access rights possible. Then when defining access control policies and enforcing those policies with TITUS Metadata Security, TITUS will simply add the appropriate access rights for specific users, groups, or users with specific claims to only gain access to sensitive content that they are permitted to access . This allows Microsoft SharePoint to “Fail Safe” so that if a malicious user or a failure in process subverts the access control policy system, that your sensitive information will revert back to its default inherited SharePoint permissions (the most restrictive access rights possible) and still remain secure!
There are several other systems on the market which implement access control policies or entitlement management in Microsoft SharePoint. However, these systems often require that default permissions on all content be initially configured to the most open access rights possible. The issue here becomes that if that access control system were to be subverted or fail, for whatever reason, and if SharePoint then reverts back to its default inherited permissions then all content including your most sensitive content will be inadvertently leaked. TITUS Metadata Security for SharePoint is the only leading fine grained security system for Microsoft SharePoint that allows SharePoint to”Fail Safe”.
TITUS Metadata Security for SharePoint allows organizations to leverage all of the benefits of user claims and document metadata to secure their sensitive information in SharePoint. It ensures that the right people are accessing the right information and it allows Microsoft SharePoint to implement Fail Safe Security so that sensitive information remains secure in all circumstances.
-Antonio
Comments