2. • SearchBlox Enterprise Search
• Security Architecture
• User Security
• Application Security
• Data Security
• Compliance
• Backup and Recovery
Security Architecture for your enterprise search
Secure
Enterprise
Search
SEARCHBLOX SOFTWARE, INC.
3. • Founded in 2003
• Focus on enterprise search
• Using AI for search
• 400+ customers in 30 countries
• Based in Richmond, Virginia, USA
• AWS Technology Partner
• 2015-2020 – KMWorld Trendsetting Product of Year
• KMWorld 100 Companies that matter in Knowledge Management
SearchBlox
Enterprise
Search
SEARCHBLOX SOFTWARE, INC.
4. SEARCHBLOX SOFTWARE, INC.
Security for Enterprise Search is Critical
Avoid data breaches and ensure rock-solid
security for enterprise search.
5. SEARCHBLOX SOFTWARE, INC.
Enable search for all your secure data
ERP
CRM
DB
Documents
Full-Text Search
Encrypted Data
Compliance
SearchBlox Enterprise Search
• Secure crawl of any data
• Search across all/any data source(s)
• Search encrypted sensitive data
• User management with LDAP/AD
Crawl
7. Users Application Data
SEARCHBLOX SOFTWARE, INC.
Building a user security model for enterprise search
SearchBlox provides multiple security layers
8. Ø Global User
• Any search user who can access the system, public or authenticated.
Ø Profile
• Access is allowed by title or rank within the organization. Levels of
access may include VP, Director, Manager, Customer, Employee.
Ø Group / Role
• Arbitrary groups of users (Sales, HR, Marketing, Finance).
Ø Specific User
• Security allowed on a per user basis.
SEARCHBLOX SOFTWARE, INC.
Search – Examples of User Types
Global User
Profile
Group / Role
Specific
User
10. SEARCHBLOX SOFTWARE, INC.
Search User - Index Access Types
• Public Access
• Authenticated Search Access
• Collection / Repository / Index Level Access
• Document / Record Level Access
• Sub-Document / Sub-Record Level Access
Public SensitivePrivate
Enable user search access for your data securely
11. SEARCHBLOX SOFTWARE, INC.
Search User - Index Access Types
Security starts with defining requirements for users to access the search index.
Public Search Access
• You can search without any login or authentication. Search users are anonymous.
Authenticated Search User Access
• You can search after authentication; if you are not authenticated, you cannot search.
Collection / Index / Repository Access
• Search can be allowed based on the user. Once the user is authenticated and authorized,
collections are available for search.
12. SEARCHBLOX SOFTWARE, INC.
Search User - Index Access Types
By Document
• Users with specific roles, groups or designated users can search documents or records, but others are
restricted.
By Sub-Document
• Different users may see different parts of the same document or record. For example, the document
may contain financial information which is searchable to all users, but the sensitive data is displayed
only to the authorized users.
13. SEARCHBLOX SOFTWARE, INC.
Search User – Typical Access Use Cases
• Public Websites
• Marketing Websites
• Product Websites
Public SensitivePrivate
• Company Intranets
• Customer Support
Portals
• Contact Center Agent
Portals
• Knowledge Base Portals
• Finance, HR, CRM, Sales
Data Portals
• Employee Portals
• Customer Portals
• Healthcare Portals
• Patient Only Portals
15. SEARCHBLOX SOFTWARE, INC.
Search User – Document Level Security for Sensitive Data
• Document Level Access
• ACL with LDAP/AD
• SearchBlox Realm authentication and authorization
• Sub-Document Level Access
• AES256 Encryption with customer key
• SearchBlox Realm authentication and authorization
• One or more columns within a database can be
encrypted but available for full-text search
Allow Deny
Allow
Deny
16. • Encryption at rest
• Disk level encryption
• External encryption tools
• Encryption in transit
• TLS 1.2, TLS 1.3 / SSL with cert to secure your data with
AES256
• Encryption at field level for sensitive data
• Store and search PII or sensitive fields with encryption
• Select the PII data — credit card numbers, SSN, email
addresses, etc.
SEARCHBLOX SOFTWARE, INC.
Data Security
18. • SearchBlox Realm or AD/LDAP with/without SAML 2.0 or Okta Integration
• Public, Private and sensitive search results for users
• Secure Admin console access for Admins, Managers and Business Users
• Activity logging for all Admin actions
• Access, Activity, Query, User logs for real-time monitoring
SEARCHBLOX SOFTWARE, INC.
Application Security
for Administrators and Search Users
Authentication Authorization Audit
19. • Crawl secure data using credentials (HTTP Basic, Forms based-authentication, ADFS/SSO)
• Crawler custom User Agent name for access
• Crawling through secure proxy server
• Crawling with connection/requests throttling
• Crawling with API tokens for specific repositories
• Crawling with Custom Header values for authentication
SEARCHBLOX SOFTWARE, INC.
Crawler Security for indexing data
20. • Backend authentication using SearchBlox realm or LDAP, Okta
• Search UI uses JWT for security
• Prevents CSRF
• Login / Logout of search sessions
• Section 508 Compliant
• SSL only search access
SEARCHBLOX SOFTWARE, INC.
Search UI Security for data
21. • Backup and restore data at an index level
• Backup and restore of configuration for enterprise search setup
• Avoid data loss with index / configuration replication with SearchBlox cluster setup
SEARCHBLOX SOFTWARE, INC.
Backup and Recovery for index data and configuration
Data