By Tarun Khandelwal
Securing the enterprise cannot be an afterthought in the ‘new normal’ of business today — where demand for IT and business services increase while IT budgets are flat or decreasing.
By Tarun Khandelwal
As the IT focus shifts from that of rationalization and optimization to business service innovation and growth, it’s more important than ever for security to be at the forefront of any ‘new normal’ initiative to help secure the business service and enable the business for growth. Just as IT shifts from rationalization to business services, security must shift to become an enabler, not a barrier, to business growth.
This is particularly true as teams become more collaborative, and often extend from within and outside an organization. While collaboration tools can enhance productivity by making it easier to share information and work together, they also bring security concerns to the table and present the conflict of balancing productivity and business enablement.
Let’s look at Microsoft SharePoint as an example. There are more than 65,000 SharePoint customers. That equates to a lot of users working together and accessing a lot of the same data. As collaboration expands to extend information assets to suppliers and partners, and perhaps even to external customers, information security squads are challenged to better control identities and their access in order to secure information while providing detailed audit trails that can assist with compliance needs.
As these advancements and challenges continue to evolve and collaboration expands and grows, IT departments need a security strategy that manages information and controls access to it. This can be achieved using a layered, progressive security approach that helps enable, optimize and grow the business by improving employee productivity and reducing the risk of data compromise and non-compliance.
In the first stage, teams must consider providing core access security services such as simplified user sign-on with flexible mechanisms of user identification. The level of authentication can be correlated to the value of the assets being provided to users on these collaboration sites. Sites with information-heavy content can be protected using desktop (Windows Active Directory) credentials, while sites with more confidential information should be accessed using stronger methods of identification, such as two-factor or advanced authentication. Once signed in, users should be able to leverage single sign-on mechanisms such as federation based approaches to traverse the branches of the collaboration tree.
During the second stage organizations begin to optimize collaboration and security operations. Because not everyone should have access to everything, IT departments must dynamically classify shared information assets based on their content. Simply putting classification tags on documents will not work — data classification needs to be dynamic. As collaboration occurs, the data within SharePoint changes and data that once was not considered sensitive or classified may be modified in the collaboration process to where it contains sensitive information, such as intellectual property, financial information or credit card numbers. Now anyone with access to that SharePoint site has access to sensitive information — whether they should have access to it or not. This increases security and compliance risks. Dynamic classification scans documents and modifies their classification. This information can be applied at the time of access to help determine whether an employee who had access yesterday, when the document didn’t contain sensitive information, should still have access today now that its classification has been changed to “sensitive.”
Another stage — which really runs throughout — is to ensure good information and document retention policies and practices are in place. Businesses need to carefully consider how to handle the lifecycle of the information they are using in collaboration and find an efficient means to automate and manage the creation, use, storage, distribution and eventual disposal of information assets.
This SharePoint collaboration example is just one instance of how security and productivity can co-exist in an organization for greater business enablement. Using a solution that fosters collaborative productivity while improving data security through controlled access and data classification offers much more than the security benefits of reduced risk and streamlined compliance — it helps enhance business opportunity and growth.
Tarun Khandelwal is a Senior Solution Strategist for Security Solutions with CA Technologies in Canada.