Security is becoming a hot topic in the enterprise search world. And a lot of companies are starting to claim that they offer secure enterprise search capabilities. However, "handling" various types of security environments does not make a search solution secure. Secure search means that when users perform a search, if an underlying content repository is using security, and a user is not authorized to see certain content, that content will NOT show up in the results list.
Now, once again, some vendors will claim that you can "integrate" repository security. However, that typically requires a lot of development work - redeveloping content crawlers that interpret and index the security of the underlying repositories. This is a fairly complex task and not one that should be taken lightly. For better value, look to systems that have out-of-the-box support for indexing the security of the underlying systems. This is part of why Google continues to get dinged on their ability to deliver "secure" search, as Dejan points out in a comment on one of my previous blog entries.
Todd Leyba has a great post on on this - How Secure is Your Search? - worth a read if you want to understand more about all of the implications related to "secure" search for the enterprise. You should also check out "Enterprise Search: Mapping Security Requirements to Enterprise Search, Part 1: Defining Specific Security Requirements" from New Idea Engineering. This does a good job of highlighting what you need to think about.
Comments