beautypg.com

Chapter 4 gsa environment approach – Google Search Appliance Deployment Governance and Operational Models User Manual

Page 17

background image

17

Handling of sensitive data that is newly searchable on the GSA

The GSA is a powerful search tool, which allows users to find documents that they previously may have
had no means to find. There are cases where shortly after deployment, users start finding documents in
their search results that they should not have access to. These are cases where the GSA correctly
respects permissions on the documents, but the permissions in the source system are too open in the
first place. These documents must have their permission set to restricted to keep them from showing up
in search results.

When deploying the

GSA,

a best practice is to move forward with a mitigation plan for breaches of

sensitive data. This will allow planning and mitigating through process development, communication, and
user training in your organization.

Often times, HR content may be at the most risk for this type of issue. Consider a simple audit of a
sample set of HR data to inspect current permissions. Consider keeping sensitive content out of the first
deployment phase

to

ensure users and admins become familiar with the GSA. This allows the admins to

be better prepared to deal with unintentional data leaks due to unrestricted permissions on documents.

The following is a

sample

process for dealing with incidents where the GSA seems to return sensitive

search results, which should have their permissions restricted:

Setup an email alias that will handle users reporting cases where documents should be restricted.

Designate a Business Analyst (BA) type role for being the point resource for handling each case
that comes in.

This person should be able to map the document in question to the content source in
which it lives.

This person should be able to communicate effectively with the owners of the content
source to determine the optimal permission setting for the document in question.

Just before Go-Live, the process for dealing with documents that should be restricted should be
clearly communicated.

Users should be given the email alias where they can send incidents.

Users should be provided with a sample set of information that they should provide when
reporting an incident.

For any report that comes in, the BA can determine severity, with the option of temporarily or
permanently removing the document from the front end of the GSA immediately. This can be a
temporary removal until the content owners can confirm access levels.

Incident tracking can be done in a ticketing system of choice.

See also other documents in the category Google Software: