Writing under the nom de plume of Mathais Thurman, in his “Security Manager’s Journal,” Marthais opined on “The perils of enterprise search”. Mathais’s take away comment is “First and foremost, you have to make sure you don’t compromise the rule of least privilege.”
To those of you not that might not know, the rule or principle of least privilege is:
“The principle of least privilege (POLP) is the practice of limiting access to the minimal level that will allow normal functioning. Applied to employees, the principle of least privilege translates to giving people the lowest level of user rights that they can have and still do their jobs. The principle is also applied to things other than people, including programs and processes.” From http://searchsecurity.techtarget.com/definition/principle-of-least-privilege-POLP.
So how are POLP and enterprise search intertwined? One of the key goals of an enterprise search deployment is to index content from various enterprise repositories such as SharePoint sites, web sites, Exchange servers, file shares, and many others. If you do not take into account the security access rights of the various repositories, you might be surprised at what can be found using search.
To read the rest, go here.
No comments:
Post a Comment