4 Security Guidelines for SharePoint Governance

1,077 views
916 views

Published on

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,077
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
29
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

4 Security Guidelines for SharePoint Governance

  1. 1. © 2013 Imperva, Inc. All rights reserved.SharePoint Governance:4 Security Guidelines1Carrie McDaniel, File Security Team
  2. 2. © 2013 Imperva, Inc. All rights reserved.Agenda2§  Introduction to SharePoint governance§  Common business drivers§  4 guidelines for SharePoint governance and security§  SecureSphere for SharePoint§  Q&A
  3. 3. © 2013 Imperva, Inc. All rights reserved.Carrie McDaniel – File Security Team3§  Product Marketing Manager for FileSecurity; focus on SharePoint security§  Previously held product marketingposition at Moody’s Analytics in SanFrancisco§  Past experience in finance and techindustries at Wells Fargo and NetApp§  Holds degrees in Marketing and Frenchfrom Santa Clara University
  4. 4. © 2013 Imperva, Inc. All rights reserved.Efficient & Effective Use of Business Data4BUILDBuild  sites  Build  apps  Publish  apps      MANAGEManage  costs  Manage  risk  Manage  6me  DISCOVERConnect  across  the  organiza6on  Draw  insights  from  reports  Customizable  searchORGANIZEKeep  projects  on  track  Connect  with  your  team  Store  and  sync  documents  SHAREShare  ideas  with  social  features  Share  content  internally  and  externally    microsoft.com
  5. 5. © 2013 Imperva, Inc. All rights reserved.Challenges5BUILDBuild  sites  Build  apps  Publish  apps      MANAGEManage  costs  Manage  risk  Manage  6me  DISCOVERConnect  across  the  organiza6on  Draw  insights  from  reports  Customizable  searchORGANIZEKeep  projects  on  track  Connect  with  your  team  Store  and  sync  documents  SHAREShare  ideas  with  social  features  Share  content  internally  and  externally    •  Migration•  Customization•  Security•  Rollout•  Adoption
  6. 6. © 2013 Imperva, Inc. All rights reserved.Microsoft’s View of SharePoint Governance6§  Streamlining the deploymentof products and technologies§  Helping protect yourenterprise from securitythreats or noncomplianceliability§  Helping ensure the bestreturn on your investment intechnologiesGovernance is the set ofpolicies, roles, responsibilities,and processes that guide, direct,and control how anorganizations business divisionsand IT teams cooperate toachieve business goals.
  7. 7. © 2013 Imperva, Inc. All rights reserved.Governance From The Start, Or…7
  8. 8. © 2013 Imperva, Inc. All rights reserved.Business Drivers for Effective SharePointGovernance8ADOPTIONCOMPLIANCERISK41%72%82%
  9. 9. © 2013 Imperva, Inc. All rights reserved.4 Steps to Streamline SharePointSecurity Governance Efforts9
  10. 10. © 2013 Imperva, Inc. All rights reserved.Step 1:Identify and Secure Critical Business Assets10§  Address valuable data targetsFinancial InformationPersonal Health Information (PHI)Legal DocumentsIntellectual PropertyPersonally Identifiable Information (PII)
  11. 11. © 2013 Imperva, Inc. All rights reserved.Step 1:Identify and Secure Critical Business Assets11§  Identify valuable data targetsYou need to identify the dataassets that generate value for thebusiness that are high-risk targetsfor cybercriminals, or that aresubject to regulatory compliance,and then focus your efforts there.Forrester Research, Inc.
  12. 12. © 2013 Imperva, Inc. All rights reserved.Step 1:Identify and Secure Critical Business Assets12§  Address valuable data targets§  Secure business critical assets with automationFinancial InformationPersonal Health Information (PHI)Legal DocumentsIntellectual PropertyPersonally Identifiable Information (PII)
  13. 13. © 2013 Imperva, Inc. All rights reserved.Step 2:Establish a User Rights Management Framework13§  Sensitive content accessible to everyone§  Access rights granted but not used§  Data where individual users have rights,not groups§  Dormant user accounts and stale filesCommon Access Rights Risks
  14. 14. © 2013 Imperva, Inc. All rights reserved.Step 2:Establish a User Rights Management Framework14§  Sensitive content accessible to everyone§  Access rights granted but not used§  Data where individual users have rights,not groups§  Dormant user accounts and stale filesCommon Access Rights RisksThe top four internal andexternal audit findings relate toaccess management, withexcessive access rights beingthe top audit finding.Deloitte
  15. 15. © 2013 Imperva, Inc. All rights reserved.Step 2:Establish a User Rights Management Framework15§  Streamline access processes§  Formalize the approval cycle§  Report on effective permissions, usage, and permissionschanges§  Send permissions and usage reports on a scheduledbasis for review§  Identify data owners§  Track approval tasksBenefits of Automating User Rights Management
  16. 16. © 2013 Imperva, Inc. All rights reserved.Step 2:Establish a User Rights Management Framework16Understanding How Access is Granted§  Gain insight into how access was granted§  Align access with business need-to-know§  Minimize business interruptions
  17. 17. © 2013 Imperva, Inc. All rights reserved.Step 2:Establish a User Rights Management Framework17Unauthorized Access ScenariosA high volume of activity within a short period oftimeOperations outside of normal business hours ormaintenance windowsActivity from suspicious or external IPsAccess of sensitive data from different departmentsor by administratorsCreation of new sites or administrative accounts
  18. 18. © 2013 Imperva, Inc. All rights reserved.Step 3:Defend Applications from Web Attacks and Code Exploits18§  Test SharePoint applications§  Scan for vulnerabilities§  Perform virtual patching
  19. 19. © 2013 Imperva, Inc. All rights reserved.Step 3:Defend Applications from Web Attacks and Code Exploits19§  Test SharePoint applications§  Scan for vulnerabilities§  Perform virtual patchingWeb Application Firewallsgenuinely raise the bar onapplication security…they‘virtually’ patch the applicationfaster than code fixes can beimplemented.Adrian Lane, CTO, Securosis
  20. 20. © 2013 Imperva, Inc. All rights reserved.Step 4:Trust, But Verify, User Behavior20§  Establish a complete audit trail§  Leverage sophisticated analytics and reporting capabilitiesAddress compliance requirementsMonitor activity in real-timeStore data in a secured, centralized repositoryEnrich native audit information
  21. 21. © 2013 Imperva, Inc. All rights reserved.Step 4:Trust, But Verify, User Behavior21§  Establish a complete audit trail§  Leverage sophisticated analytics and reporting capabilitiesAddress compliance requirementsMonitor activity in real-timeStore data in a secured, centralized repositoryEnrich native audit information
  22. 22. © 2013 Imperva, Inc. All rights reserved.22
  23. 23. © 2013 Imperva, Inc. All rights reserved.Where Native SharePoint Security andControls Fall Short23Defending against Web-based attacksMaintaining a comprehensive audit trailReal-time responses to unwanted activityManaging permissions and rightsPerforming rights reviewsMonitoring MS SQL database activity
  24. 24. © 2013 Imperva, Inc. All rights reserved.Imperva Data Security24ExternalCustomersStaff, PartnersHackersInternalEmployeesMalicious InsidersCompromised InsidersData CenterSystems and AdminsTech. AttackProtectionLogic AttackProtectionFraudPreventionUsageAuditUser RightsManagementAccessControl
  25. 25. © 2013 Imperva, Inc. All rights reserved.Security for SharePoint’s File, Web andDatabase Resources25Web Application FirewallFile Activity MonitoringDatabase Firewall§  Protection against Web-based attacks§  Tuned for Microsoft SharePoint traffic§  Fraud prevention and reputation controls available§  Protect against changes to SQL server that wouldrender it unsupportable by Microsoft§  Enforce separation of duties§  Prevent unauthorized access and fraudulent activity§  Monitor and audit file activity§  Comprehensive user rights management§  Enforce file access control policiesSecureSphereforSharePoint
  26. 26. © 2013 Imperva, Inc. All rights reserved.AuditEnterprise UsersThe InternetSQLInjectionXSSIIS WebServersApplicationServersMS SQLDatabasesWeb-ApplicationFirewallActivity Monitoring &User Rights ManagementExcessiveRightsAdministratorsDB Activity Monitoring& Access ControlUnauthorizedChangesAuditUnauthorizedAccessLayers of SharePoint Protection26
  27. 27. © 2013 Imperva, Inc. All rights reserved.Additional Resources27
  28. 28. © 2013 Imperva, Inc. All rights reserved.Additional Resources28DOWNLOAD SHAREPOINTGOVERNANCE & SECURITYWHITE PAPERVIEW SHAREPOINT SECURITYCUSTOMER STORY
  29. 29. © 2013 Imperva, Inc. All rights reserved.www.imperva.com29

×