SharePoint 3.3 Is Now Available

It’s an exciting week here at TITUS as we release TITUS Security Suite for SharePoint 3.3, which includes both TITUS Metadata Security and Document Policy Manager. While there are many improvements and new features with this release, such as enhanced audit reporting and the ability to use hidden columns to create more flexible policies, for me the standout feature is secure mobile access to documents and list items.

Because mobile devices are easily lost, stolen or hacked, many SharePoint administrators don’t want to let their workers download highly sensitive information to their mobile. For instance, while it might be perfectly acceptable to access a financial report from the desktop, it might be too much of a risk to let that same user download, view, and edit that document on their tablet.

TITUS Metadata Security for SharePoint (MDS) allows organizations to configure their policies so that permissions are automatically applied and controlled on individual documents and list items.  MDS is able to do this by inspecting the item’s classification (sensitivity) and the user’s claims to process access rules that determine which users with specific attributes can access high business impact information. The result is simplified security administration. With TITUS MDS, documents and items don’t need to be segregated and administrators don’t have to constantly create new intersecting groups to manage changing access rights; TITUS regulates what is available.

With this release of TITUS Metadata Security 3.3, we have extended the dynamic security capabilities to include another criteria – the device type. By adding the device type to the access authorization policy, TITUS can block (and filter from the folder view) any sensitive items being accessed from a mobile device that the user can otherwise access from their desktop.

It should be noted that MDS is not just blocking sensitive documents or items from the users’ view. Even if the user has a direct link to a document that has been restricted from mobile access, the link will not work and access will be denied.

So, if you need to make sure your workers have mobile access to documents in SharePoint – but not too much – be sure to give the latest version of TITUS Security Suite for SharePoint a try.

SharePoint Security Minute with TITUS Product Manager Antonio Maio

TITUS Senior Product Manager and SharePoint Server MVP Antonio Maio recently shared some of his insights on SharePoint security. He provided tips, pointed to current challenges and explained how SharePoint will be affected as computing becomes more mobile and social.

Question: What are some aspects of SharePoint security that you think are critical but may be overlooked?

Maio: People often come to talk to us about enforcing security at a fine-grained level or detailed level. This relates to the level of security on each individual document or each individual data item within SharePoint, as opposed to broadly applying security to large sites or libraries. We see many customers take a very broad approach to security where a particular site is considered the ‘secret site’ where sensitive information sits, while less sensitive information goes elsewhere. But more and more we are seeing a trend where people want to have sensitive information sitting beside non-sensitive, and have the security evaluated on each individual item.

Another aspect of security that is often overlooked is the idea of automating security, or having security policies automatically applied to content. This becomes especially important with large amounts of content. We have some customers that have millions of documents sitting in SharePoint – it’s impossible to manage security on a fine-grained level with that much content and without some kind of security policy automation.

Q: What’s the benefit of fine-grained security? Is it helpful for compliance?

Maio: The goal for our customers is mainly compliance, to ensure that people are only accessing information that they have permission to access; to make sure there are no information leaks, whether they’re inadvertent or malicious. The value in automating security policies is that you can then be sure that it applies to all of your SharePoint content no matter where it resides. For many organizations, a SharePoint deployment often starts off small and then grows quite rapidly. You end up with many libraries and many sites. People may not remember they have a library sitting off somewhere that may have sensitive information sitting within it.

Q: Are there any common anxieties customers have about SharePoint security? How do you address these concerns?

Maio: People and organizations often have established information sharing policies. They already have some sort of corporate information sharing policy:  information must be classified by users in some specific ways, and as a result it is only to be shared with specific groups, and so on. How they map that into SharePoint is often a challenge for them because the policies are frequently written in plain English and then translated into SharePoint controls. Having those controls automatically applied can be a big challenge for them.

When we look at how customers have deployed SharePoint and how their users interact with it, we offer a very flexible model for them to translate those information sharing policies into security controls within SharePoint. TITUS products allow organizations to create policies or rules with very simple or complex conditions within the management interface of our products. Customers are guided through configuring their information sharing policies whether it has to do with classification or metadata or the user or some combination of those properties – we allow them to easily model their corporate information sharing policies into security controls in SharePoint within the TITUS SharePoint Security Suite.

Q: As computing evolves, with mobility and social networks becoming more important, how do you see the security of SharePoint impacted?

Maio: In a world where people are not necessarily always accessing information from their office computers, where people are accessing work information or trying to get work done from their own PC or tablets or smartphones, security takes on a new challenge. You can’t just secure the perimeter anymore; you can’t just have firewalls centrally managed. You need to apply policies to every single piece of information you are sharing.  The information object becomes the new perimeter.

Q: How can a security solution make sure people are logging into SharePoint securely?

Maio: SharePoint provides a few great options for enforcing a secure login, what we often call authentication.  These options include the traditional Windows integrated login, forms based login (so logging in through a custom web page) and a new concept called claims based authentication which securely retrieves detailed and trusted attributes about the user that’s logging in.  When we look at identity and authentication, you also talk about the concept of federation.  Federation has to do with not just letting internal people in an organization access SharePoint, but also letting external partners or customers log into your SharePoint site using their own identity – through their Facebook or Google account, for example.

Q: Is this safe to do through a website like Facebook? It doesn’t seem very secure at times.

Maio: Absolutely, due to the open and secure protocols used to enable federation.  However, as we talked about earlier, you still need to ensure that you are only making the appropriate information available (in an automated way) to users that login to SharePoint using their Facebook account.  As an example,  if you have a website where people have to create an account to download a white paper, most people are going to put in invalid information, or garbage data, just to get the white paper. But if you allow them to log in with a Facebook account, it’s more likely you’re going to have a real email address to communicate with them afterward. This is why federation becomes appealing for large organizations that have large consumer clients.  Then, if you know they came in using their Facebook account, you can prevent them from accessing sensitive data, and only allow them to access information that is open to the public.

Announcing: New Release of TITUS SharePoint Security Suite

We’re very pleased to announce the latest release of the TITUS SharePoint Security Suite! With this release, TITUS is making it easier than ever before to enhance and automate security within Microsoft SharePoint.

TITUS Security Suite for SharePoint version 3.2 enhances security by automatically enforcing fine-grained access control and applying visual labels – promoting strong, consistent data governance for SharePoint content. TITUS products leverage existing document metadata combined with trusted user claims to ensure that security is applied automatically and consistently across all SharePoint content. As Microsoft SharePoint becomes an increasingly critical platform for document and records management, administrators and content owners are faced with the challenge of protecting sensitive content and preventing data breaches. The TITUS SharePoint Security Suite ensures that content in SharePoint is protected automatically and consistently across all SharePoint content.

What’s New

The latest version of TITUS Security Suite for SharePoint is focused on making SharePoint a more secure platform for organizations while simplifying SharePoint security for administrators.  We’ve listened to our customers and put a lot of work into making it easier to manage security in large SharePoint environments.  Here’s a list of just a few of the great features that are new in the TTITUS SharePoint Security for SharePoint version 3.2:

• Dynamic Policies – enforce dynamic, fine-grained security in SharePoint with policies based on trusted user attributes (claims) and metadata. With TITUS dynamic policies, organizations can ensure that the right people are accessing the right information at the right time. Dynamic policies can be used to instantly deny access to SharePoint content when a user’s status changes, such as employee resignations or terminations, as well as to block individual group members from accessing sensitive content, even if the group itself has access to the content. 
• Centralized Policy Administration – apply TITUS policies across site collections, sites, libraries, or folders using powerful new administration options. Administrators can centrally control policies or delegate administration to business unit managers or site owners.  
• Support for SharePoint 2013 - the TITUS SharePoint Security Suite fully supports this great new release of Microsoft SharePoint, while still maintaining support for SharePoint Server/Foundation 2010 and Microsoft Office SharePoint Server 2007.
• Auditing for Effective Data Governance - support effective data governance and compliance by auditing TITUS administrator and security policy actions. Organizations can track when administrators create, edit, or delete a TITUS policy. They can also track when TITUS sets or changes content permissions, enables user access through dynamic policies, applies visual markings to documents, and converts documents to PDF.
• Software Development Kit – leverage the TITUS SharePoint Security Software Development Kit (SDK) to easily integrate with existing line-of-business applications and apply security to large and complex SharePoint farms.  

TITUS Security Suite for SharePoint is made up of two products that can be purchased individually or together:

• TITUS Metadata Security automatically controls access to sensitive content and manages permissions based on metadata properties and trusted user claims.
• TITUS Document Policy Manager automatically applies visual labels and converts documents to PDF to enhance security and raise awareness of sensitive content.

-Antonio