Search and Security: Old Wine Rediscovered
July 20, 2011
There is nothing like the surprise on a user’s face when an indiscriminate content crawl allows a person to read confidential, health, or employment information. Over enthusiastic “search experts” often learn the hard way that conducting a thorough content audit * before * indexing content on an Intranet is a really good idea.
Computerworld’s new article “Security Manager’s Journal:The perils of enterprise search,” is an insight into the dangers of sloppy search parameters or what we call old wine rediscovered.
The author does a good job of addressing the security concerns that can pop up if an enterprise search is not well thought out.
If security concerns aren’t addressed, this is what you can expect: The IT team does some research, makes a choice, deploys the infrastructure and begins pointing it to data repositories. Before you know it, someone conducts a search with a term like “M&A” and turns up a sensitive document naming a company that’s being considered for acquisition, or a search for the word “salary” reveals an employee salary list that was saved in an inappropriate directory. In other words, people will be able to find all manner of documents that they shouldn’t have access to.
Thurman sites the ‘rule of least privilege’ or the rule that information should only be available to those who need to know of it. With enterprise searching, it means that queries should return only information relevant to the search and that the user is allowed to see.
All in all, a rather informative if redundant read that outlines a few security options and ideas.
What we find interesting is that such write ups have to be recommissioned. Not much sophistication in enterprise search land we fear.
Stephen E Arnold, July 20, 2011
Sponsored by ArticleOnePartners.com, the source for patent research