Access Control in Social Enterprise Applications: An Empirical Evaluation

Abstract

The social enterprise is reported as one of the biggest IT trends, and is only increasing in popularity. Many enterprises are adopting social media communication channels such as Yammer, Chatter, and Jive for collaboration amongst employees. One key concern however is the lack of user-level access control mechanisms in these applications. In particular, introducing social media applications in government, healthcare and financial sectors requires strict controls on which employees can access or share what kinds of company data based on various federal and state regulations. The existing vendor solutions do not provide fine-grained access control policies to support these requirements, and the impact of adding such policies to these applications have not been explored yet. In this work we provide an empirical evaluation of embedding fine-grained access control policies in Group Communication Systems (GCS) which serve as a mechanism for message exchange in social media applications. Our evaluation is based on a proposed framework for Role-Based Access Control for GCS in wide area networks (WAN) scenarios where the access control policies are specified and enforced using the X-RBAC policy framework. The main focus of this work is to evaluate the performance of our proposed framework and demonstrate that adding the access control mechanisms to an existing GCS incurs minimal overhead, looking especially at the challenges in WAN scenarios that are relevant to message exchange between geographically distributed employees in the enterprise. We show that with the use of caching, the proposed framework adds minimal overhead in WAN environments, while still providing the advantages of having such a framework built in the GCS's interface to enable access control for the social enterprise.