Key Benefit of NextLabs’ Entitlement Manager to restrict SharePoint users to access selected site collections

Our security department has identified some SharePoint 2010 site collections need to restrict to users of some security groups. The requirement is to restrict the users belong to some security groups toaccess selected site collections with sensitive information even these users have been granted the permission through individual account, any AD groups, or email list groups. There are some options and the NextLabs EntitlementManager looks very promising.

NextLabs’ Entitlement Manager for SharePoint is a content aware Entitlement Management solution that provides the capability to authorize, classify, enforce and audit enterprise resources across Microsoft SharePoint. This solution allows large enterprises to enjoy secure internal/external collaboration while helping them achieve obligatory compliance, protecting data both on and off the SharePoint Environment.

Entitlement Manager for SharePoint supports all access protocols and clients (browser, webDav, web folders, front page extensions, MS Office, MS Designer, SOAP), while ensuring administrative privileges are restricted to content owners avoiding security risks caused by SharePoint's discretionary access control model. Automation of security procedures via security trimming and enhanced support for various authentication methods such as Windows, forms-based, Web SSO, and ADFS make this solution the most secure Entitlement Management solution in the industry today.

The Key Benefits are:

1. Compliance for Obligatory Regulation
   Provides fine grained attribute based authorization and access control policies to comply with regulations such as ITAR, HIPAA, SOX, NERC, FERC, PIPAA and many more. 
   
   
2. Increases Enterprise-wide Adoption of SharePoint  
   Provides IP Protection and Extranet Security increasing wide-spread adoption of SharePoint, while promoting open, ad hoc collaboration. 
   
   
3. Extends and Enhances SharePoint Security
   Manages and controls SharePoint chaos, while improving information availability and reliability, extending and enhancing SharePoint security allowing enterprise users the flexibility to collaborate. This is accomplished via end-user education, data protection automation and mandatory access control practices. 
   
   
4. Fast and Easy to Manage Solution 
   Uses adaptive authorization policies achieving obligatory compliance via the fewest number of policies making it fast and efficient to create/modify and deploy policies. 
   
   
5. Significantly Reduces Entitlement Management Cost -
   Easy to use, centrally administered solution eliminates the complexity associated with administering/maintaining very large number of permission/role based authorization policies, resulting in an enormous reduction in administration/maintenance time and cost.
    
6. Improves Time To Value -
   Easy to deploy solution that integrates with existing SharePoint deployments with minimal effort, improving your enterprises’ time to value
   
   

The Entitlement Manager for SharePoint Architecture is simple.The Entitlement Manager for SharePoint has two primary components, the Adapter and the Policy Controller. The Adapter runs inside IIS and the Policy Controller as a Windows Service.

The activity logs are collected from Policy Controllers and stored centrally in an Activity Journal. The Reporter application lets Policy Analysts monitor SharePoint activities in real-time with fine detail, or run reports to analyze trends and patterns.

• Summary Analysis – Interactive charts by user, files, or data class to examine collective behavior.
• Trend Analysis – Helps to discover behavioral changes over time to better understand risk exposure.

We are starting the POC to evaluate the product and will publish the findings.  If anyone who has used this product before, please share your thoughts.