Supplementing SharePoint Governance with Adaptive Tooling – Security Labs Update

SharePoint governance, throughout the various versions of the product has remained a difficult concept and technical task for organizations to tackle. Part of the fundamental problem with SharePoint governance arises from the lack of adaptive tooling within the product to provide organizations with a logical path towards genuine Enterprise Content Governance (ECoG). Organizations are encountering dire needs to lower operational costs while maintaining a competitive edge through controlling and properly structuring content, optimizing their existing investments while improving corporate efficiency. As a side effect of this action, compliance issues can be managed and maintained, as well as the overall footprint of the SharePoint effort is increased.

How does one define what SharePoint ECoG truly is? Simply put, SharePoint ECoG is making certain your organizational content in SharePoint is logically structured, controlled, managed, and secured with the ultimate end goal of:

  • Reducing Total Cost of Ownership (TCO) of the SharePoint information architecture
  • Minimizing exposure to compliance risks
  • Increasing worker productivity
  • Guarding the organization’s key knowledge assets

While all of these goals are crucial when determining the effectiveness of a SharePoint governance strategy, it is also important to maintain a consistent focus on maintaining reasonable content quality that has the appropriate security mechanisms in place.

The balance between the content budding that SharePoint often cultivates while keeping within the constraints of compliance (both internal, as well as external) is a fundamental issue that organizations face with successful SharePoint deployments. Atomic content growth, when unchecked, can cause a multitude of user evident issues such as content not being able to be found, immediate impact on storage, and an assortment of security concerns.

ARB Security Solutions Approach

In order to solve this dilemma, the ARB Security Solutions is in the final testing of the only tooling designed from the ground up as a security and governance platform. The GovernanceCenter for SharePoint™software package tackles governance issues using acclimatized security remediation processes that have been designed in the field by SharePoint security and governance integrators. Nearly 75% of the organizations that have been testing the GovernanceCenter for SharePoint™platform have discovered redundancies and malformed security settings that have the potential to cause operational and financial issues. Coupled with increasing regulations around collaborative storage environments, means to reduce their impact upon a business is bound to be of great financial and user benefit.

Providing the means to take a security model and apply it to an entire SharePoint environment, the GovernanceCenter for SharePoint™software suite tackles regulatory and corporate governance requirements by managing the security and disposition of information. The information governance capabilities built into GovernanceCenter for SharePoint™have helped ARB Security Solutions customers meet requirements for Sarbanes-Oxley, HIPAA, document retention and business continuity. The SecureCenter governance framework delivers seamless and holistic security governance within your environment while increasing service quality. It improves service cost management across service delivery channels, operational SharePoint support systems, and business support systems.

To find out more about how the security integrators at ARB Security Solutions are improving governance in SharePoint 2007 and 2010, please find more about our efforts in the labs.


SharePoint Claims Based Authentication Architectures Explained – Part 1 – Intro To Claims Architectures

You will find that the internet offers plenty applications that are interactive. This allows users to be able to access them simply by reading a hyperlink in text and then clicking on it. When this process is initiated, the information they seek more about will come up. The reader anticipates that the websites are going to monitor who is logged into them and for how long. No one wants to have to put in their password over and over again to be able to benefit from such a process though.

Instead they want to be able to enter it once and then to access any of those company based applications from it. It is very important for any such development that is created for the web to be able to support this need from the user’s point of view. It will be referred to here as a process called single sign on. You may hear it referred to out there though as passive federation.

Many people have had experienced with the world of Windows, and that is a single sign on concept that they use. Once you have logged in with your password the first time that day you will have access to all of the resources that are part of that hosted network. Windows is able to authenticate that password for each entity you wish to access. This is why you can avoid having to type it in again and again.

Kerberos is extremely popular but that has also resulted in it losing flexibility as a cross source. The domain controller is the one that has the keys to all of the resources that people within a given organization are able to access. There are firewalls in place that carefully guard such activities. When you aren’t at the office, you can access them through a VPN to the corporate network connection.

Kerbos isn’t very flexible when it comes to the information that is provided either. Many people would love to see it include arbitrary claims including email address access. However, that isn’t something that you are able to find at this point in time. With claims though you have such flexibility present. You are only limited in what you can access by two things your own imagination and the policies that your IT developers for the business have in place.

There are standard entities in place that allow you to cross different boundaries in terms of security. This includes both platforms and firewalls. They reason for this is that it makes it easier for it all to be able to communicate with the others. With this in mind, the application doesn’t have to verify the users.

Instead, the application needs to have a security token that is provided by the issuer trustee. When the IT department needs to increase security then the users have to use a smart card rather than a username and password for access. However, it won’t have to be reconfigured so that isn’t a time consuming process.

Even so, domain controllers will still be in place to offer security when it comes to the various resources of a given organization. There will be various issues for businesses to consider too. For example they will need to figure out how to resolve issues relating to trust. There are legal issues that have to be reviewed before entering into a contract with one is completed. You can be confident that claims based identity won’t change those needs that are already in place relating to such issues.

What will change though based on it is that there will be layers to the claims. Some of the barriers that are now in place will be removed. The result will be a single sign on solution that is also flexible for the needs of the users. Claims work is designed to be able to work within the security that already exists. It will eliminate many of the technical problems that are currently experienced.