For organizations to make the best use of its information it has to be able to collaborate effectively. This collaboration could internal or external. In past posts I’ve talked about how teams can use SharePoint to share information of all types and also how organizations create cross-organization connections with AD FS. In this post I will cover two new components of the Microsoft Secure collaboration solution.
Two words that give IT Pro’s sleepless nights are” Compliance” and “Virus”. How we would love to check everybody’s device as they enter and leave our buildings. Nothing bad gets in and nothing confidential gets out. But that is just not practical. To compound the problem we [Microsoft], have made every effort to make collaboration easier, mobility easier and finding information easier. The next generation workforce is also extremely mobile, they want freedom as to where they work, which potentially exposes them to malicious threats. Another factor to consider is when you’ve opened up your environment to outside organizations, it could all be too easy to load an infected document into a SharePoint library, but a bigger concern could be the loss of sensitive information.
Fortunately, Microsoft does have a solution. The newly released Forefront Protection 2010 for SharePoint provides us with a solution to help protect the information within SharePoint and also to help enforce that all important compliance.
This solution can provide peace of mind, especially if collaboration means sharing information with other organization were you are not sure of their security policies. Forefront Protection 2010 for SharePoint uses five antimalware engines to deliver its protection; allowing you to prevent employees or partners from uploading or downloading infected docs, inappropriate content, or sensitive information.
It’s very easy for us [Microsoft again] to talk about collaboration; we often make statements like “SharePoint makes collaboration amongst teams or with partners easy”, while not really telling you about the potential challenges with sharing a SharePoint site inside you network with a partner organization. Let along cover the fact this partner may not even be running a directory services based on the Windows platform.
As I mentioned above, in the post on cross-organization connections with AD FS I cover some more details on how you can create more secure connections between organizations. There are also some examples in there of organizations that have done this. The core of those solutions is the second of the new components I wanted to cover, Active Directory Federation Services 2.0 (ADFS 2.0). AD FS 2.0 provides organizations a method to not only project identities across organizational boundaries, but also into the Cloud. It is interoperable with applications based on different programming models, languages and devices through support for WS-* and SAML 2.0. The support for these standards allows you to interoperate with the Cloud, especially with applications using the Windows Identity Foundation and running on the Windows Azure platform, and with applications that use Windows Azure platform AppFabric Access Control. Access Control accepts SAML tokens for authentication; AD FS 2.0 can issue these tokens for Active Directory users. With AD FS 2.0 you can now have single sign-on to applications that are on-premises, that are at other organizations, and that are in the Cloud. Also, SharePoint 2010 has been made claims aware, giving it the ability to take claims from AD FS 2.0 as part of the authentication process. Single Sign-on is achievable regardless of where the application you wish to access resides.