There cannot be two opinions about the significance of pushing the unstructured BLOB content out of SharePoint/SQL Server dynamic duo to the inexpensive storage. However, moving BLOBs to the external storage can result in compromising the externalized BLOBs security. Many administrators fail to give due consideration to the fact that externalization of BLOBs affects the existing BLOBs protection strategies put in place for their SharePoint infrastructure. Can you afford to expose your valuable enterprise content and render it vulnerable to various types of threats? For a modern-day enterprise environment of cut-throat competition, the answer is an absolute NO. Moreover, various standards and regulatory compliances mandate you to ensure stricter controls on content storage.
One might argue that the external storage media to which the BLOBs are externalized should carry the burden of BLOBs protection. The external storage media ranges from a simple file system to SAN, NAS or Cloud and they do generally offer such tools to ensure externalized BLOBs security. However, considering the size of the content which might easily soar to multiple TBs for a typical environment, its BLOBs externalization might span numerous storage profiles spanning multiple types of storage. Naturally, for an administrator to manage even the first-level protection of BLOBs using a plethora of different tools will be a huge hassle.
A proper solution to this issue is the tool, which is used to externalize the BLOBs to external storage, needs to ensure that it adds the first layer of security on the externalized BLOBs. Instead of leaving the administrator on the mercy of a number of storage-media-specific tools, it must ensure sufficient BLOBs security through generic approaches. Various elements which contribute towards this important task include the encryption of content, file shredding, compression and encrypted file names.
StorageEdge has been built with precisely this requirement of externalized BLOBs security in perspective. StorageEdge provides:
- Encryption of Content: The BLOBs are encrypted and written to any external media subsequently. It supports encryption on a storage profile thus providing first layer of security to the externalized BLOBs. It supports DES-64bit or AES-128bit encryption.
- File Shredding: The tool responsible for externalized BLOBs management must make sure all such permanently deleted content is irrecoverable using any third-party tools. StorageEdge has a fool-proof file shredding mechanism coming into play when the BLOB is permanently deleted from SharePoint.
- Compression: StorageEdge provides for compression of BLOBs using GZip.
- Encrypted File Names: The BLOB management tool must be such as to ensure that the file names are encrypted. This becomes especially important when you move the content to a storage media which is out of your enterprise such as Cloud.
Figure 1: Encryption Settings in StorageEdge
Figure 2: Enabling Shredding in StorageEdge is Only a Matter of Setting a Param Value
So, StorageEdge takes care of your externalized BLOBs security worries from within SharePoint. If proper care of the externalized content is not taken, the BLOBs security strategies could be compromised, and result in negative impact on the organization’s overall IT governance.