SharePoint Security Playbook [eBook]


Published on

The SharePoint Security Playbook [eBook] outlines the five lines of defense you need to secure your SharePoint environment from both internal and external threats.

Published in: Technology, News & Politics
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

SharePoint Security Playbook [eBook]

  1. SharePoint Security Playbook 5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit
  2. ContentsIT’S TIME TO THINK ABOUT SHAREPOINT SECURITYChallenge 1: Ensure access rights remain aligned with business needsChallenge 2: Address compliance mandatesChallenge 3: Respond to suspicious activity in real timeChallenge 4: Protect Web applications from attackChallenge 5: Take control when migrating dataConclusion: SharePoint Security ChecklistABOUT IMPERVA SharePoint Security Resource Kit
  3. It’s Time to Think about SharePoint SecurityThe increasing use of Microsoft SharePoint to store sensitive business data and extendaccess and collaboration to partners, customers, and suppliers has outpaced native SharePointsecurity capabilities. More and more organizations are storing and accessing sensitive, regulatedinformation through this platform. To improve business security, organizations must invest inorganizing, managing, and protecting these valuable assets. By implementing the five lines ofdefense outlined in this playbook, you will be able to overcome operational challenges andprotect your SharePoint deployments against both internal and external threats. SharePoint Security Resource Kit
  4. CHALLENGE #1Ensure access rights remainaligned with business needs.“ Unstructured data now accounts for SharePoint Security Gap Without an aggregated, centralized system to view rights information, SharePoint permissions for each site collection must first be extracted to an Excel spreadsheet and then more than 90% of combined by hand to analyze. And, that analysis must be ” done manually within Excel or exported – yet again – to a the Digital Universe. third-party analytics platform. -IDC 2011 SharePoint Security Resource Kit
  5. CHALLENGE #1 Ensure access rights remain aligned with business needs.The Play The AdvantageAggregate permissions across the entire SharePoint deployment and - Understand who has access to what data or, conversely, what data any givenautomate the review process to keep rights aligned with business needs. user or group can access, and how that access was assigned or inherited. - Simplify the process of identifying where excessive access rights have been granted, if there are dormant users, and who owns each item and document. - Help administrators and data owners establish a baseline snapshot of access rights and conduct rights reviews. SharePoint Security Resource Kit
  6. CHALLENGE #2Address compliance mandates.“ 60% of organizations have yet to bring SharePoint SharePoint Security Gap Native SharePoint activity monitoring lacks an intuitive, easy-to-use interface for reporting and analytics. Without a third-party solution, businesses must first decode into line with existing data SharePoint’s internal representation of log data before ” they can access meaningful information. compliance policies. -AIIM 2011 SharePoint Security Resource Kit
  7. CHALLENGE #2 Address compliance mandates.The Play The AdvantageUse enterprise-class technology that combines permissions and activity - Generate compliance reports on-time and tailored to each recipient’s needs.details to automate compliance reporting. - Drill down, filter, and organize data. - Enrich native data with relevant information, such as type of data, department, and data owner. SharePoint Security Resource Kit
  8. CHALLENGE #3Respond to suspiciousactivity in real time.“ 96% of breaches were avoidable through SharePoint Security Gap Native SharePoint activity auditing does not provide the ability to automatically analyze access activity and respond with an alert or block. simple or intermediate controls. ” -Verizon Data Breach Report 2011 SharePoint Security Resource Kit
  9. CHALLENGE #3 Respond to suspicious activity in real time. ?!The Play The AdvantageUse a policy framework to build rules across SharePoint’s Web, - Monitor, control, and respond to suspicious activity in real time.file, and database components to identify suspicious behavior and - Balance the need for trust and openness with security concerns.complement native access controls. SharePoint Security Resource Kit
  10. CHALLENGE #4Protect Web applicationsfrom attack.“ 31% of organizations are using SharePoint for externally facing SharePoint Security Gap Native SharePoint does not include Web application firewall protection. Web sites, and another 47% are planning to do so. ” -Forrester Research, Inc. 2011 SharePoint Security Resource Kit
  11. CHALLENGE #4 Protect Web applications from attack. Keep Out (PLEASE) ADMIN DATABASE SharePointThe Play The AdvantageDeploy a proven Web application firewall (WAF) technology. - Provide a powerful defense against common attacks, such as SQL injection and cross-site scripting. - Streamline and automate regulatory compliance. - Mitigate data risk. SharePoint Security Resource Kit
  12. CHALLENGE #5Take control whenmigrating data.“ SharePoint 2010 deployments grew SharePoint Security Gap SharePoint enforces access controls for files using Access Control Lists (ACLs). What makes native permissions challenging, however, is that SharePoint 5x in the past lacks an automated way to ensure that ACLs remain ” aligned with business needs. six months. -Global 360 2011 SharePoint Security Resource Kit
  13. CHALLENGE #5 Take control when migrating data.The Play The AdvantageIdentify where excessive access rights have been granted, and use file - Keep rights aligned with business needs.activity monitoring to locate stale data that can be archived or deleted. - Free up storage space and reduce the amount of data that must be actively managed. SharePoint Security Resource Kit
  14. SharePoint Security ChecklistJump start your Microsoft SharePoint security efforts with this quick reference guideGet ahead of all SharePoint deployments Protect Web sites from external attack Implement a SharePoint governance policy Identify SharePoint Web applications that work with sensitive data Put security requirements in place when SharePoint instances go live Deploy a Web application firewall to monitor and protect sensitive SharePoint Look beyond native SharePoint security features Web sites, portals, and intranets Specify what kind of information can be put on SharePoint Respond to suspicious activity such as external users accessing admin pagesConcentrate on business-critical assets first Enable auditing for compliance and forensics Start with regulated, employee, or proprietary data, Who owns this data? and intellectual property Who accessed this data? Streamline access to a “business need-to-know” level When and what did they access? Identify and clean up dormant users and stale data Have there been repeated failed login attempts? Alert on unauthorized access Establish a regular review cycle for dormant users, stale data, and excessive rightsWork with data owners to manage user access Locate data owners Create permission reports so data owners have visibility into who can access their data Validate with owners that access to data is legitimate Create usage reports so owners can see who is accessing their data SharePoint Security Resource Kit
  15. About Imperva Imperva data security solutions provide visibility and control of high-value business data across critical systems within the data center. Imperva SecureSphere includes database, file, and Web application security solutions that prioritize and mitigate risks to business data, protect against hackers and malicious insiders, and streamline regulatory compliance. Find Us on the Web | Contact Us Direct | Read our Blog | Facebook | Twitter | SlideShare | YouTube Imperva Headquarters 3400 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 Tel: +1-650-345-9000 Fax: +1-650-345-9004 Toll Free (U.S. only): +1-866-926-4678 SharePoint Security Resource Kit© Copyright 2012 Imperva, Inc. All rights reserved. Imperva, the Imperva logo and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.