A Balanced Approach to Business Enablement and Information Protection for SharePoint

Businesses are often caught in the ineffective tradeoff of enabling employees to be more efficient and protecting sensitive organizational information. It’s the constant management of broad vs. restrictive information access policies. On one hand business processes run freely but sensitive information is exposed, while on the other hand information is protected but business is inhibited or simply can’t get done.


This problem is common across all corners of the enterprise, but it is pervasive when it comes to the SharePoint-centric organization. With SharePoint the issue of “balance” is front and center given its wide deployment, high user adoption and constant sharing of sensitive information.


SharePoint business process efficiency often comes with risky tradeoffs – especially as more users collaborate.  As more users are granted access to SharePoint, more sensitive information is accessed and exposed — often unknown to information owners and site administrators.  Even with good architecture designs, permission schemes and data management processes, sensitive information often finds its way into unintended locations as a byproduct of collaboration.  The result: sensitive information exposed to employees, partners and customers.  So as business efficiency improves sensitive data is exposed increasing overall risk to the business.  


Businesses need a solution that provides the best of both worlds – a balance of enablement and protection. CA Technologies can help meet these objectives through today’s announcement of its SharePoint Security Solution. The SharePoint Security Solution from CA Technologies enables the business to:



  • Efficiently and conveniently connect users to SharePoint resources;

  • Protect sensitive information through fine-grained content-aware access management; and

  • Reduce risk by controlling information throughout the entire SharePoint information lifecycle.

The key to delivering this capability is to take identity and access management to the next level and make it content-aware. CA Technologies is continuing to execute its content-aware IAM vision and has applied it to SharePoint through the integration of CA DataMinder with CA SiteMinder. CA DataMinder extends its content classification capabilities to CA SiteMinder policies and access control. As users attempt to access files within SharePoint, they find that access is no longer granted at the container level. Instead content classification is brought into the picture. So as data changes and becomes sensitive, CA SiteMinder access controls dynamically adjust based on the sensitivity of the content and the user attempting to access the content. No longer are policies too broad or too restrictive.


The result is the right user gaining the right access to the right content enabling businesses to be more productive while also being more secure. This is a balanced approach that supports the business while also supporting the demand for security.


 

The following two tabs change content below.

Tyson Whitten

Tyson Whitten is a CISSP with 10+ years of information security experience managing application, network and risk based products and services. In his current role he has responsibility for mobile and data protection solutions within CA Technologies Security Customer Solutions Unit. Prior to CA Technologies, Tyson held positions at Genuity, Guardent, VeriSign and SecureWorks. He has a BS in Information Systems and a MBA in Product and General Management from Boston College.

Leave a Reply