Utility Menu

The Growing Need for Secure Enterprise Search

Exploring Document Security and Secure Search Methodologies

Download PDF whitepaper

1) The shifting value of data
Over the last quarter-century, the value of companies’ intangible assets has grown to 80% of their entire market value, leaving tangible assets to account for only 20%. Physical and financial assets reported on a company’s balance sheet represent tangible assets while proprietary data (i.e., intellectual property, marketing plans) represent most of the intangible assets.

chart

With this shift in the value of information, there is no surprise that cybercrimals have also shifted the focus of their attacks. A 2011 joint report from Mcafee and Science Application International Corporation (SAIC) states that:

In the past, cybercriminals targeted personal information such as credit cards and social security numbers, which were then sold on the black market. Now, these criminals understand that there is much greater value in selling a company’s proprietary information to competitors and foreign governments.

For any organization, a breach of proprietary information can be detrimental. From loss of intellectual property, to leaked marketing plans, the losses typically hit both the bottom line and the company’s reputation. For example, Hewlett Packard announced its new tablet computer (an intended iPad rival) in early Feb. The event was much less successful than planned thanks to a design leak in January. The automotive industry has also seen its share of leaks. Renault suspended three executives in January for allegedly passing on the blueprints for electric cars.

2) Balancing security requirements with ease of access
It is quite challenging for most organizations to keep confidential data secured to only those users authorized to view it while simultaneously allowing access to public data. It is necessary to balance the requirements for security with ease of accessing the data. The Wikileaks breach is a classic example of the issues caused by competing needs. Because of rigid security within the government, it had been difficult for personnel in different branches of the defense community to get information from other branches. Once the data was made more widely available within the government, the risk of a security breach increased, and in fact occurred.

With the connection of most organizations to the internet, external security tends to be a major focus in the IT organization. Determining which content should be exposed to the outside world as opposed to which content is available only internally often ends up being a company’s security policies layered on top of a technology implementation.

3) Time as a dimension of enterprise search security
Time is another dimension of security that you must consider. In addition to forcing password expiration, organizations have to secure documents pertaining to current events (quarterly financial reporting, pending litigation, etc.) that need to be accessible to only a few individuals. Once a financial reporting period has passed, or a lawsuit has been closed, those restrictions may need to be reduced or removed completely. Furthermore, if your search caches results by providing a link to content that is no longer available, it can be difficult to ensure that time-based expirations for access are honored.

4) When to apply security: early binding vs. late binding
Security can be applied at the beginning of the search process, before the end user submits a query, or at the end, after the end user performs a search. These two methods of applying security are called early binding and late binding, respectively. With early binding, the search appliance crawls data at predefined intervals. As it crawls the data, eFusion connectors feed the search engine with metadata and the list of users and groups that have access to each file. This access control information is stored to be enforced at query time. When the end user submits a query, that information is applied, filtering out any restricted content before completing the search and returning results. In late binding, eFusion only feeds the metadata, but no users or groups. Once the end user submits a query, the search appliance determines who is running the query and impersonates them to test access to secure documents. If it successfully accesses the document, it will return the record to the user. Otherwise, the record will not be returned.

Late-Binding.jpg

early-binding

Early binding is much faster, but can be cumbersome to implement. Late binding will perform slower at query time, but is the preferable solution in an environment with complex security policies. eFusion connectors are built to provide ultimate flexibility by supporting both early and late binding.

5) The eFusion Solution
eFusion connects search appliances to a number of content sources (internal and external) securely. Our connectors are built to provide the ultimate flexibility in security by supporting both early binding and late binding. They are fast, flexible, and easy to install, configure, and use. To learn more about eFusion connectors, visit www.edatafusion.com or contact us at info@edatafusion.com.