SlideShare a Scribd company logo

Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley

Joel Oleson
Joel Oleson

With recent news of one of the largest security breaches in US history, many organizations are looking to their SharePoint environments to better understand just how vulnerable their data is, and whether they have in place adequate governance policies and procedures to prevent a similar breech. In this webinar, we'll discuss some of what happened in the case of Snowden and the NSA's SharePoint environment, and clarify the differences between willful intent versus poor governance planning. We'll help you to outline steps you can take within your own organization to improve security and lock down permissions, closing off any gaps within your governance strategy.

Technology
1 of 44
Download to read offline
Joel Oleson Managing Director of S6 @joeloleson http://sharepointjoel.com Christian Buckley Evangelist at Axceler Now Metalogix @Buckleyplanet
NSA Recap Real World SharePoint Permissions & Auditing Time for an Audit SharePoint Lockdown & Hardening Time to Review Data Policies Tools to Automate Enforce & Report
"This leaker was a sysadmin who was trusted with moving the information to actually make sure that the right information was on the SharePoint servers that NSA Hawaii needed," NSA Chief Alexander The leaks represented "a huge break in trust and confidence“ … They still don’t know what was taken…
 Users CAN NOT tell what permissions/RIGHTS are on the site they are uploading documents to.  Search EXPOSES documents from EVERYWHERE  DATA is not ENCYPTED by default  30% or more Site Owners have left or moved jobs  More than half of sites after 3 years are Abandoned  No cleanup of permissions, easier to add groups and authenticated users  Most sensitive sites are in the site directory and in enterprise search  All data is stored in the same databases  Result: People didn’t TRUST SharePoint. Sensitive data is exposed to search and users have rights to content they shouldn’t. INFOSEC says “SHUT IT DOWN!”
Permissions Troubleshooting why users cannot see the content they should Reporting for different types of compliance Auditing who has access to sensitive content Usage/Activity Finding what content is, or is not, being used Planning for future growth Understanding hardware requirements Storage Monitoring growth for performance reasons Understanding hardware requirements Reorganizing taxonomy based on Storage needs Audit Needing to show who accessed what and when, to adhere to internal or external compliance requirements Performance Monitoring page load times to uncover problems Planning for increased usage
• Auditing • User access records • Troubleshooting functionality problems that most commonly stem from end users trying to perform a task without having the correct permissions.
 Perform regular security checks across your farm, down to the document level  Proactively review, delete, and reassign user permissions as needed  Clean up users who are no longer in Active Directory but are in SharePoint  Review SharePoint groups  Have a process to backup and restore permissions  Document site permissions (roles) so that its easier to duplicate them for new employees  Monitor SharePoint licensing
 GlobalWorkforce (LOW)– Open to all Authenticated users. Listed in directories, boosted in search when relevant, cheap storage, flexible archiving policies. Published and Mobile Accessible.  Team/Group Sensitive (MEDIUM) – Secured to a team or group. No permitted use of Authenticated users at top site collection level, not listed in global site directory. Security trimmed and included in enterprise search. Cheap storage. Published and Mobile Accessible.  Classified/Business Confidential (HIGH) – Stored in separate encrypted databases in separate data center as policy permits. Limited security to sysadmins, regularly audited and restricted to named accounts, no security groups, only reliable and trusted. Regular permissions audit report sent to site administrators, Not included in Enterprise search, Not included in any directories. No use of Auth Users at any level.VPN Only No external publishing. Auditing activated. Any changes to permissions or auditing reported immediately.
 Who has Admin rights to your SharePoint & SQL or External Storage servers?  What sites have open access anonymous or authenticated users?  How are you tracking who has access?  What File was leaked how will you find it, and determined who moved, deleted, copied, etc…  What are you using for Auditing? SharePoint Usage Logs and IIS logs are NOT AUDIT LOGS!!!  Default Settings Are NOT Designed for Highly Sensitive Data – MUST CONFIGURE!  Not Encrypted  No Auditing  No Reporting
 Use Reverse Proxy with Content Inspection  Don’t expose SharePoint to the Internet Directly  Lock down Web Services  Use Lockdown Mode (Automatic for Publishing site, but needs activated through STSADM or Powershell for all other site templates)  Penn Testing and Lockdown of unneeded services (SMTP?) and communication Ports  Restrict Firewall to only required ports  Follow SharePointVulnerabilities  http://www.cvedetails.com/vulnerability-list/vendor_id- 26/product_id-11116/Microsoft-Sharepoint-Server.html  Least Priv across the board!  Keep up to date with Service Packs and Significant CUs Patches (N-2 on CUs) Kudos to Liam Cleary SharePoint MVP  http://www.slideshare.net/helloitsliam/think-you- can-hack-sharepoint-sharepoint-fest- dc?from_search=3
Process Technology to Simplify the Process People to Enforce Policies Site Archiving  Ensure Sites are Still being used every 6 months. Backup and Delete unused sites. Fix ownership.  Archiving Process. Invalid Ownership Detection process.  SharePoint Team with regular audits from Infosec.
 1. SharePoint Server & SQL Hardening & Penetration Testing and Intrusion Detection  2. Managing permissions, Site and Library ownership?  3. Data Retention Policy? Site Archiving or Data lifecycle policies?  4. Databases/Sites/Files Encrypted  5. Rights Managed  6. Admins have rights to data?  7. Audit process and tool?  8. Search Exposure? PII  9. Authentication - Just because it's over SSL doesn't mean it's secure. Amazing what can happen inside an SSL Tunnel. Content inspection!  10. Is SharePoint out of the box security and auditing good enough? Should you consider building extra governance around your sites and data for policies or a third party tool?  - See more at: http://www.sharepointjoel.com/Lists/Posts/Post.aspx?List=0cd1a63d%2D183c%2D4fc2%2D8320% 2Dba5369008acb&ID=688#sthash.YTq35lto.dpuf
It’s time to stop hoping something won’t happen… Prepare for it. Governance = putting those plans in place and building trust. SharePoint Out of Box Does NOT address all your auditing and compliance needs for any business critical environment  Consider Third Party or Custom Development  Axceler/Metalogix ControlPoint & Salient6 are here to help Don’t be surprised when you find centralized permissions management a nightmare.You must have policies and cleanup processes.
Joel Oleson @joeloleson SharePointJoel.com Salient6 http://www.salient6.com Christian Buckley @buckleyplanet BuckleyPlanet.com Metalogix.com

Recommended

Instant Security & Scalable User Management with Spring Boot
Instant Security & Scalable User Management with Spring BootInstant Security & Scalable User Management with Spring Boot
Instant Security & Scalable User Management with Spring BootStormpath
 
Deep thoughts from the real world of azure
Deep thoughts from the real world of azureDeep thoughts from the real world of azure
Deep thoughts from the real world of azureMichele Leroux Bustamante
 
Mobile devices and SharePoint
Mobile devices and SharePointMobile devices and SharePoint
Mobile devices and SharePointmaliksahil
 
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasDotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasPlain Concepts
 
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenO365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenNCCOMMS
 
How to Do a Performance Audit of Your .NET Website
How to Do a Performance Audit of Your .NET WebsiteHow to Do a Performance Audit of Your .NET Website
How to Do a Performance Audit of Your .NET WebsiteDNN
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Security Conference
 
Pushing the Boundaries - A Deep-Dive into Real-World SharePoint Add-In and Ap...
Pushing the Boundaries - A Deep-Dive into Real-World SharePoint Add-In and Ap...Pushing the Boundaries - A Deep-Dive into Real-World SharePoint Add-In and Ap...
Pushing the Boundaries - A Deep-Dive into Real-World SharePoint Add-In and Ap...Eric Shupps
 

Recommended

Instant Security & Scalable User Management with Spring Boot
Instant Security & Scalable User Management with Spring BootInstant Security & Scalable User Management with Spring Boot
Instant Security & Scalable User Management with Spring BootStormpath
 
Deep thoughts from the real world of azure
Deep thoughts from the real world of azureDeep thoughts from the real world of azure
Deep thoughts from the real world of azureMichele Leroux Bustamante
 
Mobile devices and SharePoint
Mobile devices and SharePointMobile devices and SharePoint
Mobile devices and SharePointmaliksahil
 
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasDotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasPlain Concepts
 
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenO365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenNCCOMMS
 
How to Do a Performance Audit of Your .NET Website
How to Do a Performance Audit of Your .NET WebsiteHow to Do a Performance Audit of Your .NET Website
How to Do a Performance Audit of Your .NET WebsiteDNN
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Security Conference
 
Pushing the Boundaries - A Deep-Dive into Real-World SharePoint Add-In and Ap...
Pushing the Boundaries - A Deep-Dive into Real-World SharePoint Add-In and Ap...Pushing the Boundaries - A Deep-Dive into Real-World SharePoint Add-In and Ap...
Pushing the Boundaries - A Deep-Dive into Real-World SharePoint Add-In and Ap...Eric Shupps
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Stormpath
 
Share point development 101
Share point development 101Share point development 101
Share point development 101Becky Bertram
 
So you’re building an intranet
So you’re building an intranetSo you’re building an intranet
So you’re building an intranetBecky Bertram
 
Exploring the New Search in SharePoint 2013 - What can you do now?
Exploring the New Search in SharePoint 2013 - What can you do now?Exploring the New Search in SharePoint 2013 - What can you do now?
Exploring the New Search in SharePoint 2013 - What can you do now?Benjamin Niaulin
 
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...DIWUG
 
Introduction to the Office Dev PnP Core Libraries
Introduction to the Office Dev PnP Core LibrariesIntroduction to the Office Dev PnP Core Libraries
Introduction to the Office Dev PnP Core LibrariesEric Shupps
 
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...NCCOMMS
 
Get Some Rest - Taking Advantage of the SharePoint 2013 REST API
Get Some Rest - Taking Advantage of the SharePoint 2013 REST APIGet Some Rest - Taking Advantage of the SharePoint 2013 REST API
Get Some Rest - Taking Advantage of the SharePoint 2013 REST APIEric Shupps
 
SPCAdriatics - Search Administration and Troubleshooting in SharePoint 2013
SPCAdriatics - Search Administration and Troubleshooting in SharePoint 2013SPCAdriatics - Search Administration and Troubleshooting in SharePoint 2013
SPCAdriatics - Search Administration and Troubleshooting in SharePoint 2013Agnes Molnar
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008Caleb Sima
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...NCCOMMS
 
Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Stormpath
 
A Deep-Dive into Real-World SharePoint App Development
A Deep-Dive into Real-World SharePoint App DevelopmentA Deep-Dive into Real-World SharePoint App Development
A Deep-Dive into Real-World SharePoint App DevelopmentSPC Adriatics
 
Making sense of Microsoft Identities in a Hybrid world
Making sense of Microsoft Identities in a Hybrid worldMaking sense of Microsoft Identities in a Hybrid world
Making sense of Microsoft Identities in a Hybrid worldJason Himmelstein
 
Enterprise Content Management in SharePoint 2010 inplace autotagging with ter...
Enterprise Content Management in SharePoint 2010 inplace autotagging with ter...Enterprise Content Management in SharePoint 2010 inplace autotagging with ter...
Enterprise Content Management in SharePoint 2010 inplace autotagging with ter...Ivan Sanders
 
PowerShell for the Anxious ITPro
PowerShell for the Anxious ITProPowerShell for the Anxious ITPro
PowerShell for the Anxious ITProJason Himmelstein
 
SharePoint 2013 apps overview
SharePoint 2013 apps overviewSharePoint 2013 apps overview
SharePoint 2013 apps overviewElie Kash
 
Surviving the Zombie Apocalypse of Connected devices - Jfokus 2013
Surviving the Zombie Apocalypse of Connected devices - Jfokus 2013Surviving the Zombie Apocalypse of Connected devices - Jfokus 2013
Surviving the Zombie Apocalypse of Connected devices - Jfokus 2013Gustaf Nilsson Kotte
 
Are you getting Sleepy. REST in SharePoint Apps
Are you getting Sleepy. REST in SharePoint AppsAre you getting Sleepy. REST in SharePoint Apps
Are you getting Sleepy. REST in SharePoint AppsLiam Cleary [MVP]
 
O365Con18 - Innovate, Connecting Bleeding Edge Technologies - Sjoukje Zaal & ...
O365Con18 - Innovate, Connecting Bleeding Edge Technologies - Sjoukje Zaal & ...O365Con18 - Innovate, Connecting Bleeding Edge Technologies - Sjoukje Zaal & ...
O365Con18 - Innovate, Connecting Bleeding Edge Technologies - Sjoukje Zaal & ...NCCOMMS
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Christian Buckley
 
SharePoint Requires Technical & Content Governance - How to Get Started
SharePoint Requires Technical & Content Governance - How to Get StartedSharePoint Requires Technical & Content Governance - How to Get Started
SharePoint Requires Technical & Content Governance - How to Get StartedChristian Buckley
 

More Related Content

What's hot

Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Stormpath
 
Share point development 101
Share point development 101Share point development 101
Share point development 101Becky Bertram
 
So you’re building an intranet
So you’re building an intranetSo you’re building an intranet
So you’re building an intranetBecky Bertram
 
Exploring the New Search in SharePoint 2013 - What can you do now?
Exploring the New Search in SharePoint 2013 - What can you do now?Exploring the New Search in SharePoint 2013 - What can you do now?
Exploring the New Search in SharePoint 2013 - What can you do now?Benjamin Niaulin
 
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...DIWUG
 
Introduction to the Office Dev PnP Core Libraries
Introduction to the Office Dev PnP Core LibrariesIntroduction to the Office Dev PnP Core Libraries
Introduction to the Office Dev PnP Core LibrariesEric Shupps
 
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...NCCOMMS
 
Get Some Rest - Taking Advantage of the SharePoint 2013 REST API
Get Some Rest - Taking Advantage of the SharePoint 2013 REST APIGet Some Rest - Taking Advantage of the SharePoint 2013 REST API
Get Some Rest - Taking Advantage of the SharePoint 2013 REST APIEric Shupps
 
SPCAdriatics - Search Administration and Troubleshooting in SharePoint 2013
SPCAdriatics - Search Administration and Troubleshooting in SharePoint 2013SPCAdriatics - Search Administration and Troubleshooting in SharePoint 2013
SPCAdriatics - Search Administration and Troubleshooting in SharePoint 2013Agnes Molnar
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...NCCOMMS
 
Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Stormpath
 
A Deep-Dive into Real-World SharePoint App Development
A Deep-Dive into Real-World SharePoint App DevelopmentA Deep-Dive into Real-World SharePoint App Development
A Deep-Dive into Real-World SharePoint App DevelopmentSPC Adriatics
 
Making sense of Microsoft Identities in a Hybrid world
Making sense of Microsoft Identities in a Hybrid worldMaking sense of Microsoft Identities in a Hybrid world
Making sense of Microsoft Identities in a Hybrid worldJason Himmelstein
 
Enterprise Content Management in SharePoint 2010 inplace autotagging with ter...
Enterprise Content Management in SharePoint 2010 inplace autotagging with ter...Enterprise Content Management in SharePoint 2010 inplace autotagging with ter...
Enterprise Content Management in SharePoint 2010 inplace autotagging with ter...Ivan Sanders
 
PowerShell for the Anxious ITPro
PowerShell for the Anxious ITProPowerShell for the Anxious ITPro
PowerShell for the Anxious ITProJason Himmelstein
 
SharePoint 2013 apps overview
SharePoint 2013 apps overviewSharePoint 2013 apps overview
SharePoint 2013 apps overviewElie Kash
 
Surviving the Zombie Apocalypse of Connected devices - Jfokus 2013
Surviving the Zombie Apocalypse of Connected devices - Jfokus 2013Surviving the Zombie Apocalypse of Connected devices - Jfokus 2013
Surviving the Zombie Apocalypse of Connected devices - Jfokus 2013Gustaf Nilsson Kotte
 
Are you getting Sleepy. REST in SharePoint Apps
Are you getting Sleepy. REST in SharePoint AppsAre you getting Sleepy. REST in SharePoint Apps
Are you getting Sleepy. REST in SharePoint AppsLiam Cleary [MVP]
 
O365Con18 - Innovate, Connecting Bleeding Edge Technologies - Sjoukje Zaal & ...
O365Con18 - Innovate, Connecting Bleeding Edge Technologies - Sjoukje Zaal & ...O365Con18 - Innovate, Connecting Bleeding Edge Technologies - Sjoukje Zaal & ...
O365Con18 - Innovate, Connecting Bleeding Edge Technologies - Sjoukje Zaal & ...NCCOMMS
 

What's hot (20)

Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
 
Share point development 101
Share point development 101Share point development 101
Share point development 101
 
So you’re building an intranet
So you’re building an intranetSo you’re building an intranet
So you’re building an intranet
 
Exploring the New Search in SharePoint 2013 - What can you do now?
Exploring the New Search in SharePoint 2013 - What can you do now?Exploring the New Search in SharePoint 2013 - What can you do now?
Exploring the New Search in SharePoint 2013 - What can you do now?
 
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
 
Introduction to the Office Dev PnP Core Libraries
Introduction to the Office Dev PnP Core LibrariesIntroduction to the Office Dev PnP Core Libraries
Introduction to the Office Dev PnP Core Libraries
 
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
 
Get Some Rest - Taking Advantage of the SharePoint 2013 REST API
Get Some Rest - Taking Advantage of the SharePoint 2013 REST APIGet Some Rest - Taking Advantage of the SharePoint 2013 REST API
Get Some Rest - Taking Advantage of the SharePoint 2013 REST API
 
SPCAdriatics - Search Administration and Troubleshooting in SharePoint 2013
SPCAdriatics - Search Administration and Troubleshooting in SharePoint 2013SPCAdriatics - Search Administration and Troubleshooting in SharePoint 2013
SPCAdriatics - Search Administration and Troubleshooting in SharePoint 2013
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
 
Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Spring Boot Authentication...and More!
Spring Boot Authentication...and More!
 
A Deep-Dive into Real-World SharePoint App Development
A Deep-Dive into Real-World SharePoint App DevelopmentA Deep-Dive into Real-World SharePoint App Development
A Deep-Dive into Real-World SharePoint App Development
 
Making sense of Microsoft Identities in a Hybrid world
Making sense of Microsoft Identities in a Hybrid worldMaking sense of Microsoft Identities in a Hybrid world
Making sense of Microsoft Identities in a Hybrid world
 
Enterprise Content Management in SharePoint 2010 inplace autotagging with ter...
Enterprise Content Management in SharePoint 2010 inplace autotagging with ter...Enterprise Content Management in SharePoint 2010 inplace autotagging with ter...
Enterprise Content Management in SharePoint 2010 inplace autotagging with ter...
 
PowerShell for the Anxious ITPro
PowerShell for the Anxious ITProPowerShell for the Anxious ITPro
PowerShell for the Anxious ITPro
 
SharePoint 2013 apps overview
SharePoint 2013 apps overviewSharePoint 2013 apps overview
SharePoint 2013 apps overview
 
Surviving the Zombie Apocalypse of Connected devices - Jfokus 2013
Surviving the Zombie Apocalypse of Connected devices - Jfokus 2013Surviving the Zombie Apocalypse of Connected devices - Jfokus 2013
Surviving the Zombie Apocalypse of Connected devices - Jfokus 2013
 
Are you getting Sleepy. REST in SharePoint Apps
Are you getting Sleepy. REST in SharePoint AppsAre you getting Sleepy. REST in SharePoint Apps
Are you getting Sleepy. REST in SharePoint Apps
 
O365Con18 - Innovate, Connecting Bleeding Edge Technologies - Sjoukje Zaal & ...
O365Con18 - Innovate, Connecting Bleeding Edge Technologies - Sjoukje Zaal & ...O365Con18 - Innovate, Connecting Bleeding Edge Technologies - Sjoukje Zaal & ...
O365Con18 - Innovate, Connecting Bleeding Edge Technologies - Sjoukje Zaal & ...
 

Similar to Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley

Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Christian Buckley
 
SharePoint Requires Technical & Content Governance - How to Get Started
SharePoint Requires Technical & Content Governance - How to Get StartedSharePoint Requires Technical & Content Governance - How to Get Started
SharePoint Requires Technical & Content Governance - How to Get StartedChristian Buckley
 
Create a Compliance Strategy for Office 365
Create a Compliance Strategy for Office 365Create a Compliance Strategy for Office 365
Create a Compliance Strategy for Office 365Erica Toelle
 
10 Things You'll Need to Succeed with Information Governance and SharePoint
10 Things You'll Need to Succeed with Information Governance and SharePoint10 Things You'll Need to Succeed with Information Governance and SharePoint
10 Things You'll Need to Succeed with Information Governance and SharePointRecordLion
 
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information SecurityFerraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Securitymferraz
 
Planning Your Migration to SharePoint Online #SPBiz60
Planning Your Migration to SharePoint Online #SPBiz60Planning Your Migration to SharePoint Online #SPBiz60
Planning Your Migration to SharePoint Online #SPBiz60Christian Buckley
 
David Max SATURN 2018 - Handling Personal Information in LinkedIn's Content I...
David Max SATURN 2018 - Handling Personal Information in LinkedIn's Content I...David Max SATURN 2018 - Handling Personal Information in LinkedIn's Content I...
David Max SATURN 2018 - Handling Personal Information in LinkedIn's Content I...David Max
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedAntonioMaio2
 
What the #$* is a Business Catalog and why you need it
What the #$* is a Business Catalog and why you need it What the #$* is a Business Catalog and why you need it
What the #$* is a Business Catalog and why you need it DataWorks Summit/Hadoop Summit
 
Real World Challenges in Enterprise Search
Real World Challenges in Enterprise SearchReal World Challenges in Enterprise Search
Real World Challenges in Enterprise SearchAgnes Molnar
 
Ferraz Ia252 Developing An Information Architecture
Ferraz Ia252 Developing An Information ArchitectureFerraz Ia252 Developing An Information Architecture
Ferraz Ia252 Developing An Information Architecturemferraz
 
Give Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalGive Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalAscendum Solutions
 
Sharepoint information-architecture
Sharepoint information-architectureSharepoint information-architecture
Sharepoint information-architectureanithaagr
 
Eliminating End User Tagging – Minimizing Organizational Risk and Improving B...
Eliminating End User Tagging – Minimizing Organizational Risk and Improving B...Eliminating End User Tagging – Minimizing Organizational Risk and Improving B...
Eliminating End User Tagging – Minimizing Organizational Risk and Improving B...Concept Searching, Inc
 
SIKM Boston - Making Secured Content Discoverable in SharePoint
SIKM Boston - Making Secured Content Discoverable in SharePointSIKM Boston - Making Secured Content Discoverable in SharePoint
SIKM Boston - Making Secured Content Discoverable in SharePointJonathan Ralton
 
SharePoint and GDPR Compliance
SharePoint and GDPR Compliance SharePoint and GDPR Compliance
SharePoint and GDPR Compliance SysKit Ltd
 
Governance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I StartGovernance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I StartStacy Deere
 
ESDDC - Making Secured Content Discoverable in SharePoint
ESDDC - Making Secured Content Discoverable in SharePointESDDC - Making Secured Content Discoverable in SharePoint
ESDDC - Making Secured Content Discoverable in SharePointJonathan Ralton
 
SharePoint 2013 governance model
SharePoint 2013 governance modelSharePoint 2013 governance model
SharePoint 2013 governance modelYash Goley
 
SharePoint Governance 101 SPSSA2016
SharePoint Governance 101 SPSSA2016SharePoint Governance 101 SPSSA2016
SharePoint Governance 101 SPSSA2016Jim Adcock
 

Similar to Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley (20)

Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
 
SharePoint Requires Technical & Content Governance - How to Get Started
SharePoint Requires Technical & Content Governance - How to Get StartedSharePoint Requires Technical & Content Governance - How to Get Started
SharePoint Requires Technical & Content Governance - How to Get Started
 
Create a Compliance Strategy for Office 365
Create a Compliance Strategy for Office 365Create a Compliance Strategy for Office 365
Create a Compliance Strategy for Office 365
 
10 Things You'll Need to Succeed with Information Governance and SharePoint
10 Things You'll Need to Succeed with Information Governance and SharePoint10 Things You'll Need to Succeed with Information Governance and SharePoint
10 Things You'll Need to Succeed with Information Governance and SharePoint
 
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information SecurityFerraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
 
Planning Your Migration to SharePoint Online #SPBiz60
Planning Your Migration to SharePoint Online #SPBiz60Planning Your Migration to SharePoint Online #SPBiz60
Planning Your Migration to SharePoint Online #SPBiz60
 
David Max SATURN 2018 - Handling Personal Information in LinkedIn's Content I...
David Max SATURN 2018 - Handling Personal Information in LinkedIn's Content I...David Max SATURN 2018 - Handling Personal Information in LinkedIn's Content I...
David Max SATURN 2018 - Handling Personal Information in LinkedIn's Content I...
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 published
 
What the #$* is a Business Catalog and why you need it
What the #$* is a Business Catalog and why you need it What the #$* is a Business Catalog and why you need it
What the #$* is a Business Catalog and why you need it
 
Real World Challenges in Enterprise Search
Real World Challenges in Enterprise SearchReal World Challenges in Enterprise Search
Real World Challenges in Enterprise Search
 
Ferraz Ia252 Developing An Information Architecture
Ferraz Ia252 Developing An Information ArchitectureFerraz Ia252 Developing An Information Architecture
Ferraz Ia252 Developing An Information Architecture
 
Give Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalGive Your SharePoint Site a Physical
Give Your SharePoint Site a Physical
 
Sharepoint information-architecture
Sharepoint information-architectureSharepoint information-architecture
Sharepoint information-architecture
 
Eliminating End User Tagging – Minimizing Organizational Risk and Improving B...
Eliminating End User Tagging – Minimizing Organizational Risk and Improving B...Eliminating End User Tagging – Minimizing Organizational Risk and Improving B...
Eliminating End User Tagging – Minimizing Organizational Risk and Improving B...
 
SIKM Boston - Making Secured Content Discoverable in SharePoint
SIKM Boston - Making Secured Content Discoverable in SharePointSIKM Boston - Making Secured Content Discoverable in SharePoint
SIKM Boston - Making Secured Content Discoverable in SharePoint
 
SharePoint and GDPR Compliance
SharePoint and GDPR Compliance SharePoint and GDPR Compliance
SharePoint and GDPR Compliance
 
Governance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I StartGovernance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I Start
 
ESDDC - Making Secured Content Discoverable in SharePoint
ESDDC - Making Secured Content Discoverable in SharePointESDDC - Making Secured Content Discoverable in SharePoint
ESDDC - Making Secured Content Discoverable in SharePoint
 
SharePoint 2013 governance model
SharePoint 2013 governance modelSharePoint 2013 governance model
SharePoint 2013 governance model
 
SharePoint Governance 101 SPSSA2016
SharePoint Governance 101 SPSSA2016SharePoint Governance 101 SPSSA2016
SharePoint Governance 101 SPSSA2016
 

More from Joel Oleson

Introduction to Microsoft Viva and the Employee Experience Platform with Joel...
Introduction to Microsoft Viva and the Employee Experience Platform with Joel...Introduction to Microsoft Viva and the Employee Experience Platform with Joel...
Introduction to Microsoft Viva and the Employee Experience Platform with Joel...Joel Oleson
 
Vivafy your SharePoint intranet in Microsoft Teams with Viva Connections
Vivafy your SharePoint intranet in Microsoft Teams with Viva ConnectionsVivafy your SharePoint intranet in Microsoft Teams with Viva Connections
Vivafy your SharePoint intranet in Microsoft Teams with Viva ConnectionsJoel Oleson
 
Viva Enhanced Teams as a Platform
Viva Enhanced Teams as a PlatformViva Enhanced Teams as a Platform
Viva Enhanced Teams as a PlatformJoel Oleson
 
Microsoft Teams Webinars - PowerPoint Live Presentation Mode and More
Microsoft Teams Webinars - PowerPoint Live Presentation Mode and MoreMicrosoft Teams Webinars - PowerPoint Live Presentation Mode and More
Microsoft Teams Webinars - PowerPoint Live Presentation Mode and MoreJoel Oleson
 
Microsoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel OlesonMicrosoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel OlesonJoel Oleson
 
Intelligent Content Enrichment using Microsoft SharePoint Syntex and Viva Top...
Intelligent Content Enrichment using Microsoft SharePoint Syntex and Viva Top...Intelligent Content Enrichment using Microsoft SharePoint Syntex and Viva Top...
Intelligent Content Enrichment using Microsoft SharePoint Syntex and Viva Top...Joel Oleson
 
SharePoint Syntex 5 Practical Uses
SharePoint Syntex 5 Practical UsesSharePoint Syntex 5 Practical Uses
SharePoint Syntex 5 Practical UsesJoel Oleson
 
Slice up your Microsoft 365 Tenant with Administrative Units
Slice up your Microsoft 365 Tenant with Administrative UnitsSlice up your Microsoft 365 Tenant with Administrative Units
Slice up your Microsoft 365 Tenant with Administrative UnitsJoel Oleson
 
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...Joel Oleson
 
Microsoft Teams as a Platform - Microsoft 365 Application Platform Maturity M...
Microsoft Teams as a Platform - Microsoft 365 Application Platform Maturity M...Microsoft Teams as a Platform - Microsoft 365 Application Platform Maturity M...
Microsoft Teams as a Platform - Microsoft 365 Application Platform Maturity M...Joel Oleson
 
Microsoft Teams Governance Quickstart - The Experts Conference
Microsoft Teams Governance Quickstart - The Experts ConferenceMicrosoft Teams Governance Quickstart - The Experts Conference
Microsoft Teams Governance Quickstart - The Experts ConferenceJoel Oleson
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 
Security Hardening Microsoft 365 Tools and Techniques
Security Hardening Microsoft 365 Tools and TechniquesSecurity Hardening Microsoft 365 Tools and Techniques
Security Hardening Microsoft 365 Tools and TechniquesJoel Oleson
 
TeamsFest - Microsoft Teams as an Event Platform: Case Study for Large Scale ...
TeamsFest - Microsoft Teams as an Event Platform: Case Study for Large Scale ...TeamsFest - Microsoft Teams as an Event Platform: Case Study for Large Scale ...
TeamsFest - Microsoft Teams as an Event Platform: Case Study for Large Scale ...Joel Oleson
 
Microsoft Teams Governance and Automation
Microsoft Teams Governance and AutomationMicrosoft Teams Governance and Automation
Microsoft Teams Governance and AutomationJoel Oleson
 
Travel Trivia - World Travelers - Hosted by Joel Oleson
Travel Trivia - World Travelers - Hosted by Joel OlesonTravel Trivia - World Travelers - Hosted by Joel Oleson
Travel Trivia - World Travelers - Hosted by Joel OlesonJoel Oleson
 
Decisions: SharePoint 2010 Workflows to SharePoint Online to Power Automate D...
Decisions: SharePoint 2010 Workflows to SharePoint Online to Power Automate D...Decisions: SharePoint 2010 Workflows to SharePoint Online to Power Automate D...
Decisions: SharePoint 2010 Workflows to SharePoint Online to Power Automate D...Joel Oleson
 
Microsoft Teams Live Events - Producing Large Scale Events Case Study
Microsoft Teams Live Events - Producing Large Scale Events Case StudyMicrosoft Teams Live Events - Producing Large Scale Events Case Study
Microsoft Teams Live Events - Producing Large Scale Events Case StudyJoel Oleson
 
Microsoft Groups Demystified: 5 Keys to Successful Group Management
Microsoft Groups Demystified: 5 Keys to Successful Group Management Microsoft Groups Demystified: 5 Keys to Successful Group Management
Microsoft Groups Demystified: 5 Keys to Successful Group Management Joel Oleson
 
7 Innovative Ways Project Cortex Delivers Business Value
7 Innovative Ways Project Cortex Delivers Business Value7 Innovative Ways Project Cortex Delivers Business Value
7 Innovative Ways Project Cortex Delivers Business ValueJoel Oleson
 

More from Joel Oleson (20)

Introduction to Microsoft Viva and the Employee Experience Platform with Joel...
Introduction to Microsoft Viva and the Employee Experience Platform with Joel...Introduction to Microsoft Viva and the Employee Experience Platform with Joel...
Introduction to Microsoft Viva and the Employee Experience Platform with Joel...
 
Vivafy your SharePoint intranet in Microsoft Teams with Viva Connections
Vivafy your SharePoint intranet in Microsoft Teams with Viva ConnectionsVivafy your SharePoint intranet in Microsoft Teams with Viva Connections
Vivafy your SharePoint intranet in Microsoft Teams with Viva Connections
 
Viva Enhanced Teams as a Platform
Viva Enhanced Teams as a PlatformViva Enhanced Teams as a Platform
Viva Enhanced Teams as a Platform
 
Microsoft Teams Webinars - PowerPoint Live Presentation Mode and More
Microsoft Teams Webinars - PowerPoint Live Presentation Mode and MoreMicrosoft Teams Webinars - PowerPoint Live Presentation Mode and More
Microsoft Teams Webinars - PowerPoint Live Presentation Mode and More
 
Microsoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel OlesonMicrosoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel Oleson
 
Intelligent Content Enrichment using Microsoft SharePoint Syntex and Viva Top...
Intelligent Content Enrichment using Microsoft SharePoint Syntex and Viva Top...Intelligent Content Enrichment using Microsoft SharePoint Syntex and Viva Top...
Intelligent Content Enrichment using Microsoft SharePoint Syntex and Viva Top...
 
SharePoint Syntex 5 Practical Uses
SharePoint Syntex 5 Practical UsesSharePoint Syntex 5 Practical Uses
SharePoint Syntex 5 Practical Uses
 
Slice up your Microsoft 365 Tenant with Administrative Units
Slice up your Microsoft 365 Tenant with Administrative UnitsSlice up your Microsoft 365 Tenant with Administrative Units
Slice up your Microsoft 365 Tenant with Administrative Units
 
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
 
Microsoft Teams as a Platform - Microsoft 365 Application Platform Maturity M...
Microsoft Teams as a Platform - Microsoft 365 Application Platform Maturity M...Microsoft Teams as a Platform - Microsoft 365 Application Platform Maturity M...
Microsoft Teams as a Platform - Microsoft 365 Application Platform Maturity M...
 
Microsoft Teams Governance Quickstart - The Experts Conference
Microsoft Teams Governance Quickstart - The Experts ConferenceMicrosoft Teams Governance Quickstart - The Experts Conference
Microsoft Teams Governance Quickstart - The Experts Conference
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 
Security Hardening Microsoft 365 Tools and Techniques
Security Hardening Microsoft 365 Tools and TechniquesSecurity Hardening Microsoft 365 Tools and Techniques
Security Hardening Microsoft 365 Tools and Techniques
 
TeamsFest - Microsoft Teams as an Event Platform: Case Study for Large Scale ...
TeamsFest - Microsoft Teams as an Event Platform: Case Study for Large Scale ...TeamsFest - Microsoft Teams as an Event Platform: Case Study for Large Scale ...
TeamsFest - Microsoft Teams as an Event Platform: Case Study for Large Scale ...
 
Microsoft Teams Governance and Automation
Microsoft Teams Governance and AutomationMicrosoft Teams Governance and Automation
Microsoft Teams Governance and Automation
 
Travel Trivia - World Travelers - Hosted by Joel Oleson
Travel Trivia - World Travelers - Hosted by Joel OlesonTravel Trivia - World Travelers - Hosted by Joel Oleson
Travel Trivia - World Travelers - Hosted by Joel Oleson
 
Decisions: SharePoint 2010 Workflows to SharePoint Online to Power Automate D...
Decisions: SharePoint 2010 Workflows to SharePoint Online to Power Automate D...Decisions: SharePoint 2010 Workflows to SharePoint Online to Power Automate D...
Decisions: SharePoint 2010 Workflows to SharePoint Online to Power Automate D...
 
Microsoft Teams Live Events - Producing Large Scale Events Case Study
Microsoft Teams Live Events - Producing Large Scale Events Case StudyMicrosoft Teams Live Events - Producing Large Scale Events Case Study
Microsoft Teams Live Events - Producing Large Scale Events Case Study
 
Microsoft Groups Demystified: 5 Keys to Successful Group Management
Microsoft Groups Demystified: 5 Keys to Successful Group Management Microsoft Groups Demystified: 5 Keys to Successful Group Management
Microsoft Groups Demystified: 5 Keys to Successful Group Management
 
7 Innovative Ways Project Cortex Delivers Business Value
7 Innovative Ways Project Cortex Delivers Business Value7 Innovative Ways Project Cortex Delivers Business Value
7 Innovative Ways Project Cortex Delivers Business Value
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 

Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley

  • 1. Joel Oleson Managing Director of S6 @joeloleson http://sharepointjoel.com Christian Buckley Evangelist at Axceler Now Metalogix @Buckleyplanet
  • 2.
  • 3. NSA Recap Real World SharePoint Permissions & Auditing Time for an Audit SharePoint Lockdown & Hardening Time to Review Data Policies Tools to Automate Enforce & Report
  • 4.
  • 5.
  • 6. "This leaker was a sysadmin who was trusted with moving the information to actually make sure that the right information was on the SharePoint servers that NSA Hawaii needed," NSA Chief Alexander The leaks represented "a huge break in trust and confidence“ … They still don’t know what was taken…
  • 7.
  • 8.
  • 9.  Users CAN NOT tell what permissions/RIGHTS are on the site they are uploading documents to.  Search EXPOSES documents from EVERYWHERE  DATA is not ENCYPTED by default  30% or more Site Owners have left or moved jobs  More than half of sites after 3 years are Abandoned  No cleanup of permissions, easier to add groups and authenticated users  Most sensitive sites are in the site directory and in enterprise search  All data is stored in the same databases  Result: People didn’t TRUST SharePoint. Sensitive data is exposed to search and users have rights to content they shouldn’t. INFOSEC says “SHUT IT DOWN!”
  • 10. Permissions Troubleshooting why users cannot see the content they should Reporting for different types of compliance Auditing who has access to sensitive content Usage/Activity Finding what content is, or is not, being used Planning for future growth Understanding hardware requirements Storage Monitoring growth for performance reasons Understanding hardware requirements Reorganizing taxonomy based on Storage needs Audit Needing to show who accessed what and when, to adhere to internal or external compliance requirements Performance Monitoring page load times to uncover problems Planning for increased usage
  • 11. • Auditing • User access records • Troubleshooting functionality problems that most commonly stem from end users trying to perform a task without having the correct permissions.
  • 12.  Perform regular security checks across your farm, down to the document level  Proactively review, delete, and reassign user permissions as needed  Clean up users who are no longer in Active Directory but are in SharePoint  Review SharePoint groups  Have a process to backup and restore permissions  Document site permissions (roles) so that its easier to duplicate them for new employees  Monitor SharePoint licensing
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.  GlobalWorkforce (LOW)– Open to all Authenticated users. Listed in directories, boosted in search when relevant, cheap storage, flexible archiving policies. Published and Mobile Accessible.  Team/Group Sensitive (MEDIUM) – Secured to a team or group. No permitted use of Authenticated users at top site collection level, not listed in global site directory. Security trimmed and included in enterprise search. Cheap storage. Published and Mobile Accessible.  Classified/Business Confidential (HIGH) – Stored in separate encrypted databases in separate data center as policy permits. Limited security to sysadmins, regularly audited and restricted to named accounts, no security groups, only reliable and trusted. Regular permissions audit report sent to site administrators, Not included in Enterprise search, Not included in any directories. No use of Auth Users at any level.VPN Only No external publishing. Auditing activated. Any changes to permissions or auditing reported immediately.
  • 27.
  • 28.
  • 29.
  • 30.  Who has Admin rights to your SharePoint & SQL or External Storage servers?  What sites have open access anonymous or authenticated users?  How are you tracking who has access?  What File was leaked how will you find it, and determined who moved, deleted, copied, etc…  What are you using for Auditing? SharePoint Usage Logs and IIS logs are NOT AUDIT LOGS!!!  Default Settings Are NOT Designed for Highly Sensitive Data – MUST CONFIGURE!  Not Encrypted  No Auditing  No Reporting
  • 31.  Use Reverse Proxy with Content Inspection  Don’t expose SharePoint to the Internet Directly  Lock down Web Services  Use Lockdown Mode (Automatic for Publishing site, but needs activated through STSADM or Powershell for all other site templates)  Penn Testing and Lockdown of unneeded services (SMTP?) and communication Ports  Restrict Firewall to only required ports  Follow SharePointVulnerabilities  http://www.cvedetails.com/vulnerability-list/vendor_id- 26/product_id-11116/Microsoft-Sharepoint-Server.html  Least Priv across the board!  Keep up to date with Service Packs and Significant CUs Patches (N-2 on CUs) Kudos to Liam Cleary SharePoint MVP  http://www.slideshare.net/helloitsliam/think-you- can-hack-sharepoint-sharepoint-fest- dc?from_search=3
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41. Process Technology to Simplify the Process People to Enforce Policies Site Archiving  Ensure Sites are Still being used every 6 months. Backup and Delete unused sites. Fix ownership.  Archiving Process. Invalid Ownership Detection process.  SharePoint Team with regular audits from Infosec.
  • 42.  1. SharePoint Server & SQL Hardening & Penetration Testing and Intrusion Detection  2. Managing permissions, Site and Library ownership?  3. Data Retention Policy? Site Archiving or Data lifecycle policies?  4. Databases/Sites/Files Encrypted  5. Rights Managed  6. Admins have rights to data?  7. Audit process and tool?  8. Search Exposure? PII  9. Authentication - Just because it's over SSL doesn't mean it's secure. Amazing what can happen inside an SSL Tunnel. Content inspection!  10. Is SharePoint out of the box security and auditing good enough? Should you consider building extra governance around your sites and data for policies or a third party tool?  - See more at: http://www.sharepointjoel.com/Lists/Posts/Post.aspx?List=0cd1a63d%2D183c%2D4fc2%2D8320% 2Dba5369008acb&ID=688#sthash.YTq35lto.dpuf
  • 43. It’s time to stop hoping something won’t happen… Prepare for it. Governance = putting those plans in place and building trust. SharePoint Out of Box Does NOT address all your auditing and compliance needs for any business critical environment  Consider Third Party or Custom Development  Axceler/Metalogix ControlPoint & Salient6 are here to help Don’t be surprised when you find centralized permissions management a nightmare.You must have policies and cleanup processes.
  • 44. Joel Oleson @joeloleson SharePointJoel.com Salient6 http://www.salient6.com Christian Buckley @buckleyplanet BuckleyPlanet.com Metalogix.com