Your SlideShare is downloading. ×
4 Security Guidelines for SharePoint Governance
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

4 Security Guidelines for SharePoint Governance

723

Published on

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
723
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
27
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. © 2013 Imperva, Inc. All rights reserved.SharePoint Governance:4 Security Guidelines1Carrie McDaniel, File Security Team
  • 2. © 2013 Imperva, Inc. All rights reserved.Agenda2§  Introduction to SharePoint governance§  Common business drivers§  4 guidelines for SharePoint governance and security§  SecureSphere for SharePoint§  Q&A
  • 3. © 2013 Imperva, Inc. All rights reserved.Carrie McDaniel – File Security Team3§  Product Marketing Manager for FileSecurity; focus on SharePoint security§  Previously held product marketingposition at Moody’s Analytics in SanFrancisco§  Past experience in finance and techindustries at Wells Fargo and NetApp§  Holds degrees in Marketing and Frenchfrom Santa Clara University
  • 4. © 2013 Imperva, Inc. All rights reserved.Efficient & Effective Use of Business Data4BUILDBuild  sites  Build  apps  Publish  apps      MANAGEManage  costs  Manage  risk  Manage  6me  DISCOVERConnect  across  the  organiza6on  Draw  insights  from  reports  Customizable  searchORGANIZEKeep  projects  on  track  Connect  with  your  team  Store  and  sync  documents  SHAREShare  ideas  with  social  features  Share  content  internally  and  externally    microsoft.com
  • 5. © 2013 Imperva, Inc. All rights reserved.Challenges5BUILDBuild  sites  Build  apps  Publish  apps      MANAGEManage  costs  Manage  risk  Manage  6me  DISCOVERConnect  across  the  organiza6on  Draw  insights  from  reports  Customizable  searchORGANIZEKeep  projects  on  track  Connect  with  your  team  Store  and  sync  documents  SHAREShare  ideas  with  social  features  Share  content  internally  and  externally    •  Migration•  Customization•  Security•  Rollout•  Adoption
  • 6. © 2013 Imperva, Inc. All rights reserved.Microsoft’s View of SharePoint Governance6§  Streamlining the deploymentof products and technologies§  Helping protect yourenterprise from securitythreats or noncomplianceliability§  Helping ensure the bestreturn on your investment intechnologiesGovernance is the set ofpolicies, roles, responsibilities,and processes that guide, direct,and control how anorganizations business divisionsand IT teams cooperate toachieve business goals.
  • 7. © 2013 Imperva, Inc. All rights reserved.Governance From The Start, Or…7
  • 8. © 2013 Imperva, Inc. All rights reserved.Business Drivers for Effective SharePointGovernance8ADOPTIONCOMPLIANCERISK41%72%82%
  • 9. © 2013 Imperva, Inc. All rights reserved.4 Steps to Streamline SharePointSecurity Governance Efforts9
  • 10. © 2013 Imperva, Inc. All rights reserved.Step 1:Identify and Secure Critical Business Assets10§  Address valuable data targetsFinancial InformationPersonal Health Information (PHI)Legal DocumentsIntellectual PropertyPersonally Identifiable Information (PII)
  • 11. © 2013 Imperva, Inc. All rights reserved.Step 1:Identify and Secure Critical Business Assets11§  Identify valuable data targetsYou need to identify the dataassets that generate value for thebusiness that are high-risk targetsfor cybercriminals, or that aresubject to regulatory compliance,and then focus your efforts there.Forrester Research, Inc.
  • 12. © 2013 Imperva, Inc. All rights reserved.Step 1:Identify and Secure Critical Business Assets12§  Address valuable data targets§  Secure business critical assets with automationFinancial InformationPersonal Health Information (PHI)Legal DocumentsIntellectual PropertyPersonally Identifiable Information (PII)
  • 13. © 2013 Imperva, Inc. All rights reserved.Step 2:Establish a User Rights Management Framework13§  Sensitive content accessible to everyone§  Access rights granted but not used§  Data where individual users have rights,not groups§  Dormant user accounts and stale filesCommon Access Rights Risks
  • 14. © 2013 Imperva, Inc. All rights reserved.Step 2:Establish a User Rights Management Framework14§  Sensitive content accessible to everyone§  Access rights granted but not used§  Data where individual users have rights,not groups§  Dormant user accounts and stale filesCommon Access Rights RisksThe top four internal andexternal audit findings relate toaccess management, withexcessive access rights beingthe top audit finding.Deloitte
  • 15. © 2013 Imperva, Inc. All rights reserved.Step 2:Establish a User Rights Management Framework15§  Streamline access processes§  Formalize the approval cycle§  Report on effective permissions, usage, and permissionschanges§  Send permissions and usage reports on a scheduledbasis for review§  Identify data owners§  Track approval tasksBenefits of Automating User Rights Management
  • 16. © 2013 Imperva, Inc. All rights reserved.Step 2:Establish a User Rights Management Framework16Understanding How Access is Granted§  Gain insight into how access was granted§  Align access with business need-to-know§  Minimize business interruptions
  • 17. © 2013 Imperva, Inc. All rights reserved.Step 2:Establish a User Rights Management Framework17Unauthorized Access ScenariosA high volume of activity within a short period oftimeOperations outside of normal business hours ormaintenance windowsActivity from suspicious or external IPsAccess of sensitive data from different departmentsor by administratorsCreation of new sites or administrative accounts
  • 18. © 2013 Imperva, Inc. All rights reserved.Step 3:Defend Applications from Web Attacks and Code Exploits18§  Test SharePoint applications§  Scan for vulnerabilities§  Perform virtual patching
  • 19. © 2013 Imperva, Inc. All rights reserved.Step 3:Defend Applications from Web Attacks and Code Exploits19§  Test SharePoint applications§  Scan for vulnerabilities§  Perform virtual patchingWeb Application Firewallsgenuinely raise the bar onapplication security…they‘virtually’ patch the applicationfaster than code fixes can beimplemented.Adrian Lane, CTO, Securosis
  • 20. © 2013 Imperva, Inc. All rights reserved.Step 4:Trust, But Verify, User Behavior20§  Establish a complete audit trail§  Leverage sophisticated analytics and reporting capabilitiesAddress compliance requirementsMonitor activity in real-timeStore data in a secured, centralized repositoryEnrich native audit information
  • 21. © 2013 Imperva, Inc. All rights reserved.Step 4:Trust, But Verify, User Behavior21§  Establish a complete audit trail§  Leverage sophisticated analytics and reporting capabilitiesAddress compliance requirementsMonitor activity in real-timeStore data in a secured, centralized repositoryEnrich native audit information
  • 22. © 2013 Imperva, Inc. All rights reserved.22
  • 23. © 2013 Imperva, Inc. All rights reserved.Where Native SharePoint Security andControls Fall Short23Defending against Web-based attacksMaintaining a comprehensive audit trailReal-time responses to unwanted activityManaging permissions and rightsPerforming rights reviewsMonitoring MS SQL database activity
  • 24. © 2013 Imperva, Inc. All rights reserved.Imperva Data Security24ExternalCustomersStaff, PartnersHackersInternalEmployeesMalicious InsidersCompromised InsidersData CenterSystems and AdminsTech. AttackProtectionLogic AttackProtectionFraudPreventionUsageAuditUser RightsManagementAccessControl
  • 25. © 2013 Imperva, Inc. All rights reserved.Security for SharePoint’s File, Web andDatabase Resources25Web Application FirewallFile Activity MonitoringDatabase Firewall§  Protection against Web-based attacks§  Tuned for Microsoft SharePoint traffic§  Fraud prevention and reputation controls available§  Protect against changes to SQL server that wouldrender it unsupportable by Microsoft§  Enforce separation of duties§  Prevent unauthorized access and fraudulent activity§  Monitor and audit file activity§  Comprehensive user rights management§  Enforce file access control policiesSecureSphereforSharePoint
  • 26. © 2013 Imperva, Inc. All rights reserved.AuditEnterprise UsersThe InternetSQLInjectionXSSIIS WebServersApplicationServersMS SQLDatabasesWeb-ApplicationFirewallActivity Monitoring &User Rights ManagementExcessiveRightsAdministratorsDB Activity Monitoring& Access ControlUnauthorizedChangesAuditUnauthorizedAccessLayers of SharePoint Protection26
  • 27. © 2013 Imperva, Inc. All rights reserved.Additional Resources27
  • 28. © 2013 Imperva, Inc. All rights reserved.Additional Resources28DOWNLOAD SHAREPOINTGOVERNANCE & SECURITYWHITE PAPERVIEW SHAREPOINT SECURITYCUSTOMER STORY
  • 29. © 2013 Imperva, Inc. All rights reserved.www.imperva.com29

×