Archive for November, 2009

SharePoint and Protective Marking Systems

Wednesday, November 25th, 2009

In the past few years we’ve seen a number of countries and governments make classification and marking of government information mandatory. The first country moving aggressively in this area was the Australian government which adopted the Australian Email Protective Marking Standard in 2005. This standard required that all email generated by federal agencies be classified and protectively marked (text in the email subject line shows the classification). The stadard included all email, not just secret or classified material. This meant that all unclassified email also had to be classified. This resulted in an email environment where all government employees could quickly understand the sensitivity of the information they were handling, resulting in less inadvertant data loss.

The UK has also moved agressively in this area in recent years. The UK Protective Marking Standard is part of the UK government’s security policy. The Protective Marking System (often referred to as the Government Protective Marking System/Scheme or GPMS) is the Government’s policy to ensure that access to information and other assets is correctly managed and safeguarded to an agreed and proportionate level throughout their lifecycle, including creation, storage, transmission and destruction. Departments and Agencies must apply the Protective Marking System and the necessary controls and technical measures as outlined in the framework. The Protective Marking System comprises five markings. In descending order of sensitivity (HMG Security Policy Framework v.3.0 Oct 09) they are: TOP SECRET, SECRET, CONFIDENTIAL, RESTRICTED and PROTECT. The term ‘UNCLASSIFIED’ or ‘NOT PROTECTIVELY MARKED’ may be used to indicate positively that a protective marking is not needed.

The US is also finalizing a Presedential Directive called Controlled Unclassified Information that would require much of the US government’s unclassified information to be protectively marked.

SharePoint can assist in the classification and marking of documents to comply with Protective Marking Standards. A custom column called Classification can be added to SharePoint document libraries and lists and the user can be forced to classify the document when they are saved or uploaded into SharePoint.

In addition to classifying the documents as they are added to SharePoint, Titus Labs provides solutions which ensure full compliance with marking standards. Titus Labs Document Marking for SharePoint solution ensures that all documents contain the required visual markings (headers and footers) clearly indicating the classification of the documents. As documents are saved or uploaded to SharePoint, the Document Marking for SharePoint solution will automatically add the require markings to the document based on the value in the classification column. For instance, if a document is classified as Confidential, the software will place a "Confidential" marking in the header and footer of the document. The software will apply markings one document at a time, or in batch if several or hundreds of documents are added to SharePoint at once. This ensures that as employees work with documents in the SharePoint environment, the documents will always contain a protective marking, even if the document is removed from SharePoint and sent via email.

Titus Labs’ Metadata Security for SharePoint product provides additional security for information stored in SharePoint based on their metadata tags. In a Protective Marking environment, information can be secured and filtered in SharePoint based on the protective marking. For example, if a document library contains some Unclassified and some Confidential information, the Metadata Security for SharePoint product can ensure that only some users will be able to see the Confidential Information. Users not cleared for Confidential material will only see the Unclassified material when they access the document library. This solutions helps government agencies comply with the requirement that access to protectively marked assets is only granted on the basis of the ‘need to know’ principle.

Secure Messaging and Collaboration with Titus International

Tuesday, November 17th, 2009

At the SharePoint conference a few weeks ago, we announced a new training offering called "Secure Messaging and Collaboration" from our sister company, Titus International. Founded in 1994, Titus International is a professional services and training organization, focused on delivering security, information protection, policy management, and secure directory infrastructure solutions to public and private enterprises globally. Titus Labs was actually spun out of Titus International about 5 years ago, after our data classification products began to really take off in the market.

The new training course from Titus International addresses the deployment of Microsoft Active Directory Rights Management Services (AD RMS) SP2, Exchange 2010, SharePoint, and products in the ForeFront suite for the protection of digital information and secure collaboration. Here are just a few of the reasons why Titus International is particularly well-suited to deliver this training:

  • Titus International has over 1 Million seats of RMS experience and has led the architecture and deployment of the two largest RMS deployments in the world.
  • As members of the Microsoft Technology Adoption Program (TAP), Titus has worked closely with Microsoft on the Exchange 2010 release, including deployment of Exchange 2010 in our own production email system.
  • Our experience in developing SharePoint solutions enables us to provide insight into SharePoint business requirements and security risks.

Here is an outline of the course:

Module 1 – What is Secure Collaboration

  • Business drivers & risks
  • Solution
    • AD RMS
    • Exchange Server 2010
    • ForeFront suite of products (Unified Access Gateway (UAG), ForeFront protection products, Threat Management Gateway (TMC))
    • SharePoint
    • Data Classification

    Module 2 – Information Protection Overview

    • What is RMS and how does it work?
    • RMS Requirements and Deployment
    • Server and Environment (AD, Networking, etc.) requirements
    • Deployment and architecture considerations

    Module 3 – Secure Collaboration with Exchange Server 2010

    • Secure email collaboration using TMG (formerly ISA)
    • RMS and Exchange Server 2010:
    • RMS in OWA
    • Transport Rule Protection
    • Journal Report Decryption
    • Content Indexing
    • Pre-licensing

    Module 4 – Data Classification

    • What is data classification and why do it?
    • Data classification in Secure Collaboration solution

    Module 5 – Secure Collaboration with SharePoint

    • SharePoint and RMS

    Module 6 – External Collaboration

    • What is external collaboration
    • What is federation
    • What is secure remote application access
    • ForeFront UAG (formerly IAG)

    Module 7 – Federation with Exchange Server 2010 and SharePoint

    • The Microsoft Federation Gateway
    • Federation and Exchange Server 2010
    • Federation and SharePoint

    Module 8 – Wrap-up

    • Solution Review and Best Practices
    • Next Steps

    For further details on this and other Titus International courses, please contact us at