A walkthrough of the out-of-the-box compliance and auditing capabilities in SharePoint 2013 and Office 365, with a focus on the parity between platforms. Presented at SharePointFest Seattle 2015.
3. Beezy is the premier enterprise collaboration solution for Microsoft
Office 365 and SharePoint, extending the feature set and improving the
user experience for on-premises, cloud, and hybrid deployments. We are
on a mission to transform the way people work, and to help employees
be more connected, innovative, and happy.
Learn more at www.beezy.net or @FollowBeezy on Twitter.
4. What we’ll cover…
01 | Common SP Management Concerns
02 | A Changing Admin Interface
03 | Basic Admin Capabilities
04 | Solving Common Problems
05 | Making the Cloud Transition
9. Infrastructure
maintained solely
for customer
On premises or off
Managed by the
customer, or by a
3rd party hoster
Private Cloud Hybrid Cloud
Multiple
infrastructure
options
Components both
on premises and
off premises
Management
spread between
customer and 3rd
party hosters
Infrastructure
shared by multiple
customers
Off premises
Managed by 3rd
party on behalf of
customers
Public Cloud
More infrastructure optionsMany “flavors” of cloud
10. Partner Hosted
Private Cloud
• Dedicated environment
• Externally hosted
• Externally or internally
managed
• Internally designed
Self Hosted
Private Cloud
• Dedicated environment
• Internally hosted
• Internally managed
• Internally designed
Shared or Dedicated
Public Cloud
• Shared or dedicated
environment
• Externally hosted
• Externally managed
• Externally designed
Public Dedicated
Cloud
• Partially or fully dedicated
• Externally hosted
• Externally or internally
managed
• Minimal customization
Traditional
on premises
23. The Usual Three Suspects
Permissions Management
Reporting & Insight – e.g. usage, growth
Responding to Audit requests
Clean-up of sites and content
24. Farm Admin is Site Collection Admin
AD v SP Groups
Broken Inheritance
Direct Permissions
Misuse of “Authenticated Users”
Anonymous Access
25. Beware of the large log file
Beware of the “disappearing” log file
Reactive v Proactive
Be prepared for lots of mouse clicks
Brush up on your Excel skills
Brush up on your SSRS skills
30. 36 percent of SharePoint
users are breaching security
policies-
CMSWire
A survey revealed that 79 percent of the
respondent said that they stored sensitive
or confidential information on the
SharePoint platform - CMSWire
Only 18 percent of
enterprises use technical
controls to prevent access
to sensitive information.
Most — 73 percent — rely
on written policies or
informal understandings
with their workforce -
CMSWire
“60% of organizations have yet to bring
SharePoint into line with existing data
compliance policies.” – AIIM
Two-thirds of SharePoint-using
companies in a recent survey
have admitted to having ‘no
active security policy’ in place -
Emedia
31. view SharePoint Governance as critical have a well defined strategy
67%
26%
0%
10%
20%
30%
40%
50%
60%
70%
80%
- Redmond Magazine Survey, 2013
72. Need space and
maintenance planning Most likely provided
Licensing costs, but
also upgrades and
ongoing support
Included in vendor-
hosted solutions
Need to purchase,
support and maintain,
and upgrade as
platform matures
Included in vendor-
hosted solutions
Administrative,
developer, and end
user skills and training
Still requires
administrative and
possibly dev skills,
end user training
On Premises Cloud Hybrid
Need space and
maintenance planning
Licensing costs, but
also upgrades and
ongoing support
Need to purchase,
support and maintain,
and upgrade as
platform matures
Administrative,
developer, and end
user skills and training
73. Full control
Limited to none in
SaaS, some control
over PaaS, full control
over IaaS
Limited ability to
integrate depending
on SaaS, PaaS, or IaaS
Many limitations OTB,
but very robust tools
from partners Limited
Very complex across
on prem and cloud
components, very
manual
Needs to be planned,
limited features OTB Defined in SLAs
Some OTB capabilities,
3rd party for tighter
control and
predictability
Microsoft
recommends 3rd
party tools
On Premises Cloud Hybrid
Very complex across
on prem and cloud
components, very
manual
Some OTB capabilities,
3rd party for tighter
control and
predictability
Decisions need to be made about build or buy, out source or keep in house
Can’t restrict people from “collaborating” – that’s why we have SP - 34% of respondents also said they'd never even considered the security implications surrounding SharePoint – consider including how to share content as part of the strategy since people will. put clear policies in place regarding how information can be shared, and then to monitor access and enforce policy compliance
Training - 92% agreed that removing information from SharePoint made it less secure, but 30% were willing to take that risk "if it helps me get the job done."
Classify sites as confidential or non-confidential – sensitivity level – maybe it’s customer or partner focused sites vs intranet sites
Yet the study discovered that 65% of respondents are not yet marking any of their data. A very low 9% of respondents said they protectively mark all emails, and the same percentage said they do the same for all documents. Only 17% of respondents said they mark all email and documents
Demo –
Permissions Report
Highlight how someone gets permissions
Show users with Direct Permissions
Show Cleanup User Permissions
Show Authenticated Users
Orphan User
Revoke Permissions
From pervious slide – show tagging sites to show confidential, etc
Demo
Audit log report
Site or Site Collection features
Talk about archiving the audit log
Demo
CP alerts for permissions changes - Receive alerts when changes are made
CP policies - Prevent users from causing havoc
21
If your organization were only to implement one SharePoint site, administration would be a breeze. There would always be a clear path of what is happening and how to get from point A to point B.
But none of us administrate one site.
The good news is your organization is committed to SharePoint.
The bad news is broad adoption breeds complexity. The more engaged your users, the more work it requires to maintain visibility and control.
Think of it like a highway– one that is constantly growing, paths evolving, visitors changing…
Out of the box tools don not adequately meet the needs of SharePoint Administrators for the modern SharePoint deployment.
Permissions management is in siloes for individual site collections, sites or lists.
Broken inheritance when used properly is good, when used incorrectly is a security nightmare.
Ability to know who accessed what content, when di they access something or how often is nearly impossible to obtain
Insider threats, compliance rules and regulations are increasingly difficult to manage or meet
If the percentages here are extrapolated across the entire SharePoint user set, then there is a significant problem here
In more organizations the corn maze of SharePoint creates a governance gap.
Startling Truth:
67% of organizations view SharePoint Governance as critical but only 26% have a well defined strategy (Source: Axceler Governance Benchmark Survey of 1,000+ SharePoint Administrators)
The Gap exists because without the right tools it’s HARD not to get lost in the maze. And the result is not only a lot of time is wasted trying to pull data from across multiple sites & farms – but policy enforcement becomes impossible.
But there is light shining on the maze.
Axceler clients rate better on the SharePoint Maturity Spectrum because organizations with 3rd party tools (such as Axceler) are 3X as likely to run regular audits and conduct other governance best practice activities…because they now have the capability to do so.
A failure of policy, inadequate procedures and lack of technical enforcement can often lead to serious data leaks
41
57
Can’t restrict people from “collaborating” – that’s why we have SP - 34% of respondents also said they'd never even considered the security implications surrounding SharePoint – consider including how to share content as part of the strategy since people will. put clear policies in place regarding how information can be shared, and then to monitor access and enforce policy compliance
Training - 92% agreed that removing information from SharePoint made it less secure, but 30% were willing to take that risk "if it helps me get the job done."
Classify sites as confidential or non-confidential – sensitivity level – maybe it’s customer or partner focused sites vs intranet sites
Yet the study discovered that 65% of respondents are not yet marking any of their data. A very low 9% of respondents said they protectively mark all emails, and the same percentage said they do the same for all documents. Only 17% of respondents said they mark all email and documents
Demo –
Permissions Report
Highlight how someone gets permissions
Show users with Direct Permissions
Show Cleanup User Permissions
Show Authenticated Users
Orphan User
Revoke Permissions
From pervious slide – show tagging sites to show confidential, etc
Demo
Audit log report
Site or Site Collection features
Talk about archiving the audit log
Demo
CP alerts for permissions changes - Receive alerts when changes are made
CP policies - Prevent users from causing havoc