Archive for 2010

« Older Entries

Protecting SharePoint Documents in a WikiLeaks-World

Friday, December 24th, 2010

In the second half of 2010, WikiLeaks has been in the media and top of mind for many people who are responsible for sensitive information. The world is well aware of the numerous data leaks made available on the internet over the past 6 months. These include over 70,000 log entries from the Afghan war, almost 400,000 log entries from the Iraq war, and the planned release of approximately 250,000 U.S. diplomatic cables spanning from 1966 to 2010. I imagine that many SharePoint administrators and corporate security officers are asking themselves, “what kind of sensitive documents are my users uploading to SharePoint and how much am I at risk of a similar data breach?”. Although the WikiLeaks breaches did not involve SharePoint, the concern is still very real and the risks are very similar for sensitive documents in SharePoint.
(more…)

Posted in SharePoint, SharePoint Document marking, SharePoint and PDF, SharePoint document conversion, SharePoint labeling, SharePoint metadata, SharePoint security | No Comments »

Metadata Navigation… and SPTechCon Boston Recap

Thursday, November 4th, 2010

I returned from SPTechCon Boston a little over a week ago, and I’m happy to say that it was a great show for us. Thanks to David Rubenstein and his team for all the organization that went into it.

We met a lot of great folks! Thanks to Bill English, Mark Miller (http://www.endusersharepoint.com/) and the guys from the Boston Area SharePoint Users Group for stopping by our booth. We received a lot of good feedback and hope to talk to you all again soon.

There were some great keynote speeches and quite a few good sessions. In particular, I enjoyed listening to Ruven Gotz who had some very good talks on Metadata and how it can be used in SharePoint 2010. You can find his SPTechCon presentation decks at Ruven’s SharePoint Blog. His session on “Metadata Management with (Oh No…!) Folders in SharePoint 2010” had some really useful info on how default metadata values can by populated from folder names into which you upload documents, on SharePoint’s routing capabilities and on how to configure SharePoint 2010s ‘Metadata Navigation’ feature.

I’d like to focus on Metadata Navigation in this post and provide another example around some of the stuff that Ruven talked about. This is a great new feature in SharePoint 2010 – it allows users dynamically filter views on a list/library by selecting from a managed list of metadata terms that SharePoint displays on the left side of the browser. Let’s look at how it’s configured and used.
(more…)

Posted in Document Classification, SharePoint, SharePoint 2010 News, SharePoint metadata, SharePoint security | No Comments »

InfoPath Form Security in SharePoint… See you at SPTechCon Boston

Wednesday, October 20th, 2010

I just landed in Boston for the SPTechCon conference, and I wanted to post some great news about Titus Metadata Security for SharePoint now being able to work with Microsoft InfoPath forms in SharePoint. If you happen to be attending SPTechCon or are in Boston over the next 3 days (Oct 20, 21 and 22) come check out us out at the show – you’ll find us at booth #404. Also, I’ll be doing a ‘lightening talk’ about our products just after 5:30pm tonight (Oct 20, 2010) in Ballroom D – there will be lots of presenters at this, and apparently I go on at exactly 5:37pm.
(more…)

Posted in InfoPath, SharePoint, SharePoint 2010 News, SharePoint metadata, SharePoint security | No Comments »

Metadata, metadata, metadata…

Friday, October 8th, 2010

Phew – it’s been a busy couple of months here at Titus. Just sitting down to catch my breath and write this blog posting so you won’t think we’ve forgotten about you!!

In a nutshell – we just moved into a larger office space (we ran out of space at our former location – always a good thing!) and we’re heading off to SP Tech Con in Boston from Oct. 20-22. Busy, but exciting times for the SharePoint team!

To go along with all of this ‘physical’ movement and excitement, we are also making some pretty exciting ‘moves’ with our SharePoint products as well! We’re making some changes to our product suite which we’ll be chatting with folks about at SP Tech Con. Our biggest news focuses on our Document Marking and PDF Control for SharePoint pieces which we will be merging to create our new ‘Document Policy Manager for SharePoint’, allowing you to easily mark and handle sensitive documents. One of many things worth stopping by our booth to see at SP Tech Con!

A key area that keeps coming up in conversations has been the debate over ‘metadata’. Originally, in the case of leveraging existing metadata to create security within repositories using our Metadata Security for SharePoint product, it has typically been a daunting task for administrators to wrap their minds around the concept of having to populate fields and fields of metadata in order to leverage it for multiple uses if they have not set their environments up that way already from the ‘get-go’. Times have changed.

The general feedback from our customers in the last few months has been that metadata will be the most important thing they focus on building out in their SP2010 environments and their 2011 FY tasks and activities.

Re-use your metadata – don’t try to re-invent the wheel. When metadata can be leveraged for security and control over documents, workflows, restricted classifications, etc, it brings value to the entire environment. Some SharePoint administrators I spoke with almost a year ago were saying they would probably never leverage metadata, so our products weren’t a fit. Ten months later, they are trialing our products, leveraging metadata companywide and have become the ‘Metadata Evangelists’!

The key point here is to use your metadata. Regardless of what you are using it for, just USE IT! It will come back time and time again to prove its value, and like I said earlier, you won’t be re-inventing the wheel. SharePoint is designed to make lives easier and make sharing easier. No one considered the administrators that had to make that all happen seamlessly ‘behind the scenes’. Metadata is your secret weapon, so take some time to acquaint yourself with it if you have not already – you’ll be thankful you did!

In order to help you use metadata for as many things as possible in your environments, we have some exciting changes coming to our Metadata Security for SharePoint product. Keep an eye out for that, and come by and see us at SP Tech Con Boston for a sneak peek into these new and exciting product developments at Titus.

Looking forward to seeing you all in a couple of weeks!

-Jennifer Lalumiere

Tags: , ,
Posted in SharePoint, SharePoint 2010 News, SharePoint Document marking, SharePoint and PDF, SharePoint metadata | No Comments »

Managing Document Security with SharePoint 2010 Managed Metadata

Thursday, September 30th, 2010

A lot of companies are starting to use SharePoint 2010 Managed Metadata Service to add meaningful metadata to the documents. This metadata can then be used for search, retention, or to help them manage security of their SharePoint documents.

Before SharePoint 2010 was released this was hard to do on an enterprise basis. It was always possible to add site columns or content types to sites, but it was difficult to distribute these across SharePoint farms and sites prior to SharePoint 2010. With the new Managed Metadata Service an organization can easily define an enterprise metadata term store and have that used across all SharePoint farms in the organization.

In addition to adding metadata to SharePoint 2010 documents using an enterprise term store it is now possible to automatically add permissions to documents as they are being created based on the terms (metadata) assigned to the document. More on that later, first let’s have a look at how to setup the Managed Metadata Service.

Setting up Managed Metadata Service can be a little complex. It seems like you have to set this up in 3 or 4 different places before you can get it working. It took me a while to get this working. In terms of the different steps you need to go through to turn on Managed Medata Service and define a term store I found this a useful blog:

Setting up Managed Metadata Service

Once the Managed Metadata Service and Term Store is configured, we can start to use the terms in our Document Libraries. This can be done in a number of different ways, but the easiest way is to create a new column of type Managed Metadata in your document library. When creating the column select the Managed Metadata type. Then you get prompted with the screen below which allows you to associate a term store with the column.

In this case we’ve added a column called classification. Once we’ve added the column we can prompt the user to select the metadata every time a new document is created or uploaded.

Ok, now we have our documents and the associated metadata. Next we want to automatically add security permissions to the documents based on the metadata tag assigned. For example, if a tag of PUBLIC was selected for the document we can allow everyone to have Read access. If a tag of CONFIDENTIAL – LIMITED DISTRIBUTION is assigned we can assign Read permissions to a specific group, perhaps the Managment team. This can be done using the Titus Labs Metadata Security for SharePoint product. The most recent release of this product (V2.1) fully supports SharePoint 2010 Managed Metadata Service.

In addition, for very sensitive information some customers have deployed the Microsoft Rights Management addon for SharePoint. This allows DRM permissions to be assigned to documents as users open them or remove them from a SharePoint library. Using Metadata Security for SharePoint, the permissions automatically assigned to documents will be used by Rights Management to assign appropriate DRM permissions.

Have more questions on how to secure SharePoint 2010 documents or items. Let me know and I’ll see if I can help…Charlie

Posted in SharePoint | No Comments »

Preventing Document Leaks – How SharePoint Metadata Helps

Thursday, August 26th, 2010

Many organizations deal with sensitive information daily. Generally this type of information should be well secured, however, the need for immediate access to information, as well as the need to share information internally or externally, has created an environment where sensitive or confidential documents may be accessible to a large number of people. Widespread access can pose serious risks as there is a greater chance of some individual exposing the information. In addition to IT security infrastructure and physical security, organizations require policies which restrict access to confidential information to only those individuals that truly require access. The challenge arises in applying such policies quickly and consistently to the vast amount of confidential information being created every day.

The most recent example of a serious security leak, in July of this year, involved a massive document leak of over 91,000 records covering the U.S. led war in Afghanistan from 2004 to 2010. This set of records is referred to as the Afghan War Diary and a subset of approximately 75,000 records was made available to the public on the WikiLeaks web site. The reports, written by soldiers and intelligence officers, describe lethal military actions involving the United States military, but they also include intelligence information, reports of meetings with political figures, and other sensitive details. Although these reports were stored on the U.S. secret secure network named SIPRNet, which is physically separated from all other networks, a large number of people had clearance to access them. As a result, these reports were extracted from the system’s repository and made public to a worldwide audience.

To illustrate how widespread this access is, consider that currently in the United States of America there are approximately 854,000 people, more people than the population of San Francisco, that have top secret security clearance (source: Washington Post Investigation: Top Secret America, July 19, 2010 – http://projects.washingtonpost.com/top-secret-america/articles/a-hidden-world-growing-beyond-control/). This means that a large part of the population has access to America’s most closely guarded secrets. With such a large group of individuals having access to large amounts of classified information, the likelihood and risk of leaks occurring is very high.

Securing Information from Widespread Distribution

The first step in securing information is to understand what information is truly sensitive and what information can be freely shared. Information classification can be used to accomplish this objective. Information classification which embeds metadata into an email or document provides intelligence which can automatically result in additional security, such as controlling permissions, or applying encryption.

The second step is to automatically assign security permissions to documents or information based on its classification metadata, with the purpose of controlling access. These permissions are used to narrow the audience for this sensitive information. This second step results in an easily enforceable classification-based security strategy for controlling access to sensitive information.

Tools such as Titus Labs Message Classification and Document Classification can be used to accomplish the first step. These are user-based information classification tools that embed classification metadata in emails and documents, in addition to applying visual labels and markings.

SharePoint is often used as a collaboration point in environments where information needs to be shared. But storing documents in SharePoint with their associated metadata does not guarantee lower exposure of the information. We still need to be able to assign more restrictive permissions to the information stored in SharePoint based on its classification. Special security permissions can be configured in SharePoint using item level permissions, but the definition and configuration of item level security must be done manually which is slow and error prone. Titus Labs Metadata Security for SharePoint is a security solution for Microsoft SharePoint Server that automatically applies security permissions to files based on the file’s metadata. Automatically applying permissions based on classifications and caveats results in a controlled and more restricted audience being able to access documents, thereby lowering the risk of disclosure.

Information classification and automatic assignment of permissions based on metadata provide a full featured solution to government, military and commercial organizations for sensitive information. This allows them to control the audience accessing sensitive information and prevent inadvertent disclosure of information or documents.

Technorati – 3WMDDJPKA264

Posted in Document Classification, SharePoint metadata, SharePoint security | No Comments »

SharePoint Folder Level Security vs Metadata Based

Thursday, July 29th, 2010

Well, I’m back from vacation. They do pass quickly. I’m caught up on my email, so time to get back to the blog. We’ve recently been doing some work on folder level security so I thought it would be a good topic for this week’s post.

There have been many blogs written on the use of folders vs metadata to organize lists and documents within Microsoft SharePoint. Many SharePoint experts believe folders should not be used. For example, this blog by Chris Poteet “The Folder-Less SharePoint Paradigm” discusses many of the reasons why folders are not usually recommended. In this blog, SharePoint Folders vs Metadata, Eugene Rosenfeld takes a more objective viewpoint pointing out the benefits of both approaches.

One of the sections Eugene uses for his comparison is Security. He notes that security can be applied at the folder level, but cannot be applied based on metadata. This is true in the base SharePoint product from Microsoft. With the addition of the Titus Labs Metadata Security for SharePoint product, we can use metadata to build security permissions. So security would not be a disadvantage for metadata when doing a folder vs metadata analysis.

My intention was not to get into the metadata vs folder debate in this blog. What I wanted to cover is how folder level security works, and how this can be automated via metadata. First of all let’s look at how basic folder level security works:

  1. Open the list or library that contains the folder for which you want to set security.
  2. Click the drop-down menu to the right of the folder, and then click Manage Permissions. The displayed Permissions : page displays all users and SharePoint groups with permissions to the folder and their assigned permission levels. In addition the page description describes the inheritance status for the folder. If check boxes do not appear next to the user and group names on the Permissions page, permissions are being inherited from a parent (list or document library).
  3. If your folder is inheriting permissions, you must first stop inheriting permissions to edit permission levels. To do this, on the Actions menu, click Edit Permissions, and then click OK to confirm.
  4. Select the check boxes for the users and SharePoint groups on which you want to edit permission levels.
  5. On the Actions menu, click Edit User Permissions.
  6. In the Choose Permissions section, select the permission levels you want, clear those you do not want, and then click OK.
  7. Repeat for as many users and groups as you want.
  8. In order to add additional users or groups, click the New menu, and select Add Users
  9. On the Add Users screen, type inthe name of the users or groups you want to add permissions for, and indicate what permission levels you want them to have.
  10. Click OK to finish.

The above process would need to be repeated for every folder for which you want to manager permissions. Now let’s look at how you could automate the same thing using metadata.

Using the Titus Labs Metadata Security for SharePoint product you can build rules to automatically assign permissions based on metadata. For example, we can build a rule that says “For all documents tagged as Finance, assign full control to all users in the Finance group. Remove permissions for all other users”. Here is a screen shot of what the rule would look like in the Titus Administration tool:

Metadata security rule for automating file / folder permissions

These rules can apply to all files or only files within a folder. In addition, these rules can be applied across multiple folders so that you can automate the assignment of permissions across many folders at once.

The benfits of using metadata to assign permissions are:

1) no need to manually define permissions in a folder

2) defining a single metadata rule can set all folder / file permissions

3) metadata rule can span folders so no need to repeat work for each folder

4) changing the security is as easy as going in and changing the metadata rule. All permissions will be adjusted automatically.

Cheers, have a great week…

Posted in SharePoint | No Comments »

Titus Labs pays a virtual visit to the Baltimore SharePoint User Group

Tuesday, June 22nd, 2010

On June 17, Titus Labs had the opportunity to present to another active SharePoint User Group – the Baltimore SharePoint User Group (BSPUG).

This was a milestone meeting for BSPUG as they celebrated their third anniversary. It is powerful to see groups like this who have been growing stronger and stronger over time. I had the pleasure of meeting Eric Harlan, Founder of the BSPUG, in NYC when we did both had the opportunity to present at the NYCSPUG’s meeting in April.

One of the purposes of these meetings is to educate users and create buzz around SharePoint security among those who deal with SharePoint each and every day. No one knows SharePoint better than the developers and admins who live and breathe it in their organizations’ SharePoint environments. We often see administrators initiate conversations with us on ‘how to protect sensitive information in SharePoint’. Some of this may be ‘tasked from above’ within the organizations, but more often than not, it is the SharePoint admins who see the inconsistencies in their repositories and potential for data leakage. This raises the red flag in their organizations.

Ideally, the best time for any software organization to come in and pitch their products is after a major data leak when the pain is fresh within the organization. However, we have seen a shift in that thinking, with more and more organizations realizing the importance of addressing issues and being PROACTIVE about protecting sensitive information. The SharePoint admins drive this thinking as they have the true scope and understanding of the weaknesses within their SharePoint environment, and more often than not, are looked at within their organizations as being responsible to fix it and manage it.

It is interesting, having met with various SharePoint Users Groups within the US, that the questions posed are different in every case – the use cases are never the same. This to me reiterates the need to get out there and thoroughly understand each infrastructure and specific SharePoint use in various environments.

Some of the key points covered off in our Q&A session with the BSPUG group included:

  • Where do these products install?The SharePoint security products are all installed at the server level.
  • If a user searched for content in specific documents that they do not have access to by using Titus Labs Metadata Security for SharePoint, what kind of search results will they receive?Upon search of content or specific file in SharePoint, the user will receive results that include ONLY the files they have permissions to see, regardless of content.
  • Can groups be pulled from AD to populate the permissions for Metadata Security for SharePoint?Yes. That was a ‘must’ for us upon developing the product – leveraging the existing AD to make things automatic and straightforward for administrators. You can, of course, add separate groups or users manually to SharePoint, but most customers simply leverage AD.

Lots of activity with SharePoint in Baltimore, across the US, and even globally. We will continue to engage with groups like BSPUG to educate users on the advantages of securing sensitive documents in SharePoint, and to get their feedback on their best practices and on what we can do to help.

-Jennifer Lalumiere

Tags: , ,
Posted in SharePoint, SharePoint metadata | No Comments »

Using File Classifications to Set SharePoint Security

Friday, June 11th, 2010

Many organizations have security initiatives underway to classify their information. This can include information like Microsoft Office documents, PDFs and other file types. Once the infromation has been classified, the enterprise can use the classification metadata to make sure that the information is properly protected. Government and military organizations have been classifying information for decades, but classification of information is now being adopted in commercial organizations. Finance is a vertical where classification of information is quickly taking hold. Financial organizations typically deal with a lot of customer / privacy infromation that must be protected. There are also a myriad of regulatory compliance issues which apply to financial instritutions mandating them to protect (e.g. insider information) certain information.

Many organizations use a very simple set of classifications such as PUBLIC, INTERNAL, CONFIDENTIAL. Information can be classified in a number of different ways. Getting the user to classify infromation on creation (enabled by products like our Titus Labs Document Classification) is one way. Using an automated approach to classification such as the one offered by the Microsoft File Classification Infrastructure is another way. Both approaches have advantages and disadvantages. Automated approachs will never be as accurate, but they are useful for older already existing files.

Now we get to the SharePoint part. Wouldn’t it be great to be able to automatically have SharePoint permissions assigned to documents based on their assigned classification? This is exacatly what some of our customers have asked us for. Once the infromation has been classified, the application (in this case SharePoint) should be able to leverage the classification metadata to protect the information automatically. You shouldn’t have to set the permissions manually once the information has already been classified. The classification metadata created by both the Titus Labs Document Classification application and Microsoft FCI can easily be transferred into SharePoint. All you have to do is create a custom SharePoint column called Classification, or whatever the classification property is called, and when a document that has been classified is uploaded into SharePoint, the classification metadata will appear. Once the classification metadata is in SharePoint your library might look something like this:

Now that the classification metadata is in SharePoint all we need to do is set the permissions automatically based on the classification. This can be done using the Titus Labs Metadata Security for SharePoint product. Using the product we can build metadata security rules. For example we can build a rule that will assign read permissions to only the R&D team when the document is classified as CONFIDENTIAL. Here is what the rule would look like in the Metadata Security product:

Metadata Security Rule for Classification CONFIDENTIAL

Once the rule is applied all current documents and all new documents saved to this SharePoint library that have a classification of CONFIDENTIAL will have the, R&D group Read permission, automatically assigned.

We can also assign metadata rules for the other classifications like PUBLIC and INTERNAL. Once this is done, all documents dropped into SharePoint will have security permissions automatically assigned.

Posted in Document Classification, SharePoint, SharePoint metadata, Windows Server FCI | No Comments »

Titus Labs visits the Sacramento SharePoint User Group

Monday, May 31st, 2010

Another great presentation to another great group – the Sacramento SharePoint User Group!

I had the pleasure of speaking to this group on May 20 and would like to thank them for allowing us to provide some background on Titus Labs, and on our SharePoint product line – Metadata Security, Document Marking and PDF Control for SharePoint .

The feedback at these events is always mutually beneficial. It allows us as a vendor to educate users on increasing security and protecting information in their SharePoint environments. And, on the flip side, it continues to provide us at Titus Labs with endless ideas on future releases, use cases and ideas for functionality that we can bring to our developers who are always ready and eager to hear customer feedback. What the people want, the people get!

Some key themes came up in the Q&A session after the presentation – SharePoint 2010 support; reporting; and how we license our products.

1)When will we support SharePoint 2010?: As Charlie mentioned in his posting on May 26, we are in the final stages of doing QA testing for our Metadata Security for SharePoint product for SP 2010 and hope to have a beta release in the next few weeks. Many questions were based on curiosity as most companies have not yet, it seems, made the migration over to 2010. They have it on the list of ‘projects’ for this summer, so knowing that we can support the Security functionality for them upon completion of those projects is a must.

2) Reporting: Reporting, Reporting: This is a favourite! We did build out a deeper report in our second release of the Metadata Security for SharePoint product that provides the tracking and ‘quick view’ of what users/groups have access to in what documents in the library. This becomes important for auditing purposes. We can do it now, and it will only get better. We are in the planning stages of our third release of the product and there is even more reporting there to quench the thirst of the SP administrators/executives who can’t get enough!

3) Licensing: We currently license the product by ‘server’ – this makes things straightforward and more cost effective for companies to invest. They know the price, and there are no surprises down the road as they add more and more content to their repositories.

If there is one thing we have learned in all of these presentations and “meet and greets” with customers, it is that no two company environments are exactly the same. Having the flexibility with Titus Labs SharePoint Security suite of products allows organizations to customize the tools to their own specific environments and that is the biggest struggle for companies trying to implement SharePoint Security – they need to maintain control, but have the flexibility to customize it internally. Titus Labs bridges that gap for them with our SharePoint Security enhancements.

I look forward to hearing more from other user groups out there. Perhaps a SharePoint Saturday event will be in the near future for Titus Labs!

– Jennifer Lalumiere

Posted in SharePoint | No Comments »

« Older Entries