Category Archives: Security
7 Questions to Assess the Best Method for SharePoint Content Security
Selecting whether to use folders or metadata for security and classification in SharePoint is confusing. The problem is that out-of-box neither folders nor metadata can achieve security and classification well in SharePoint.
Companies are left puzzled and compromised because neither folders nor metadata solutions offer adequate security or efficiency. Some commonly asked questions on folders and metadata include:
Will using folders cause problems with document duplication?
When will folder navigation breakdown?
Are folders the best way to secure documents?
Folders and metadata alone are not able to provide the level of security and classification required for storing confidential documents and intellectual property in SharePoint. In order to gain the full productivity and collaboration benefits of SharePoint, granular security and classification is fundamental.
Mobilizing SharePoint while Securing Content
Microsoft says 78 percent of the Fortune 500 companies are SharePoint users. It also says that there are 125 million user licenses worldwide – 62% are information workers using it daily. Now consider these figures against research from IDC that says the world’s mobile worker population will reach 1.3 billion, representing 37.2% of the total workforce by 2015. Mobilizing SharePoint is not a nice to have, it is a necessity. The challenge is that SharePoint is often home to sensitive corporate and customer information.
An IT World article, “The BYOD mobile security threat is real” reported an interview with Paul Luehr, formerly a federal prosecutor and supervisor of the Internet fraud program at the Federal Trade Commission, and now a managing director at Stroz Friedberg. In it he responded to two relevant questions:
HIPAA Omnibus Rule Takes Effect
A few weeks ago the long-awaited final omnibus rule that modifies the Health Insurance Portability and Accountability Act (HIPAA) took effect. HHS Office for Civil Rights Director Leon Rodriguez said, “This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented. These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”
The changes affect HIPAA covered entities, including health care providers, health systems, health plans (including insured and most self-insured employer group health plans) and clearinghouses. HIPAA business associates, including a wide range of vendors who contract with covered entities and access protected health information (PHI) are also now covered. Examples include technology vendors, services organizations, accountable care organizations (ACOs), and third party administrators.
HIPAA covered entities and business associates generally have 6 months – until September 23, 2013 – to become compliant with the Omnibus Rule. This new ruling will force many vendors to transform both their agreements and their compliance practices. Smart vendors will begin adapting now.
Refine Policies to Optimize Secure SharePoint Collaboration
You bought SharePoint to enable collaboration across your organization. However, within SharePoint, there is a lot of sensitive content ranging from customer and employee details to company confidential content. The challenge is how to apply security that does not prohibit collaboration. People need to access sensitive content. The key is preventing unauthorized users from accessing it and controlling what authorized users can do with sensitive content to ensure it remains secure.
To achieve secure collaboration in SharePoint, you need to be able to enforce policies governing the handling of sensitive information by applying security at the item level. This approach offers the most effective security for managing regulated and confidential information as it moves around in the platform – or makes its way outside of it. The ideal solution offers end-to-end capabilities to automatically classify, apply permissions, track, encrypt and prevent the inappropriate storage, access and distribution of sensitive content in SharePoint.
Dunross & Co Selects HiSoftware for SharePoint Security
Today we announced that Dunross & Co, an independent international investment company, has selected HiSoftware Security Sheriff™ SP to secure content in its SharePoint 2013 environment.
Following a review of SharePoint security products in the market, we were able to meet Dunross & Co’s requirements, where other vendors fell short, to classify, restrict access to and encrypt SharePoint content and documents. Additionally, Dunross & Co will use Security Sheriff to prevent the distribution of confidential content and track the entire lifecycle of documents for added security and control.
SharePoint Collaboration: How to Control Company Confidential Documents on iPads
Previously I’ve blogged about two of the “Top 10” security challenges with SharePoint collaboration. The first was on how to prevent breaches caused by downloading and sharing sensitive SharePoint documents and the second on how to stop IT staff from reading highly confidential documents in SharePoint. In my last post of the series I’ll look at how to control company confidential documents accessed on iPads.
Problem
The explosion of bring-your-own-device (BYOD) to work offers the promise of increased productivity for contributors and managers. There are increasing demands on IT from senior managers to provide corporate documents on their iPads for internal and external meetings. Senior executives also need access to highly confidential information. However, most of their documents are not confidential and need to be shared with their staff and colleagues. How do you balance these conflicting requirements?
Prevent Breaches Caused by Downloading and Sharing Sensitive SharePoint Documents
Many companies have invested in SharePoint for managing their unstructured information. However, few have realized the potential efficiencies and productivities that SharePoint offers because of concerns about the security of the information stored in it. Worse still, many continue to maintain legacy document management systems to store sensitive information and continue to incur the associated software maintenance, labor and hardware costs. This drastically reduces the ROI on their SharePoint investment.
Our latest white paper The Top 10 Security Challenges with SharePoint Collaboration looks at the top security challenges facing executives and IT managers today.
Previously I answered How to stop IT staff from reading highly confidential documents in SharePoint? In this second post, I will discuss how to keep confidential documents safe when downloaded or shared:
What happens when a user downloads a confidential document from SharePoint to his/her desktop or shares a document from their SharePoint Workspace?
451 Group Says to Automate Information Governance
In a 451 Group report Defining and driving ‘information governance’ in the era of the cloud and ‘big data’, analysts David Horrigan, Carl Lehmann and Alan Pelz-Sharpe position the importance of information governance. The introduction is particularly interesting:
“Information governance means different things to different actors in the enterprise; hence, defining and implementing information governance is much easier said than done. Nevertheless, now is the time to do so because it has become possible to automate much of the process, and the potential benefits of doing so now far outweigh the cost and effort.”
We define information governance as the need to control the content within your organization. It includes the policies created to comply with regulations for privacy and accessibility, and internal policies for confidential company information and intellectual property. It even extends to include website quality and brand integrity. More importantly, it should encompass how these policies are enforced and updated to fit how an individual organization is actually using the information. As highlighted in the 451 Group quote above, automating this process offers significant benefits despite the costs.
Healthcare IT Priorities: Patient Data and Meeting Regulatory Requirements
The InformationWeek 2013 Healthcare IT Priorities survey showed that “more than 60% of health IT pros…cite managing digital patient data and meeting regulatory requirements among their top priorities, rating each a 5 on a 1-to-5 scale.”
The survey also highlighted that healthcare IT pros are struggling to keep pace with the change in the industry. One respondent said, “Most healthcare CIOs are supportive of the majority of the new functional requirements that are being forced on us. However, federal requirements are coming too many, too fast. … The rate of change is such that systems and changes are being implemented less than optimally.”
Another key point within the report is that “less than 15% of healthcare providers have qualified for federal subsidies based on meeting Meaningful Use requirements.” Not only are healthcare organizations struggling to keep up, but they are also losing out on incentive payments.
How can healthcare organizations keep patient data protected, meet regulatory requirements and comply with the Meaningful Use standards to receive subsidies?
Top Security Challenges with SharePoint Collaboration
In today’s business environment successful companies rely upon the rapid and efficient exchange of information. Collaboration between employees is a critical part of this equation and a key driver for increasing competitiveness and productivity. Effective collaboration requires timely access to information— both structured (databases) and unstructured (file systems, online content and communications).
Many companies have invested in SharePoint for managing their unstructured information. However, few have realized the potential efficiencies and productivities that SharePoint offers because of concerns about the security of the information stored in it. Worse still, many continue to maintain legacy document management systems to store sensitive information and continue to incur the associated software maintenance, labor and hardware costs. This drastically reduces the ROI on their SharePoint investment.
Subscribe to our RSS Feed 
Follow Us on Twitter 
Find us on LinkedIn 