Enterprise Search: Security Remains a Challenge
February 11, 2015
Download an open source enterprise search system or license a proprietary system. Once the system has been installed, the content crawled, the index built, the interfaces set up, and the system optimized the job is complete, right?
Not quite. Retrofitting a keyword search system to meet today’s security requirements is a complex, time consuming, and expensive task. That’s why “experts” who write about search facets, search as a Big Data system, and search as a business intelligence solution ignore security or reassure their customers that it is no big deal. Security is a big deal, and it is becoming a bigger deal with each passing day.
There are a number of security issues to address. The easiest of these is figuring out how to piggyback on access controls provided by a system like Microsoft SharePoint. Other organizations use different enterprise software. As I said, using access controls already in place and diligently monitored by a skilled security administrator is the easy part.
A number of sticky wickets remain; for example:
- Some units of the organization may do work for law enforcement or intelligence entities. There may be different requirements. Some are explicit and promulgated by government agencies. Others may be implicit, acknowledged as standard operating procedure by those with the appropriate clearance and the need to know.
- Specific administrative content must be sequestered. Examples range from information assembled for employee health or compliance requirements for pharma products or controlled substances.
- Legal units may require that content be contained in a managed system and administrative controls put in place to ensure that no changes are introduced into a content set, access is provided to those with specific credential, or kept “off the radar” as the in house legal team tries to figure out how to respond to a discovery activity.
- Some research units may be “black”; that is, no one in the company, including most information technology and security professionals are supposed to know where an activity is taking place, what the information of interest to the research team is, and specialized security steps be enforced. These can include dongles, air gaps, and unknown locations and staff.
An enterprise search system without NGIA security functions is like a 1960s Chevrolet project car. Buy it ready to rebuild for $4,500 and invest $100,000 or more to make it conform to 2015’s standards. Source: http://car.mitula.us/impala-project
How do enterprise search systems deal with these access issues? Are not most modern systems positioned to index “all” content? Is the procedures for each of these four examples part of the enterprise search systems’ administrative tool kit?
Based on the research I conducted for CyberOSINT: Next Generation Information Access and my other studies of enterprise search, the answer is, “No.”
In today’s business environment, Sony and Anthem are reminders that enterprise security is vulnerable. Breaches of government Web sites are all too frequent.
How do traditional keyword systems embellished with lipstick and eye shadow deal with the real life security tasks?
Again the answer is simple, “The vendors pass the buck.”
However, the next generation information access vendors take a different approach. The use of automated collection, analysis, and outputs that feed directly into dynamic security systems react in real time. The use of advanced algorithms and a range of other techniques operate as a force multiplier for secure access.
What companies provide NGIA systems? Many of the high profile enterprise software vendors assert that their systems deliver “secure search.” In fact, Oracle’s now quite Secure Enterprise Search System made security its focal point. The only hitch in the git along was that the licensee of an average search system was that the customer had to sign on for various security services, specialized software, Oracle defined procedures, and Oracle for fee consulting services. HP and IBM are taking a similar approach.
There are, however, a number of vendors who have leapfrogged the conventional approach to integrating information access and dynamic security. In the monograph CyberOSINT, you will learn about companies that represent the future of enterprise security for insider and outsider threats, point and click integration of highly specialized security routines, and robust, modern application programming interfaces to handle special situations.
If you run a query for vendors offering these NGIA solutions, you will find the familiar names; for example, Cisco. CyberOSINT provides:
- Profiles of NGIA security vendors
- Explanations of how these systems reduce risk
- The interaction of various content types to protect an organization’s perimeter and observe business and special situation requirements.
You can order your copy of CyberOSINT at www.xenky.com/cyberosint. As Chuck Cohen, lieutenant with a major Midwestern law enforcement agency and adjunct instructor at Indiana University, said:
This book is an important introduction to cyber tools for open source information. Investigators and practitioners needing an overview of the companies defining this new enterprise software sector will want this monograph.
Net net: Enterprise search requires additional work to comply with an organization’s security requirements. This work can adds significant costs to the first year deployment costs. NGIA systems arrive ready to configure and deploy, thus saving significant time and money.
Stephen E Arnold, February 11, 2015
Comments
4 Responses to “Enterprise Search: Security Remains a Challenge”
Asset tracker
Enterprise Search: Security Remains a Challenge : Stephen E. Arnold @ Beyond Search
Grove OK Dentist
Enterprise Search: Security Remains a Challenge : Stephen E. Arnold @ Beyond Search
Ian Leaf Fraudster
Enterprise Search: Security Remains a Challenge : Stephen E. Arnold @ Beyond Search
I agree completely that having good security can definitely be difficult. I think that it is very important to try your hardest to be sure that your business has good security. It seems to me that most businesses only think of building security, but in reality it is also really good to have computer security as well. I would love to look into this more and see what I can do to help secure my business information. Thanks for the great article.