What to do if users upload confidential information?

Question

I wonder what's the best practice when end-users upload confidential information to SP10, such as clients' SSN, competitor's private info, or military weapon contracts for various governments. And all the information is now searchable, roll up to enterprise search results.

How should we squeeze out those data in the search results in the server?

I'm using SharePoint 2013, so I would turn off the search ability for that library and the site immediately. At least the results won't show up anymore. What to do if it's a SharePoint 2010 environment and what's the best practice for this situation?

Answer 1

You can use a combination of eDiscovery and Search Result Removal. The eDiscovery component would help you discover the infractions and the Search Results Removal is the FASTEST way to remove the content from the index.

To be honest, this all really begins with proper training. Nearly all companies that face this issue MUST have a policy in place AND a training program to educate the users BEFORE this is an issue. That way, when an infraction occurs, the policy and the training protect the company. Technology is not the only solution. I have worked with SharePoint in several highly secure environments. All of these companies took a multi layer approach to secure content.

Answer 2

Use SharePoint permissions. SharePoint search, all versions, is security trimmed. If the user does not have permissions to the content, then they can't find it in search.

If all of the problem content is in the same library, just edit the permissions on that library. Break inheritance, delete existing users access, and then grant back only the permissions needed.

As an FYI... SharePoint 2016 and SharePoint Online include "Data Loss Protection" features to help detect just these kinds of problem documents. https://blogs.msdn.microsoft.com/mvpawardprogram/2016/01/13/data-loss-prevention-dlp-in-sharepoint-2016-and-sharepoint-online/

Answer 3

If possible , you can using office protect document feature if the file is office file , say before user up load the confidential file to SharePoint , user can edit the document with "protect document" , once document upload to SharePoint and after crawl , these files will not show up in search result .

Answer 4

As others have stated, SharePoint will automatically handle search and indexing according to your specified security settings, and password protected office files should prevent file content from being included in a search index.

If files are truly confidential, however, they should be stored as securely encrypted archives. I would never consider password protected Office files to be secure, and even with law of least privilege rules on a relatively secure SharePoint server would not suffice for high security standards.

An open military grade standard like AES-256 bit is provided free of charge in applications like 7-Zip/ PeaZip, and whilst the NSA or Kremlin might be able to crack it I think your files are the least of their concern (not to mention the effort that they would need to put in just to obtain them from your cloud servers).

Unless it's offline, it can't be truly considered secure, but cryptography is our most powerful tool for trying to ensure things are as secure as possible.