Mycroft

Challenge:

According to Gerry Gebel, VP and Services Director for the Burton Group's Identity and Privacy Group, "Everything would be fine if you were not trying to hook up SharePoint with your identity management tools. SharePoint is going to be a critical application and granular access controls will be a necessity and Microsoft's tools are insufficient for all usage scenarios."

Organizations discovered inherent weaknesses in the SharePoint security model as the tool moved from a tactical solution to an enterprise one. Access control in SharePoint becomes critical as servers take on more and more confidential company data. SharePoint offers no support for enterprise entitlements that exist outside of Active Directory. It has no ability to manage authorization across multiple sites.

SharePoint as a strategic enterprise tool has additional gaps. It does not provide an audit trail of who gave whom what access. It has no way of reporting who has access to what resources, no true delegated administration support. Moreover, SharePoint has no segregation of duties and no attestation support – the ability to periodically certify that users should be allowed access to resources.

Solution:

Mycroft Security Service for SharePoint is an engine that provides the authentication and authorization services for applications and web services security. It’s comprised of a set of web services, administration applications, databases and application-side, framework specific components. The main aspects of our solution consist of authentication abstraction and fine grained authorization. The authentication abstraction aspect provides for connection to any number of authentication providers, such as LDAP, Active Directory, RADIUS, etc. It then provides an abstraction layer above these existing authentication providers. When SharePoint needs to consume a new kind of authentication, or when the underlying authentication provider needs to be replaced, SharePoint does not need to be modified because it consumes authentication from the abstracted Keystone SP layer and not from the authentication source(s) directly.

MSS for SP provides fine-grained authorization for SharePoint through run-time calls to any number of authorization sources containing user attributes. MSS determines the role a user has and places the role in SharePoint with their associated permissions. MSS for SP-enabled SharePoint enjoys a stable, immutable security-related lifecycle because enterprise policy, identity management and role management are determined outside of SharePoint and bring authorization factors into the SharePoint access control equation.

Would you like to learn more? Contact Us!