1. Enterprise versus Internet search
The assumption that similar approaches could be used in enterprise and internet searches “turns out to be surprisingly faulty” (Marc Strohlein: Executive Guide to Search, BusinessWeek, May 15 2006; see also Alan Cane: The future of search: It’s how, not where, you look, Financial Times, March 28 2007). The most import difference is that internet search engines do not have to care about security at all.
As a consequence, it is not easy for search engines originally developed for the internet to satisfy the security and privacy requirements of an enterprise environment (see, e.g., Gartner Research: Manage Google’s desktop search now or lock it out, 16 Feb. 2006; or Gartner Research: Google enterprise search has its limits, 13 Mar 2006)
2. Access rights for enterprise document repositories (security)
It seems to be generally expected that a user of an enterprise search engine should see only those documents for which he has the necessary access rights. This means that a search engine must respect “File system security” that adheres to the access rights of the underlying network. This requirement is, however, not always met – even it the product supplier claims to have a “sophisticated security system”. A real support of “File system security” may have serious impacts on the performance (search speed) and corresponds to a ridge walk between “Scylla and Charybdis” (security and performance).
It might happen that the access rights of some files must be changed by the system administrator or by a user (e.g. because a search engine has displayed search results to unauthorized users). In such a case the enterprise search engine should react immediately to the modified access rights – a requirement that is seldom met (one of the very few systems supporting this feature is InfoCodex).
3. Highly sensitive data and privacy
Today’s systems for handling the file access rights in an enterprise network offer a great flexibility on various levels. But this means also that the administration has become really difficult – leading to increased human mistakes or negligences.
Enterprise search engines facilitate the discovery of information stored on networks, and relying on the “File system security” might not be enough in view of possible risks in the access right settings. For the handling of high data security and privacy, additional measures have to be taken. In the InfoCodex system, this is achieved by creating protected sub-domains for which selected users/groups own the full sovereign rights. Even system administrators have no access rights to the search and viewing functions in those protected sub-domains.
Via the InfoCodex Blog.
Follow-Up II: Namics also has an opinion on this matter.
Follow-Up III: It just seems that if you change file-system access right on one file via the windows explorer then the windows explorer will not find the file anymore, but GSA will still find the file. InfoCodex will also not find the file anymore. This is where the Google Search Appliance just lacks security and privacy, not matter what Matthew Glotzbach says.