Seriously, are you authorized to see the information I’m going to present? Is there private, personal data in this document? Are your actions today putting your organization out of compliance with legally binding standards? Do you know this document’s provenance, i.e., the sequence of ownership, or more simply, if was it stolen? Should you, the casual reader, have to know the answers to these questions every time you find an interesting document?
The Security Problem: External and Internal Threats
One of the promises of SharePoint 2010 is that it is enterprise-ready. Among many other things, that means it should be capable of managing sensitive documents like personnel records, financial information and personal health data. Some categories of data, like health data, are protected by laws like HIPAA, which set out stringent document management guidelines and have significant penalties. An enterprise SharePoint environment must be in compliance or your organization is at risk.
External threats are well understood, and dealt with at multiple levels. For its part, SharePoint has a robust access control and authentication system, with rights definable down to individual documents and a sophisticated set of roles. This is a key security requirement for external threats
Internal threats are a different story, and not as straightforward to deal with. Specifically, internal threats are the risks posed by your own staff. By definition, you cannot eliminate all possible internal threats, but the goal is to reduce opportunity. Of course you can restrict roles and thereby limit direct document and library access. But that does not deal with actual theft, physical copying of data or other brute force attacks. You can secure your server room, but you have to anticipate the worst case scenario: someone gets access to your storage and makes a physical copy without being detected. Your data is gone, you don’t even know it and the perpetrator is in a position to do it again.
Encryption: The Final Line of Defense
Encryption is the gold standard of protection, the final line of defense against both internal and external threats. If your files are encrypted then they are unintelligible without access to the encrypting key. The security issue then comes down to key management, i.e., keeping the keys secure, which is a well-understood issue with various hardware and software solutions. As a result, encryption is a requirement for compliance with all security and privacy standards.
However, when it comes to encryption, standard out-of-the-box SharePoint is not in compliance. There is no encryption option with SharePoint at all, so to be compliant you must adopt some type of third-party system.
SharePoint Encryption Options
There are three fundamental ways of encrypting SharePoint data, each with its pros and cons.
1) Document Encryption: The author encrypts her document before uploading to SharePoint
Pros
- Effective: all documents are encrypted
- Flexible: you can use any encryption system, including ones you already have
- Encrypts remote BLOBS
- Encrypted documents are not searchable
- Doesn’t impact SharePoint performance
Cons
- Relies on users: depending on the system used, users may have the responsibility to determine what documents need to be encrypted
- Less central control of keys: various groups and individuals may have their own keys, or even their own encryption system
- No metadata knowledge: you cannot use metadata to determine encryption requirements
- No option to encrypt lists and metadata if desired
2) SQL Encryption: Transparent data encryption for Microsoft SQL Server encrypts the entire database, without the client being aware of it
Pros
- Everything encrypted without user knowledge
- Centralized management
Cons
- Performance: up to 30% overhead for highly utilized databases
- Encryption overhead incurred on the most expense and highly utilized system, the SQL Server
- Doesn’t encrypt remote BLOBs
- Limited criteria for determining what to encrypt
3) CipherPoint: Encryption integrated into SharePoint, configurable within SharePoint
Pros
- Encrypts only the document; metadata still available for searching
- Better performance: encrypt/decrypt only occurs at the point when a document is saved or opened
- Overhead incurred on the WFE, not the SQL Server
- Configurable by library within SharePoint
- Transparent to users
- Key mechanism automated and secure
- Encrypts BLOBS
Cons
- No option to encrypt lists and metadata (yet) if desired. CipherPoint says they are working on it…
What about RBS and EBS?
With SharePoint becoming a central document management system (among many other things), storage optimizations like Hierarchical Storage Management are increasingly necessary. The SharePoint solution is external BLOB storage: RBS (and EBS for SharePoint 2007). However, SQL-based encryption (TDE) has a significant limitation: it does not work with Remote Blob Storage. That means you have to use some other encryption scheme, possibly custom-programmed, if you want to take advantage of the performance and cost advantages of systems like StoragePoint (which is covered in another of our white papers). This problem is basically because of where TDE sits within the SQL processing stream. CipherPoint, on the other hand, encrypts the BLOBs within the SharePoint processing stream, before they ever reach the SQL Server. As a result the same transparent encryption methods and well-managed keys are used no matter where the BLOB ends up.
What to Do
Now that you have a overall understanding of the options available, you can start a high-level review of your organization’s requirements and current practices. As with all IT projects, choosing and implementing a SharePoint encryption strategy starts with planning. You may already have encryption in place for certain documents, along with compliance procedures such as audits and reports. There may be tradeoffs in cost and functionality to move those libraries to SharePoint and whether and how to encrypt other data sets. Every organization should have periodic reviews of their security and privacy controls to identify, for example, unsecured documents and the impact of adoption of new technologies like SharePoint. Finally, keep in mind that an encryption system is only as secure as its keys. Planning key management, including access rights, key management software and whether to invest in high-grade key protection hardware, will focus your efforts on the overall security situation and make the entire planning process easier to understand, resulting in a more complete solution.
You are invited to our January 20 webinar to learn more about SharePoint encryption!