Sharepoint Support of Encryption

Ok – Well I went to a session that said “Q&A with Sharepoint Architects – A Panel Discussion”.

So, I tried my question again (hoping for better results than my last attempt in the community lounge).

Question:

• I work in the financial services industry, and more and more of our customers are requiring that all of our data (primarily at rest) be encrypted.  We have a large investment in Sharepoint.  What options do we have in order to meet our customer’s security needs?

Answer:

• Use SQL Server 2008 (when RTM’d), because its Transparent Data Encryption (TDE) will encrypt the database at the disc level.  This should address the “data at rest” part of the issue.
• In order to address the transaction level security, use SSL between Sharepoint & SQL Server.

So, initial impression is that this may meet the needs for our customers, but will need to vet this out further with Speas.  Still need to work on how to prevent people from taking the data outa Sharepoint with them when data is not in a format covered by IRM.

FOLLOWUP:  So, What Exactly is Transparent Data Encryption in SQL Server 2008?

  Here’s the official verbiage from Microsoft:

“Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data “at rest”, meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.”

June 12, 2008 Posted by Andrew | Tech*Ed 2008 | encryption, sharepoint | 10 Comments

Forefront Security for Sharepoint

Current version of Forefront provides features like:

• Scans for infected documents and has content filtering solution (can tell if user attempts to upload .mp3 files that have been renamed to .mp5, for instance)
• Supports IRM protected docs & Open XML
• Supports blocking/filtering files based upon both size & type … block .mp3’s > 5 MB.
• Supports scanning of .zip files, detects prohibited file(s), removes offending file & re-zips package omitting the prohibited file.  (THIS IS PRETTY SLICK!)

Codename “Stirling”

• Focus is on more enterprise security and support for MOSS & Sharepoint v014 (next version)
• Unfortunately, no reference to support for encryption & sharepoint … obviously, not something within the Forefront space.

June 10, 2008 Posted by Andrew | Tech*Ed 2008 | antivirus, forefront, sharepoint, spam | Leave a comment