We were recently engaged in a classic conversation at a research organization that does a lot of top secret work. You may have heard similar conversations where you work. It went something like this:
Person A: “We can’t let our people search repository X because that information is highly secure.”
Person B: “But repository X contains invaluable knowledge and to remain competitive, we need our new workers to find crucial tidbits from that captured knowledge contributed by our retiring work-force. Plus, we can add the security rules to our search engine so everyone only sees what they are supposed to see.”
Person A: “But the risk is too great!”
Person B: “What about the risk of losing work to competitors that share knowledge within their organization?”
Have you had that conversation at your workplace? If so, how did you decide whether to share knowledge and deal with the security risks, or to avoid the overt risks and leave the knowledge in difficult or impossible-to-access systems? Feel free to post your comments.
And why is it that we only worry about security risks sometimes? Isn’t it interesting to contrast the uproar about Google Desktop Search uploading your search index containing all your personal data to their servers with the lack of uproar about the same risks related to letting Gmail host your personal mail? Are we ok if the government or disgruntled Google workers can read our Gmail? Do we really just need to accept that software is inherently insecure, that there is no such thing as privacy anymore, and “get over it”? I really don’t believe so.
I believe most of us only worry about security sometimes because we are wisely extra cautious about new and unproven systems. We need to stand up and fight for security and privacy. We need to learn the security capabilities of our search engine, and use the capabilities offered while demanding the capabilities that are missing. In that context, I like it when clients challenge me on the ability of their search index to be “truly” secure. This gives me the chance to educate them about what security features their search engine does or does not support.
Let me quickly debunk some myths I’ve heard both from clients and vendors:
- Myth #1: Search engines cannot fully respect our custom security model.
- Truth: While many search engines are very limited in their support for custom security models, many other search engines are fully programmable and can thus support any security model.
- Myth #2: Search engine security will always be out-of-date.
- Truth: For most search engines, the timing of updating search indexes can be as frequent as you choose. When necessary, updates to security credentials can be reflected immediately within search engines.
- Myth #3: Security is built-in to the search engine, and automatically respected with no extra work required.
- Truth: As with any technology, the security within your search engine is only as good as the planning and testing you invest to validate the required level of security.
Ok, now that we’re past the myths, and ready to replace paranoia with planning, I’d like to do a high-level review of important questions to ask yourself about your search engine when you’re ready to consider adding secured content.
- Does your search engine support your security model?
- Will you use Early or Late-binding security?
then a question to ask if your users need to search across multiple secured data sources:
- Can your search engine support multiple security models simultaneously?
In my next post I’ll provide some detail behind these three questions and some guidance to help you find the right answer to each.