The Security Risks of Enterprise Search

Wednesday, March 10, 2010 - Enterprise Systems, article by Attivio CTO Sid Probstein

Balancing the demand for security with access to the enormous volume of information in an enterprise presents great challenges for IT. Many enterprises want to empower their employees with fast, simple access to information and analysis. At the same time, security and compliance are a growing concern. A major issue is the dynamic nature of business. Every day, content is added and people change jobs or move between projects. In major reorganizations or mergers and acquisitions, massive changes may occur in a single day. Many enterprise applications, especially those powered by relational database systems (RDBMSs) provide administrative tools for managing access to information based on users’ permissions, roles, and associations (groups). The standardized, guarded environment of the relational database allows for this level of control.

Not all enterprise information can be generated and stored in a database. Some applications handle unstructured data (such as text and documents) that must use a different technology -- the search index. Designed and optimized for querying information of many types and formats, enterprise search software provides rapid answers to a huge range of queries.

This performance, however, comes at a price: most search indexes update slowly and inflexibly due to their document-centric nature. For example, updating a single field in a document may require reprocessing of the entire document. In many popular applications (such as Web search and public information portals), this is not an issue. Inside the enterprise, however, and especially in environments where multiple silos are brought together into a single index, this update challenge becomes problematic.

Click here to read the full article on Security Risks of Enterprise Search