Security: Crucial Component of Cognitive Search
Attivio has been at the forefront of secure search-based applications for the last 8 years. Using our patented query-time join capabilities we are able to store security information in the index separate from the content and use it to apply security filters automatically to ensure that end users only see the most relevant content they are allowed to see. This allows us to automatically preserve security permissions from sources such as SharePoint, Jive, Confluence and other content repositories.
But this feature makes one large assumption: namely that the content owners correctly secure the data in the repository. Over the last few years many analysts, such as Gartner, have been calling for a new way of enforcing policies called Data-Centric Security. In a data-centric security model, the content itself is inspected to determine a document or row's visibility to a user. Further, this model also allows for more fine-grained security access filtering than the normal read / no read type access that we are all used to. Data-centric security allows for results to be hidden, masked or shown but reduced in terms of fields to display, etc.
While there are many vendors that provide data-centric security models for databases, Attivio's new cognitive security feature takes data-centric security to the next level. Using our built-in rich text analytics and machine learning capabilities we are able to understand unstructured content on a deeper level and determine how it might be related to other similar, but potentially incorrectly flagged, pieces of content. Attivio administrators are able to write policies based on the detected entities, advanced boolean queries and machine learning-based classifiers to add additional filters to an end user's query to prevent them from seeing potentially harmful information. Using the machine learning-based classifiers allows administrators to train the system to spot potentially sensitive information without having to write rules for each case. The best part of all is that cognitive security is meant to work out of the box, with or without active security in place.
As an example, almost every organization has some sort of corporate file share with folders for each department and often a 'public' folder. And almost everyone who has worked at one of these companies has put something in the 'public' folder to get a copy to a co-worker in another group or when they can't find the correct place for the file. But what happens when that user works in HR, and the file they want to send is a copy of the employee database with social security numbers? What if it contains salary information for all the employees? What happens if this information gets out?
Cognitive Security is designed to solve this exact problem. Using a policy-based system, Attivio administrators can write rules to detect one or more instances of PII and automatically flag these records in search results. These results can then be hidden from normal users, reported to IT in a redacted fashion and then removed or properly secured in the source system by providing a full unfiltered view to the content owner.
See It in Action - Run the Demo
We have a live demo of this capability running on our trial system now. Just head over to http://km.attivio.com and run a search for "salary." With cognitive security off (the default for the demo system), you should see two documents returned: one a benign research report that happens to mention the word "salary" in some sample data, and one an actual spreadsheet as described above.
We've enabled users to toggle between the different modes that cognitive security supports for the purposes of the demo. Feel free to play around with the four different modes in the dropdown in the upper left hand corner, and check out the results.
- OFF: the cognitive search feature is disabled.
- REDACT: cognitive security will allow the results to be returned but will redact any information deemed to be sensitive. A screen shot from our KM demo is below.
- REMOVE: cognitive security will completely remove all documents that were flagged as sensitive from the result set. All facets, aggregations, visualizations, etc. will accurately show the information.
- INVERT: this mode is designed for administrators to see only the content that the cognitive security feature has flagged as being sensitive without all of the 'normal' content present.
And one other thing... My example above actually happened to a prospect we are working with and trust me: if it can happen there, it can and probably already has happened in your organization, too.