ENTERPRISE SECURITY SERVICES PLATFORM
MELBOURNE, March 17, 2015 – Australian information security software and services organisation, Berkeley has launched a packaged software solution which enhances the management of data security within enterprise use of Microsoft’s popular SharePoint application.
Based on its experience in securing sensitive shared defence information for over 15 years, Berkeley’s Enterprise Security Services Platform (ESSP) adds unprecedented levels of information and access security to the collaborative functionality of SharePoint.
As its core value proposition, this product addresses two of the key issues faced by information security managers – insider leaks and managing data classification and enforcement.
ESSP simplifies the management of an organisation’s SharePoint site so that documents are grouped based on their functional purpose rather than their level of sensitivity, making the implementation of complex access rights management processes much easier.
As a plug-in module to SharePoint, ESSP excels as an information security management tool for any public or private organisation that has a multifaceted hierarchical structure in multiple work-groups and that has sensitive data it needs to protect for strategic, privacy or commercial reasons.
Designed to work in any collaborative environment using SharePoint, it enables organisations to significantly reduce the risk of unwarranted access to work-group data as well as providing robust protection against the ever-present threat of insiders leaking sensitive information. According to Berkeley’s General Manager, Business Development, Mr Scott Marshall, ESSP is an easy-to-use, flexible tool.
“As recent high profile data breaches such as the insider trading rorts based on ABS data or Bradley Manning’s sharing of official US secrets have shown, the biggest threat to data sovereignty is often from rogue individuals from within the organisation who have authorised access,” Mr Marshall said.
“In managing access rights to data and preventing leaks, it is often difficult to establish the right mix of collaborative benefits in utilising effective ‘need to share’ tools while also enforcing the classifications of documents and data around critical ‘need to know’ security management protocols."
“ESSP allows information owners to decide precisely how widely or tightly a piece of information should be shared. As a simple example, a company-wide announcement would be shared across a broad audience, whereas papers prepared for discussion at a board meeting would need to be more tightly held."
“Out of the box, SharePoint allows administrators – generally specialist IT personnel – the ability to see all content in SharePoint regardless of the permissions assigned to it. We’ve stopped that with ESSP. An easy-to-use graphical user interface allows all content-creation, access and editing permissions in SharePoint to be managed at the work-group level as opposed to being the responsibility of IT administrators.”
Meanwhile, complexities around data classification and enforcement are also addressed by ESSP.
“Most SharePoint installations don’t have an implemented data classification capability,” Mr Marshall added. “ESSP prompts each posting of new content to specify who can see the data and for how long. This allows for an organisation to mandate a data classification scheme to be applied to every object in SharePoint and have that classification scheme enforced.”
Apart from the strengthening of data loss prevention processes and simplifying the classification of large amounts of shared data, one of the key benefits from this enhanced access rights management is the reduced burden on specialist technical personnel.
“In large organisations with large quantities of dispersed sensitive data in SharePoint, administrators would previously spend significant amounts of time designing, implementing and maintaining complex access structures for a sprawling array of disparate projects, content and work groups,” Mr Marshall said. “That complexity is reduced to automated processes that require content originators to define the boundaries and lifecycle of access rights through the easy selection of access rights and expiry dates for each staff member’s permissions.
“This automatically eliminates the potential threat of future irregular access from individuals who are no longer involved in the use of shared information.”
ESSP provides out-of-the-box compliance with the Australian Government Security Classification System (AGSCS) but it can also be easily customised to achieve alignment with alternative information governance frameworks.
By design, AGSCS compliance eliminates many of the nightmares large government agencies have faced in implementing complex rules to manage SharePoint sites to meet these mandated minimum requirements. For non-government organisations, an alternative security classification system can be readily plugged in if required, based on the customer's specific requirements.
Another feature of ESSP that very effectively protects sensitive data against theft and leaks is the capability to set up automated notifications which generate alerts when any unauthorised person attempts to illegitimately access or share a sensitive document either maliciously or accidentally. This matures data loss prevention from a reactive process to a proactive one.
“Typically, those in charge of information security have relied on forensic audit capabilities and thorough pre-appointment vetting of personnel to limit the risk of malicious insider leaks,” Mr Marshall said. “This, however, doesn’t provide the capability to stop leaks or thefts before they cause reputational damage, criminal advantage or financial loss.
“Risking being caught in the act of dishonestly accessing or sharing data serves as a substantial deterrent to perpetrators of this sort of crime.”
ESSP also provides a ‘No Lone Zone’ capability which means that nominated, highly sensitive or classified documents can only be opened by a user for a given period of time and only if a second authorised staff member also authenticates or grants permission.
Berkeley also has a team of specialist security consultants that can help customise the SharePoint solution to the exact requirements of individual organisations.
For more information on Berkeley’s Enterprise Security Services Platform for SharePoint see: https://www.berkeleyit.com/sharepoint/.