Security

It's no secret that every company possesses a wealth of information that languishes for lack of use. And that millions of frustrated workers could be more productive if only they had easy access to their company's buried information. Search has come a long way in bringing hidden knowledge to light, making it accessible to employees who need it. Solving that problem, however, quickly opened the door to another challenge: how to keep confidential information in the enterprise available only to those who should have access to it.

The Google Search Appliance indexes both public and privileged information and enforces your organization’s document-level security policies at the time of search. It provides a mechanism for users to search for private information securely, so only content that should be accessible to the search user is returned in the results list. Google’s universal search technology integrates with your authentication and authorization systems to provide secure search leveraging your existing access control investments.


Leverage Existing Access Controls

back to top
Most companies have two kinds of information in their enterprise: information that anyone can access and read, and information that is confidential and meant for only particular employees to access and read. There may be sets of confidential documents, such as financial statements, human resource files, and engineering plans, that are available to some users but not to others. Sensitive documents must be protected and presented only to those people who should have access.

The Google Search Appliance does not require a new set of user identities or user access control lists (ACLs) be created to implement secure search in the enterprise. Rather, Google leverages your existing identity management system and the access control policies already in place in your content systems today.

Most content systems and enterprise applications have capabilities built into the system that determine if a user is allowed to see a particular content or piece of information. By requesting the content just like a user would directly from the source system or application, Google allows the most granular security level - document-level security, with no additional security systems or access control policies required.


Secure Search in Real Time

back to top
To provide this secure search experience, the Google Search Appliance breaks the authentication to two basic steps: crawling/indexing and serving.

At crawling, the Google Search Appliance creates an index of information that it has acquired through the various onboard content access mechanisms – the web crawler, file system crawler, relational database crawler, and through the content feed interface. When acquiring and indexing this information, the appliance uses access credentials provided to it by the system administrator. These can include single sign-on (SSO) credentials for forms-based SSO systems, basic-auth credentials, NTLM credentials (username, password, domain), and X.509 client certificates. These credentials are used by the Google Search Appliance to access the content at indexing time.

The serving process occurs when users execute a query. At this moment, they can specify (through the search interface) if they want to search “public only” information or public and privileged (secure) information. If the latter is chosen, the user is then prompted for their access credentials based on which authentication and authorization method(s) are configured.

For example, if the appliance is integrated with an enterprise single sign-on system, the user is directed to the SSO authentication server they can be authenticated and receive the SSO credentials. If the user is already authenticated by the SSO, then the user can search without any added authentication steps involved.

The Google Search Appliance executes the search against the index to retrieve the candidate list of all matching results. However, prior to returning the full results list to the user, the appliance uses the SSO cookie on behalf of the user to authorize the candidate results against the source system. Results that fail authorization are filtered from the list, and only validated results are returned to the search user. 

By performing the results access control checks in real-time, the Google Search Appliance ensures that users only see results that they are entitled to view. Alternative security approaches involving credential caching and recording access control permissions at crawl time are susceptible to fraud and synchronization issues. Google provides enterprise-class security with the ease of out-of-the-box integration.


Commitment to Open Standards and Interoperability

back to top
As mentioned previously, the Google Search Appliance was built to integrate with and leverage your existing security and access control systems. The appliance can use a number of industry standard mechanisms to authenticate users including LDAP and Active Directory based authentication, forms-based single sign-on systems (SSO) such as Netegrity and Oblix, and X.509 client certificates. Authorization is then performed at the document source system level, again leveraging enterprise SSO system, http-basic authentication, or NTLM-based authorization.

In addition to the various ways that Google can integrate into your enterprise right out of the box, the Google Search Appliance also supports native, SAML-based interfaces for authentication and authorization. This SAML 2.0 based provider interface leverages the emerging XML standards to allow for third party user authentication and external results authorization. With the authentication and authorization service provider interfaces, the Google Search Appliance can be easily and securely integrated into all types of enterprise access control environments.


Summary

back to top
Google is synonymous with providing high quality, relevant, and fast search to users on the Internet. Google Enterprise, with the industry leading Google Search Appliance has been providing secure search to users inside organizations for over 5 years. The Google Search Appliance leverages your existing enterprise access control infrastructure to provide real-time security checks against the source content systems directly. This provides the most comprehensive, secure, and cost effective means to deliver relevant, secure universal search. And Google continues to support industry standards for making search more interoperable across a wide array of enterprise systems. With the Google Search Appliance, your users will find exactly what they are looking for, fast, easy, and secure.

Read more about security and other features of the Google Search Appliance, or sign up for one of our seminars