Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ESDDC - Making Secured Content Discoverable in SharePoint

74 views

Published on

Enterprise Search & Discovery - November 9, 2017

Published in: Software
  • Be the first to comment

  • Be the first to like this

ESDDC - Making Secured Content Discoverable in SharePoint

  1. 1. Jonathan Ralton BlueMetal Making Secured Content Discoverable in SharePoint
  2. 2. Agenda Defining the Problem SharePoint Search SharePoint Security Cryptzone Security Sheriff Solution Overview Wrapping Up Questions
  3. 3. ME
  4. 4. Jonathan Ralton Senior Information Architect • SharePoint professional/ consultant since 2005 • No coding! • Focused on document management, content management, knowledge management… • Search & Analytics • User Experience Design @jonralton jonathanr@bluemetal.com blog.jonralton.net linkedin.com/in/jonathanralton 2014
  5. 5. YOU
  6. 6. What roles are you in? What’s your SharePoint experience?
  7. 7. Defining the Problem Making Secured Content Discoverable in SharePoint
  8. 8. How do you let your users discover the content that they cannot see?
  9. 9. How would someone know to ask for permission to examine something if they don't know that it exists?
  10. 10. “Your role is to help foster safe behaviors, control information access, and verify ongoing compliance… all without hampering creativity, productivity, collaboration, or other daily activities.” August 2016
  11. 11. allowing open collaboration controlling and protecting information
  12. 12. • Research Institution • History of innovation
  13. 13. • Chemists • Engineers
  14. 14. • Researchers file documentation • Experiments/Discoveries • Chemical formulas and compounds, technical designs...
  15. 15. • Decades of documentation • Pre-electronic formats scanned with OCR
  16. 16. • Curated by technical librarians • With prior authorization, able to search repository and view documentation
  17. 17. • Past documentation is searchable/viewable • Repository either completely locked or unlocked in its entirety
  18. 18. nypl.org
  19. 19. Tristan Fewings/Getty Images
  20. 20. Scenario Componentry • Restricted content which requires authorization • Openly searchable electronic index of the content along with qualitative information • Discovery of relevant content • Permission request form designed to match the requester’s attributes with appropriate material • Review and approval process • Assignment of tailored permissions • Access controls remain in place throughout
  21. 21. Case Study Platform SharePoint does this thing called Content Management
  22. 22. SharePoint Search Making Secured Content Discoverable in SharePoint
  23. 23. SharePoint Search Architecture
  24. 24. SharePoint Search Architecture
  25. 25. Security Trimming Results returned for your search query will not include any content that you do not have permission to consume.
  26. 26. LIMITATION FEATURE
  27. 27. SharePoint Security Making Secured Content Discoverable in SharePoint
  28. 28. What do we have to work with?
  29. 29. What do we have to work with? Farm Web Application Content Database Site Collection Site List/Library Item Item Site Collection Site List/Library Item Site List/Library Item Content Database Site Collection Site List/Library Item Web Application Content Database Site Collection Site List/Library Item Item List/Library ItemSite Collection Site
  30. 30. What do we have to work with? Tenant Site Collection Site List/Library Item Item Site Collection Site List/Library Item Site List/Library Item Site Collection Site List/Library Item Site Collection Site List/Library Item Item List/Library ItemSite Collection Site
  31. 31. What do we have to work with? Site Collections Sites Lists/ Libraries Folders Document Sets Items/ Documents
  32. 32. Inheritance Site 1 Site 1.1 Site 1.1.1 Site 1.1.2 Site 1.2 Site 1.2.1 Site 1.3 Site 2 Site 2.1 Site 2.1.1 Site 2.2 Site 3
  33. 33. Inheritance Site Library A Folder Document A1 Document A2Document A3 Library B Document B1 Document B2 Library C Document C1 Document Set Document C2 Document C3Document C4
  34. 34. Site Collections Sites Lists/ Libraries Folders Document Sets Who/What/Where?
  35. 35. Security Sheriff Making Secured Content Discoverable in SharePoint
  36. 36. Knowing how SharePoint Search and SharePoint Security work…
  37. 37. how would we architect different content and security groupings?
  38. 38. Managing SharePoint Security How are organizations securing SharePoint content? • Juggling inherited permissions on items and folders • Maintaining multiple user groups • Creating unique silos for specific sharing scenarios • Settling for undesirable results • Hard to manage and maintain • Complicated interactions • Frustrated users/administrators
  39. 39. Managing SharePoint Security What if we could dynamically secure SharePoint content? • The ability to handle dynamic security in real time—user context, location, etc. • The ability to secure documents when they are relocated or extracted from SharePoint • The ability to leverage known information about both content and users to apply security
  40. 40. Users in Motion Jane Manager Project A Adam Developer Project A Joe Analyst Project B Coffee Shop Consultant Enterprise Headquarters Office 365 / SharePoint Online SharePoint 2016 SharePoint 2013
  41. 41. Security needs to depend on content and context, accommodating all SharePoint files in motion Files in Motion Implement consistent policies throughout hybrid environments Tailor protection to the file’s location and contents Secure SharePoint files even after they leave the premises
  42. 42. Example – Security Rules 1. External Contractors must never see documents classified as Internal 2. Users must have a higher security clearance than the document’s classification to gain access 3. Project documents should only ever be accessed by project team members 4. Unclassified documents are hidden to all but the creator until they have been classified 5. External Contractors must never share documents outside of the company 6. Top Secret documents may only reside in headquarters (use secure viewer when away from office) 7. Confidential documents must be encrypted and protected against copy, download, and print outside of office
  43. 43. Example – Employee Onsite Diana Headquarters Full Clearance Project A Office 365 / SharePoint Online SharePoint 2016 ∆ Top Secret - Encrypt on Download  Internal - Allow  Project A - Allow × Project B - Deny  Confidential - Allow  Download - Allow  Sharing - Allow  Print/Copy - Allow
  44. 44. Example – Employee Remote Jane Coffee Shop Full Clearance Project A & B Office 365 / SharePoint Online ∆ Top Secret - Secure View Only  Internal - Allow  Project A - Allow  Project B - Allow ∆ Confidential - Encrypt ∆ Download - Encrypt ∆ Sharing - Limit × Print/Copy - Deny SharePoint 2016
  45. 45. Example – Contractor Adam External Contractor Limited Clearance Project A Office 365 / SharePoint Online SharePoint 2016 × Top Secret - Deny × Internal - Deny  Project A - Allow × Project B - Deny ∆ Confidential - Encrypt ∆ Download - Encrypt ∆ Sharing - Limit × Print/Copy - Deny
  46. 46. Security Sheriff What a user sees when viewing and searching for files Whether a user can open, export, or copy a file What actions are enabled in the Office 365 ribbon If a file is encrypted when saved, copied, or emailed Real-time permissions determine… If a file should be emailed If a user must view the file securely DEVICE TIME CUSTOM ATTRIBUTES SECURITY CLEARANCE LOCATIONGROUP PERMISSIONS User Properties CUSTOM ATTRIBUTES DATE SITE PERMISSIONS AUTHOR LOCATION File Properties
  47. 47. Security Sheriff Security Sheriff dynamically adjusts file security based on real-time comparison of user context and file content to make sure that users view, use, and share files according to your industry and business’ regulations and policies. Locate and classify all data on-premises and in the cloud, encrypt or quarantine when required, and report status to stakeholders. Trusted users can collaborate on any device and in any location, knowing that all data is secure, even when it leaves the company. Classification Collaboration Policies and permissions are managed by admins who know the policies, users and data, thereby reducing cost and frustration. Administration
  48. 48. Solution Overview Making Secured Content Discoverable in SharePoint
  49. 49. Solution Overview Goals • Expose for consumption the right content to the right people based on prior authorizations • Expose for discovery all of the content to everyone so that they may request authorization(s) Hurdles • OOTB SharePoint Search behavior • OOTB SharePoint security model
  50. 50. Solution Componentry
  51. 51. Security Sheriff • Column Mappings • User Properties • Dynamic Access Rules • What can they access? • How long can they access it for?
  52. 52. Custom Development • Service Account executes search query ‘elevated privileges’ • UX components • Requesting permission form and workflow
  53. 53. Rights Management Services • Encrypted • Protection against copy/paste • Selective protection for print
  54. 54. SharePoint • Security Rules configuration list • Approvals • Expirations • Metadata on documents • Continuous Crawl
  55. 55. Scenario Componentry • Restricted content which requires authorization • Openly searchable electronic index of the content along with qualitative information • Discovery of relevant content • Permission request form designed to match the requester’s attributes with appropriate material • Review and approval process • Assignment of tailored permissions • Access controls remain in place throughout
  56. 56. By leveraging SharePoint’s native capabilities and augmenting with available technologies (and a tiny bit of fanciness)…
  57. 57. The right people get access to the right content at the right time.
  58. 58. Wrapping Up Making Secured Content Discoverable in SharePoint
  59. 59. Hidden content can become discoverable… while remaining secure.
  60. 60. This not the only way to approach this problem, and this solution may not be appropriate for every organization.
  61. 61. Key Takeaways SharePoint Search out of the box will only deliver results to you for which you already have permission to view. Combining dynamic security and search augmentation is a great answer to the problem.
  62. 62. Key Motivators Content is arguably more secure when it is selectively exposed for discovery. People are less frustrated when they can be pre-approved to view new content based on their role/domain, etc.
  63. 63. There is a big difference between exposing content for discovery and exposing content for potential exploitation. You’d better get it right the first time.
  64. 64. allowing open collaboration controlling and protecting information
  65. 65. @jonralton jonathanr@bluemetal.com blog.jonralton.net bluemetal.com cryptzone.com cryptzone.com/products/security-sheriff
  66. 66. Questions Making Secured Content Discoverable in SharePoint
  67. 67. Additional Information Making Secured Content Discoverable in SharePoint
  68. 68. Modern technology, craftsman quality. We’re an interactive design and technology architecture firm matching the most experienced consultants in the industry to the most challenging business and technical problems facing our clients. Founded August 2010, and as of October 2015, we are an Insight company. About BlueMetal 7 | YEARS IN OPERATION 5 | LOCATIONS 6 | SERVICE AREAS 4 | INDUSTRY SPECIALIZATIONS
  69. 69. Proud Global Microsoft Partner of the Year Winner – Microsoft Global Mobile App Development Partner of the Year Award, 2017 Winner – Microsoft Global IoT Partner of the Year Award, 2016 Finalist – Microsoft Intelligent Systems Partner of the Year Award, 2015 Finalist – Microsoft Collaboration and Content Partner of the Year Award, 2015
  70. 70. Trusted Advisor of Trusted Brands
  71. 71. Modern Technology, Craftsman Quality Intelligent Customer Applications Modern Workforce Applications Real-Time Business RETHINKING HOW COMPANIES CONNECT WITH THEIR CUSTOMERS FRICTION-FREE TOOLS TO MAXIMIZE EMPLOYEE EFFECTIVENESS DIGITAL TRANSFORMATION DRIVEN BY INFORMATION
  72. 72. About Cryptzone PRODUCTSACCOLADES Secure Access AppGate ® The Software-Defined Perimeter Company • Over 100 Employees • Over 450 Customers • Worldwide HQ in Boston, USA − Additional offices in the UK, Sweden and Australia Recognized by Gartner and Forrester as one of the key players in the SDP market HIGHLIGHTS Data Security Web Compliance

×