Security Afterworks
SharePoint Security-, Rights- and
Permissionmanagement
Who Am I?
• Two fields of work:
1. Information / IT Security since 2006
2. Software Development  A lot of SharePoint proj...
SharePoint Permission Management
The Problem(s)
• SharePoint adoption requires trust in the platform
– OOTB permissions ma...
SharePoint Permission Management
The Good
• Use of centrally managed Active Directory groups &
Claims-based authentication...
SharePoint Permission Management
The Bad
• Use of Share Point groups
• Nesting of AD users / groups in SharePoint Groups
•...
SharePoint Permission Management
The Ugly
• “Share” on Site / List / Item
– Breaks Permission Inheritance on „User“ reques...
SharePoint Permission Management
The Need for Ugly
• Need for
– flexibility in rights management
– different right sets in...
 Promote data governance by enforcing awareness and compliance
 Automate visual markings on MS Office and PDF documents
...
DEMO
TITUS Metadata Security Claims Edition 1/2
• Policies are Fine Grained
– Combine aspects of a user’s identity with metadat...
TITUS Metadata Security Claims Edition 2/2
Alice
Name Alice
Citizenship British
Place of Birth London
Security Clearance T...
DEMO
• Raises End User Awareness
• Promote End User Accountability
Date and Timestamp
Date and Timestamp
Current Username
Great approach but still…
• …defining
– policies
– claims / labels
– metadata
• …deploying and updating
– policies
– claim...
Titus Overview
• Data Security & Classification
Market Leader
• Over 300 Enterprise
Customers
• Over 2 Million Users
• Sha...
Titus Customers
Protecting Over 2 Million Users
Military Government Commercial
Questions & Discussion
Gernot Goluch
SBA Research gGmbH
Favoritenstraße 16, 1040 Wien
+43 664 88622421
ggoluch@sba-research.org
Share point security , rights- and permissionmanagement
Upcoming SlideShare
Loading in …5
×

Share point security , rights- and permissionmanagement

430 views
353 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
430
On SlideShare
0
From Embeds
0
Number of Embeds
59
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Share point security , rights- and permissionmanagement

  1. 1. Security Afterworks SharePoint Security-, Rights- and Permissionmanagement
  2. 2. Who Am I? • Two fields of work: 1. Information / IT Security since 2006 2. Software Development  A lot of SharePoint projects 2007 until now • My Experience: No matter what you want to do in the course of a SharePoint project, permissions are ALWAYS one of the main topics!
  3. 3. SharePoint Permission Management The Problem(s) • SharePoint adoption requires trust in the platform – OOTB permissions management just doesn’t quite meet the needs – poor governance and poor management practices lead to security leaks that ultimately give SharePoint a bad name • The reality of any out-of-the-box SharePoint deployment means applying permissions manually • Permissions: A High Volume Support Issue
  4. 4. SharePoint Permission Management The Good • Use of centrally managed Active Directory groups & Claims-based authentication • Permission Management – User Interface – Power Shell $web = Get-SPWeb http://address/site/site/site $user=$web.AllUsers Get-SPWeb YOURURL | Get-SPUserEffectivePermissions $user | Export-Csv -NoTypeInformation - Path c:perms.csv
  5. 5. SharePoint Permission Management The Bad • Use of Share Point groups • Nesting of AD users / groups in SharePoint Groups • Breaking Permission Inheritance on Lists and Libraries – Ok if this is done by a managed approach!
  6. 6. SharePoint Permission Management The Ugly • “Share” on Site / List / Item – Breaks Permission Inheritance on „User“ request – Site Administrators have to allow the request, but this doesn’t change a thing… • SharePoint wants to be like Dropbox and users love the idea… – Might be Ok in personal SkyDrive – Not Ok for company data • Breaking Permission Inheritance on Items and Documents – Ok if this is done by a managed approach!
  7. 7. SharePoint Permission Management The Need for Ugly • Need for – flexibility in rights management – different right sets in a site and list / libraries – less administrative overhead for rights management • Possible Solutions – Custom solutions – Metadata based permission management and policies  Column-Based Security
  8. 8.  Promote data governance by enforcing awareness and compliance  Automate visual markings on MS Office and PDF documents  Promote end user accountability of sensitive content  Protect sensitive information in SharePoint by enforcing access control policies that use Trusted Claims and Document Metadata  Automate security on any content type: documents, items, forms, folders… TITUS SharePoint Security Suite
  9. 9. DEMO
  10. 10. TITUS Metadata Security Claims Edition 1/2 • Policies are Fine Grained – Combine aspects of a user’s identity with metadata about content with environmental attributes • Policies are Dynamic – When user identities change - access to content changes – When metadata changes - access to content changes • Implement automatic Claims-Based Authorization within SharePoint
  11. 11. TITUS Metadata Security Claims Edition 2/2 Alice Name Alice Citizenship British Place of Birth London Security Clearance Top Secret TITUS Metadata Security Access control is based on Alice’s Security Clearance and Document Classification
  12. 12. DEMO
  13. 13. • Raises End User Awareness • Promote End User Accountability Date and Timestamp Date and Timestamp Current Username
  14. 14. Great approach but still… • …defining – policies – claims / labels – metadata • …deploying and updating – policies – claims / labels – metadata
  15. 15. Titus Overview • Data Security & Classification Market Leader • Over 300 Enterprise Customers • Over 2 Million Users • SharePoint Security • Email and Document Marking • Data Loss Prevention
  16. 16. Titus Customers Protecting Over 2 Million Users Military Government Commercial
  17. 17. Questions & Discussion
  18. 18. Gernot Goluch SBA Research gGmbH Favoritenstraße 16, 1040 Wien +43 664 88622421 ggoluch@sba-research.org

×