Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
! 
! 
by Benjamin Niaulin, 
a SharePoint GEEK 
@bniaulin 
share-gate.com/blog
WHY ARE WE 
HERE TODAY?
A recent study by Emedia, covered in full 
by InfoSecurity magazine in February 2013, 
found that 
only about one-third of...
EDWARD 
SNOWDEN
I HAVE 
FULL CONTROL
BUT NOW I 
LOST CONTROL
“I SWEAR I 
DIDN’T DELETE 
THE LIBRARY 
BUT NOW IT’S 
GONE”
WHO HAS 
ACCESS TO 
WHAT?
“WE DON’T PUT 
SENSITIVE DATA IN 
SHAREPOINT! WE STORE 
THEM IN ANOTHER 
SYSTEM WHERE WE LIMIT 
ACCESS AND PASSWORD 
ENCRY...
“UMMM…. 
I REMOVED 
MYSELF AS AN 
ADMINISTRATOR 
OF THE SITE”
“MY SHAREPOINT IS SO SLOW…”
HOW DO YOU MANAGE SECURITY 
ON SO MANY DIFFERENT THINGS? 
(SHAREPOINT, OFFICE 365, 
ONEDRIVE FOR BUSINESS)
SO HOW CAN WE GET STARTED 
AND LEARN FROM OUR PAST 
EXPERIENCE?
FIRST, 
GET TO KNOW 
SHAREPOINT
AND UNDERSTAND 
THAT NOT 
EVERYTHING CAN 
BE ASSIGNED 
SECURITY
SITES
LISTS/LIBRARIES 
FOLDERS / DOCUMENTS / ITEMS
NO YOU CANNOT 
PUT SECURITY ON 
YOUR SHAREPOINT 
VIEWS
AND IT’S THE 
SAME FOR YOUR 
COLUMNS AND 
CONTENT TYPES
BUT HOW DOES IT 
ALL WORK? 
INHERIT PERMISSIONS? 
BREAK INHERITANCE?
INHERITED PERMISSIONS 
SITE COLLECTIONS 
SITES 
CHILD SITES 
LISTS & LIBRARIES 
FOLDERS 
ITEMS & DOCUMENTS 
BY DEFAULT 
Im...
SITE COLLECTIONS 
SITES 
CHILD SITES 
LISTS & LIBRARIES 
FOLDERS 
ITEMS & DOCUMENTS 
BREAK INHERITANCE 
Image inspired by ...
SITE COLLECTIONS 
SITES 
CHILD SITES 
LISTS & LIBRARIES 
FOLDERS 
ITEMS & DOCUMENTS 
BREAK INHERITANCE 
Image inspired by ...
LIMI TED ACCESS FAMOUS 
WHY IS IT 
EVERYWHERE AND 
CAN YOU DELETE IT?
EDIT 
VS 
CONTRIBUTE
BUT BE CAREFUL WITH 
ASSIGNING PERMISSIONS 
EVERYWHERE
Permissions and Security Scopes 
• Every time permission inheritance is 
broken a new security scope is created 
• Securit...
LESSON #1 
DON’T GIVE 
FULL CONTROL 
TO EVERYONE
THEN HOW IS ACCESS 
GIVEN TO PEOPLE 
EXACTLY?
SP GROUPS VS AD GROUPS 
CHANGING MEMBERS OF SP GROUPS WILL LAUNCH A FULL CRAWL AT 
NEXT PASS TO CALCULATE ACLs 
MSDN Secur...
LESSON #2 
ALWAYS USE AD 
GROUPS WHEN 
POSSIBLE
UNDERSTAND 
THE SETTINGS
LESSON #3 
NEVER GRANT 
PERMISSIONS 
DIRECTLY TO A 
USER
“HEY ANTONIO, 
CAN YOU TELL ME 
WHAT BENJAMIN 
HAS ACCESS TO IN 
OUR SHAREPOINT?”
…
OK… 
YOU CAN AT LEAST 
TELL ME ALL THE 
EXTERNAL USERS 
THAT HAVE 
ACCESS RIGHT? 
SIGH…
WHAT YOU WILL 
NEED IS 
Governance 
http://en.share-gate.com/blog/real-world-sharepoint-governance-plan
but keep it simple. 
it’s a set of rules and guidelines to help, no one is going to 
read that 27 page PDF
AND THE NEW “SHARE” 
WILL NOT MAKE IT EASY 
TO MANAGE AND CONTROL
THAT’S WHY 
SOME TRAINING 
IS IMPORTANT
REAL TRAINING! 
NOT A PAMPHLET 
IN-CLASS | SELF-SERVICE VIDEOS 
| DOCUMENTATION | 
PROVIDE A TRAINING KIT FOR NEW SITE OWN...
MAYBE A GOOD TIME TO 
LEVERAGE OFFICE 365 VIDEO?
LESSON #4 
HELP THEM 
UNDERSTAND 
WHY ITEM-LEVEL 
PERMISSION IS 
BAD
IN SHAREPOINT, 
YOU DON’T SEE 
WHAT YOU 
DON’T HAVE 
ACCESS TO
BUT YOU SEE EVERYTHING YOU HAVE 
ACCESS TO WITH SEARCH. 
PROPERLY PLAN THE ACCOUNTS YOU WILL 
USE TO INDEX SHAREPOINT AS W...
AND OF COURSE 
IT GOES BEYOND 
WHAT WE SAW 
TODAY
« Google the words ‘View All 
Site Content’ see what 
happens » 
-Sean Wallbridge 
ANONYMOUS ACCESS AND 
THE EXPOSURE RISK...
DID YOU THINK OF RETENTION 
AND YOUR ARCHIVES? HOW IS 
SECURITY MAINTAINED?
KNOW ABOUT 
IRM AND RMS
BUT SECURITY GOES BEYOND 
SHAREPOINT
TIPS 
FROM 
ANTONIO 
MAIO 
Claims 
Server 
SQL 
Authentication
@BNIAULIN 
@ANTONIOMAIO2 
THANK YOU!
SharePoint Security Management - Lessons Learned
SharePoint Security Management - Lessons Learned
SharePoint Security Management - Lessons Learned
SharePoint Security Management - Lessons Learned
Upcoming SlideShare
Loading in …5
×

SharePoint Security Management - Lessons Learned

13,731 views

Published on

When working with SharePoint On-Premises or on Office 365, we can't ignore our Security Management. Many things we do can lead to further problems or even worse security breaches.
This is a session recording of a webinar recorded and available http://en.share-gate.com/blog/sharepoint-security-management-lessons-learned which includes tips and best practises concerning your SharePoint Security.

Published in: Technology, Software
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hello! Get Your Professional Job-Winning Resume Here - Check our website! https://vk.cc/818RFv
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

SharePoint Security Management - Lessons Learned

  1. 1. ! ! by Benjamin Niaulin, a SharePoint GEEK @bniaulin share-gate.com/blog
  2. 2. WHY ARE WE HERE TODAY?
  3. 3. A recent study by Emedia, covered in full by InfoSecurity magazine in February 2013, found that only about one-third of organizations with 25-5000 users employing SharePoint have security policies covering the platform. Even worse, just over one-fifth, or 22%, admitted that they don't have one and won't be making one.
  4. 4. EDWARD SNOWDEN
  5. 5. I HAVE FULL CONTROL
  6. 6. BUT NOW I LOST CONTROL
  7. 7. “I SWEAR I DIDN’T DELETE THE LIBRARY BUT NOW IT’S GONE”
  8. 8. WHO HAS ACCESS TO WHAT?
  9. 9. “WE DON’T PUT SENSITIVE DATA IN SHAREPOINT! WE STORE THEM IN ANOTHER SYSTEM WHERE WE LIMIT ACCESS AND PASSWORD ENCRYPT THOSE OFFICE DOCS WHEN SHARING THEM VIA EMAIL.”
  10. 10. “UMMM…. I REMOVED MYSELF AS AN ADMINISTRATOR OF THE SITE”
  11. 11. “MY SHAREPOINT IS SO SLOW…”
  12. 12. HOW DO YOU MANAGE SECURITY ON SO MANY DIFFERENT THINGS? (SHAREPOINT, OFFICE 365, ONEDRIVE FOR BUSINESS)
  13. 13. SO HOW CAN WE GET STARTED AND LEARN FROM OUR PAST EXPERIENCE?
  14. 14. FIRST, GET TO KNOW SHAREPOINT
  15. 15. AND UNDERSTAND THAT NOT EVERYTHING CAN BE ASSIGNED SECURITY
  16. 16. SITES
  17. 17. LISTS/LIBRARIES FOLDERS / DOCUMENTS / ITEMS
  18. 18. NO YOU CANNOT PUT SECURITY ON YOUR SHAREPOINT VIEWS
  19. 19. AND IT’S THE SAME FOR YOUR COLUMNS AND CONTENT TYPES
  20. 20. BUT HOW DOES IT ALL WORK? INHERIT PERMISSIONS? BREAK INHERITANCE?
  21. 21. INHERITED PERMISSIONS SITE COLLECTIONS SITES CHILD SITES LISTS & LIBRARIES FOLDERS ITEMS & DOCUMENTS BY DEFAULT Image inspired by Bobby Chang - Planet Technologies
  22. 22. SITE COLLECTIONS SITES CHILD SITES LISTS & LIBRARIES FOLDERS ITEMS & DOCUMENTS BREAK INHERITANCE Image inspired by Bobby Chang - Planet Technologies
  23. 23. SITE COLLECTIONS SITES CHILD SITES LISTS & LIBRARIES FOLDERS ITEMS & DOCUMENTS BREAK INHERITANCE Image inspired by Bobby Chang - Planet Technologies LIMITED ACCESS
  24. 24. LIMI TED ACCESS FAMOUS WHY IS IT EVERYWHERE AND CAN YOU DELETE IT?
  25. 25. EDIT VS CONTRIBUTE
  26. 26. BUT BE CAREFUL WITH ASSIGNING PERMISSIONS EVERYWHERE
  27. 27. Permissions and Security Scopes • Every time permission inheritance is broken a new security scope is created • Security Scope is made of up principles: • Domain users/groups • SharePoint users/groups • Claims • Be aware of “Limited Access” • Limitations • Security Scopes (50K per list) • Size of Scope (5K per scope) Microsoft SharePoint Boundaries and Limits: http://technet.microsoft.com/en-­‐us/library/cc262787.aspx © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer.
  28. 28. LESSON #1 DON’T GIVE FULL CONTROL TO EVERYONE
  29. 29. THEN HOW IS ACCESS GIVEN TO PEOPLE EXACTLY?
  30. 30. SP GROUPS VS AD GROUPS CHANGING MEMBERS OF SP GROUPS WILL LAUNCH A FULL CRAWL AT NEXT PASS TO CALCULATE ACLs MSDN Security guidance on SP Groups vs AD Groups
  31. 31. LESSON #2 ALWAYS USE AD GROUPS WHEN POSSIBLE
  32. 32. UNDERSTAND THE SETTINGS
  33. 33. LESSON #3 NEVER GRANT PERMISSIONS DIRECTLY TO A USER
  34. 34. “HEY ANTONIO, CAN YOU TELL ME WHAT BENJAMIN HAS ACCESS TO IN OUR SHAREPOINT?”
  35. 35.
  36. 36. OK… YOU CAN AT LEAST TELL ME ALL THE EXTERNAL USERS THAT HAVE ACCESS RIGHT? SIGH…
  37. 37. WHAT YOU WILL NEED IS Governance http://en.share-gate.com/blog/real-world-sharepoint-governance-plan
  38. 38. but keep it simple. it’s a set of rules and guidelines to help, no one is going to read that 27 page PDF
  39. 39. AND THE NEW “SHARE” WILL NOT MAKE IT EASY TO MANAGE AND CONTROL
  40. 40. THAT’S WHY SOME TRAINING IS IMPORTANT
  41. 41. REAL TRAINING! NOT A PAMPHLET IN-CLASS | SELF-SERVICE VIDEOS | DOCUMENTATION | PROVIDE A TRAINING KIT FOR NEW SITE OWNERS
  42. 42. MAYBE A GOOD TIME TO LEVERAGE OFFICE 365 VIDEO?
  43. 43. LESSON #4 HELP THEM UNDERSTAND WHY ITEM-LEVEL PERMISSION IS BAD
  44. 44. IN SHAREPOINT, YOU DON’T SEE WHAT YOU DON’T HAVE ACCESS TO
  45. 45. BUT YOU SEE EVERYTHING YOU HAVE ACCESS TO WITH SEARCH. PROPERLY PLAN THE ACCOUNTS YOU WILL USE TO INDEX SHAREPOINT AS WELL.
  46. 46. AND OF COURSE IT GOES BEYOND WHAT WE SAW TODAY
  47. 47. « Google the words ‘View All Site Content’ see what happens » -Sean Wallbridge ANONYMOUS ACCESS AND THE EXPOSURE RISKS WITH SHAREPOINT
  48. 48. DID YOU THINK OF RETENTION AND YOUR ARCHIVES? HOW IS SECURITY MAINTAINED?
  49. 49. KNOW ABOUT IRM AND RMS
  50. 50. BUT SECURITY GOES BEYOND SHAREPOINT
  51. 51. TIPS FROM ANTONIO MAIO Claims Server SQL Authentication
  52. 52. @BNIAULIN @ANTONIOMAIO2 THANK YOU!

×