Note: This product review is a paid service by Joel Oleson. I hope you enjoy it.
Do you trust SharePoint? I know many who have been worried about all the migrations to SharePoint. So, many systems have been replaced and shut down in realizing the dream of having a centralized document management system that meets the needs of the masses. SharePoint has become the place for common file sharing, intranets, departmental portals, and applications that meet the common needs of the business. Year over year the platform has become more trusted and relied on by the business. Now it's not a matter of small teams using it or for public workforce documents, but now much more budget planning, financial records, and actually it's data that needs compliance enforcement. What compliance do you need to support: SOX, HIPAA, PCI DSS, PII, HR, Legal, Financial and dozens of others based on the department, industry, country, region, and sensitive nature of the data? Now we're talking about enforcement you're not going to get out of the box. While SharePoint 2013 may have promise for eDiscovery and more granular information policies, there remains to be any movement on real compliance options for treating data differently with options of enterprise-level encryption and real retention that provide hard and fast security measures that can be managed centrally by a security or compliance. How do you lock out the SharePoint admins, for example? Why can't you add a group and deny an individual? You can do that in file shares? What happens when you migrate those permissions? How do you address concerns about who really has access to the data stored in a given site?
Figure 1: CipherPoint Management Interface
Overview
CipherPoint realizes that some departments have data that they don't want IT or their SharePoint admins or SQL admins to see. Adoption of SharePoint stops when HR, for example, is worried about the SharePoint admins, the SQL admins, and Backup admins looking at payroll and benefits data. CipherPoint was built on key design goals of making it mistake proof. Key design goals are 1) End users do not have to make security decisions 2) No client deployment.
Let's build a simple interface, so those users who manage permissions can't accidentally add a user who is a contractor, for example.
HR had concerns about moving data to SharePoint due to security exposure with information in softcopy where DB admins could see data. Design goals are to make it mistake proof. It has to be simple, reliable, and trusted. Business doesn't want to have to trust end users, they want to set up rules that are simply enforced.
Design Principles:
- End users not to have to make security decisions
- No client software deployment
- Encrypt the data with no backdoor ensuring no admin access to the data
Figure 2: The CipherPoint Architecture
CipherPointKM is the admin console/interface that is typically installed on a server outside of the SharePoint farm. It scales as you add additional SharePoint web front-end servers, allowing you to manage your policies and accesss control lists, and to create rules, policies, and manage keys through a single interface to control all of the servers. This will tell the CipherPointSP agents referred to as SPs to encrypt and decrypt, enforce access controls, and include levels of activity logging. These agents sit on the web front ends, NOT in central admin. CipherPointSP is a windows service installed on the web front end, which is the enforcer. The encryption and logging are transparent to the user. A user wouldn't know that the data he/she is uploading or adding through the various lists is automatically being encrypted on the fly as it is being stored. Data that is encrypted is only available to those who have the rights defined in CipherPointKM, again depending on the rules.
Figure 3: Data Attempted to Be Read by Someone Where the Data is Encrypted and Not Decrypted
Figure 4: CipherPoint Policies and Encryption Levels are Managed with Different Policies
The powerful options are your ability to define how often keys are changed and how long to retain keys. HR data may be kept encrypted for two years and legal for seven and so on. Essentially, the rules defined in CipherPointKM override the rules in SharePoint. SharePoint permissions may allow a group to access a site, but these are prone to mistakes or getting changed. From Cipherpoint, you define rules for your most sensitive libraries with rules of access enforcement of encryption.
Here are a few examples of what you can do.
- Policy Access Controls – provide access by policy
- Block admins – simply block administrators and honor the SharePoint security
- None – honor access controls and just encrypt
- Specify users – Access control list plus SharePoint ACLS
- Either Inclusion or Exclusion – Ability to Deny specific users or allow specific users or groups access to data
Figure 4: CipherPoint Logging
Ultimately, it simplifies encryption and key management, with the simple ability to block your admins. Users want more security on their data. What often happens is departments either stop trusting IT and want their own farm, or they complain enough and IT decides to build another farm… the secure farm. CipherPoint is designed to allow you to manage your rules so you don't have to split your farms. From a security perspective you could do vendor and partner management on the same farm as your intranet.
CipherPoint can be managed by the SharePoint architects, security, or a risk and compliance team, but it is usually a technical team. The CipherPoint logs share what's happened to configuration in the console as well as what happens in those lists and libraries regarding encryption, and security permitted views or denied views of items. As one would hope, if someone changes settings or configuration in CipherPointKM regarding security in the admin you can see in the easy to read activity logs what changed.
My Experience With CipherPoint
You could probably tell as I explained CipherPoint that I do have experience getting pushback from the business in relation to storing SharePoint data. In the past few years I've seen more and more adoption from HR, Legal, and Finance. As well, healthcare has been moving data to SharePoint in droves. It's not unusual to see Legal business, as well, moving their data to SharePoint for managing contracts and doing basic CRM for small and medium business. As a result I've also been part of recent audits where the weaknesses of out-of-the-box SharePoint are tried. One such recent audit asked us to separate the unclassified data from the classified data. Highly classified data, while not excluded from SharePoint, is being asked to be further and further from the public DMZ and have multiple layers of firewalls… and, oh yes, encryption is requested or required.
Building farms that provide layers of security, like the extranet and those with highly confidential data has also been something driven in the past. Often it was licensing that drove the splitting of farms. Rarely is it data driven these days, but security has on multiple occasions driven me to consult on splitting farms. The cost involved is high as hardware is duplicated and operational costs go up. I have definitely been interested in what I've seen here, but not sure I would consolidate the public anonymous web apps, extranet farm and so on, with the intranet and other departmental portals.
Most recently I've been pushing compliance through site classification, and in dividing the workforce public sites, the internal team sites, and highly classified sites. This project will get me to a state where data encryption will be required. I'm finding more and more that Finance and other departments don't want to create separate site collections or even separate webs for their data. I imagine a state where HR and Finance would define their own policies and block admin access.
Challenges and Opportunities
I've been impressed with what I've seen in CipherPoint. Being able to block admins out of the data is awesome, and I really want that. The encryption features are incredible to see at work, but I was surprised to hear that you couldn't enforce encryption at a site or site collection level. You must choose the lists and libraries and can't set up a rule to discover new libraries and have it automatically apply the policies. In my experience, that level of granularity may work for specific applications but is labor intensive for larger environments. Granularity is too low, but potentially with a combination of SQL database encryption and these more granular rules for encryption it could meet the needs.
In my explaining my preference of having encryption at a site collection level, they told me that the product is capable of this level of granularity but they need to run the performance tests necessary to inform customers as to the additional resources needed to maintain system performance when applying less granular rules across large amounts of data. In SharePoint 2010, Farm Administrators do not have access to content by default but they can easily get access if they want it. There are other administrator and service accounts that do and will always have full access to content in SharePoint such as the Site Collection Administrators. Also, any account with database owner (e.g. SharePoint install account) has implied permissions over the database. Unfortunately, the information policies in central admin can force users or groups to have explicit access and can enable and disable those policies at will. There are needs for auditing that's happening in this space where understanding exactly what was viewed and who changed a policy to allow that view and disabled the auditing.
More feedback I gave to CipherPoint was to have their features work with central admin itself. I'd love to see logging that audits include what changes happen in central administration. Today the audits are focused on activity requests to the secured data and the CipherPoint controls on that data as opposed to what configuration changes might be happening in the SharePoint environment, such as information policy or audit changes in central admin.
Conclusion
CipherPoint meets a very important need. CipherPoint's products are in use at some of the most secure SharePoint deployments in the world, including financial, government, military, and intelligence customers. Those who are looking to take SharePoint to the next level and provide more of the compliance and security requirements and looking to keep the SharePoint, SQL, backup, Domain Admins, and so on out of the most sensitive data will be pleased to find CipherPoint as a solution up to the task.
The friendly CipherPoint folks understand compliance and security needs. They have a great quick demo and are happy to understand your needs. Visit CipherPoint here to request a trial, or contact them at info@cipherpoint.com to talk about their products or to schedule a demonstration.
This product review is a paid service of SharePointJoel.com voted by the community as Top SharePoint blog and viewed monthly in over 100 countries worldwide. How did I do? Do you need your tool reviewed?