SharePoint: Enable Collaboration, Don’t Compromise Security
There are two fundamental approaches that organizations use to secure content in SharePoint today: restrict user access and apply file encryption.
1. Restrict User Access – User access tools allow administrators to juggle inherited permissions, maintain multiple user groups or create unique silos for specific sharing scenarios. User access can be restricted to completely secure files to the point of rendering collaboration impossible.
Restricting user access also results in several SharePoint administration problems:
- Difficulty to manage and maintain users belonging to hundreds of groups
- Too many permissions requests and the need to handle exceptions
- Users bypass security to work around burdensome restrictions
- Complicated inter-rule interactions can yield unforeseen outcomes
2. Apply File Encryption – File encryption tools are used to protect sensitive files that must not be mishandled. When user access has been relaxed, organizations can encrypt the files to ensure that the data is safe when it is being used.
When too many files are encrypted at rest, however, usability is often sacrificed:
- Files are not indexed or searchable, so they can be difficult to use
- Files cannot be scanned for content, so they may be inappropriately categorized
- Key management and revocation requests can overload IT and inhibit sharing
User access restrictions and file encryption, combined with complicated permissions and exceptions, make it difficult to have secure and collaborative environments.
Static Security is a Problem
Microsoft offers quite a few tools to help, but they are static.
- User access permissions are static – they do not change as the user moves between networks, devices, and even countries.
- File encryption templates are static – they are generally applied to all files of a certain classification, regardless of how the content changes over time or how that file is used.
Static access permissions and file encryption templates do not work in the modern dynamic, ‘always on’ workplace and with today’s evolving SharePoint environments especially when considering:
- User mobility, BYOD, and unsecured devices
- A large number of users and groups
- Mixed or legacy SharePoint environments with inconsistent security tools
- A complex matrix of overlapping permissions such as security clearances or project teams
- Regulations that vary by country or data transmission methods
What’s Missing is Dynamic Security.
Dynamic security is a policy-based approach that evaluates a range of constantly-changing attributes in real-time about users and files. As user and file contexts change, different policies are automatically applied that are appropriate for both the user and the file’s context. This capability addresses the weaknesses of static user permissions and static file encryption templates.
This dynamic and policy-based model provides a much more fine-grained security approach that is simpler to administer and dramatically reduces the need for exceptions handling.
The key to dynamic security is combining both user and file attributes to create sophisticated policies. If any of these attributes change, appropriate policies respond in real-time.
A New Model for SharePoint Security
Get the white paper that proposes a new model for SharePoint security that enables collaboration without compromising security. It shows why dynamic security is so important to secure SharePoint. By reading the paper, SharePoint administrators will gain a better understanding of how they can apply user and file context to drive dynamic policy-based SharePoint security.