United Technologies Corporation implemented a new security model for their SharePoint environment after violations of export laws. They created claims-based web applications to separate users based on whether they were US persons or not, and deny access across applications. They also implemented governance policies around permissions, quotas, and third party applications. Finally, they addressed social collaboration concerns around inappropriate content and privacy when implementing My Sites and profiles.
Section 508 Accessibility for U.S. Government ContractorsJennifer Smith
Learn why 508 accessibility is important for all and how, as government contractors, we can aid in fulfilling the need to provide proper 508 compliance to not only meet the requirements of the law, but also the intent.
Accellion Infographic: The Effects of Mobile on the EnterpriseProofpoint
Did you know that as smartphone use increases in a particular industry, the number of data breaches rise as well? Enterprises want their employees to use mobile devices, but the data security concerns can be overwhelming. How do enterprise IT departments enable secure mobile productivity amongst their workers?
View The Effects of Mobile on the Enterprise to learn more.
Presentation 3: How SharePoint Plays an Important Role in Secure Collaboration
Presenters:
Kamran Ziai - Project Coordinator, The University of Texas at Austin
Linda Buckley - Business Analyst, The University of Texas at Austin
Shaun Evans - Senior Systems Administrator, The University of Texas at Austin
Section 508 Accessibility for U.S. Government ContractorsJennifer Smith
Learn why 508 accessibility is important for all and how, as government contractors, we can aid in fulfilling the need to provide proper 508 compliance to not only meet the requirements of the law, but also the intent.
Accellion Infographic: The Effects of Mobile on the EnterpriseProofpoint
Did you know that as smartphone use increases in a particular industry, the number of data breaches rise as well? Enterprises want their employees to use mobile devices, but the data security concerns can be overwhelming. How do enterprise IT departments enable secure mobile productivity amongst their workers?
View The Effects of Mobile on the Enterprise to learn more.
Presentation 3: How SharePoint Plays an Important Role in Secure Collaboration
Presenters:
Kamran Ziai - Project Coordinator, The University of Texas at Austin
Linda Buckley - Business Analyst, The University of Texas at Austin
Shaun Evans - Senior Systems Administrator, The University of Texas at Austin
In this webinar we explained the core pillars of GDPR. You will also see some recommendations for SharePoint administration and how to help your company become GDPR compliant!
Included: action steps with 3rd party tool SPDocKit - keep your data secure!
Try SPDocKit: www.spdockit.com
Video: https://youtu.be/flT6SzrTSp8
Webinar presented on Oct 21st (US) and Oct 23rd (EMEA), 2014 by Christian Buckley, Managing Director at GTconsult and Steve Marsh, Director of Product Marketing at Metalogix.
Best practices for security and governance in share point 2013 publishedAntonioMaio2
Microsoft SharePoint provides features and capabilities enabling you to secure access, control authentication and authorize access to information. Choosing the capabilities to make use of, configuring them and understanding their impact can be a complex tax. In this session you will learn about the key security features available in Microsoft SharePoint 2013 and the best practices for using them. The sessions begin by talking about the business reasons that organizations need to consider when security their SharePoint content, and it will then review specific capabilities and options in detail with recommendations. We’ll also review various governance best practices and how they relate to SharePoint security capabilities. Throughout the session, you’ll hear examples from large commercial enterprise, government and military and about the best practices they use to secure their content within SharePoint.
Planning Your Migration to SharePoint Online #SPBiz60Christian Buckley
Session from SPBiz.com online event on June 18th, 2015. It’s always best to begin with a plan, and this session will provide a framework for developing your own migration plan. While tools will help automate some aspects of the content move, much of the complexity of a SharePoint migration happens before a tool is installed. This session will help analysts, project managers and admin of SharePoint to reduce migration time and increase success.
Taking the Share out of Sharepoint: SharePoint Application Security.Aspenware
The beauty of SharePoint is you can quickly enable the business to do anything anywhere. That freedom and flexibility can create a serious security risk for your organization. With every service and application you roll out you also roll out new ways for hackers to get at your data.
NetSource Secure, HOSTING, and Aspenware are pleased to bring you this critical SharePoint security presentation. In this presentation Senior SharePoint Architect Waughn Hughes and Senior Security Consultant Justin Tibbs will give you the information necessary to assess your SharePoint security risks and develop a plan for mitigating risks.
SharePoint 2013 Governance Planning - SharePoint governance is the set of policies, roles, responsibilities, and processes that guides, directs, and controls how an organization's business divisions and IT teams cooperate to achieve business goals.
The Rise of SharePoint as a Business Critical HubDan Barker
SharePoint has matured since its inception in the early 2000’s from a product that provides a lot of important features to a full blown platform that small and large business are building critical solutions on. The average $1 billion company maintains, on average, 48 disparate financial systems and uses 2.7 ERP systems. SharePoint enables incredible interoperability to these various systems in a way that’s consistent across various groups within the enterprise. In this session we will talk about how SharePoint can be used to create convergence across the various line of business systems in a way that not only saves time and money but also breaks down silos that impeded productivity and innovation.
Age of Exploration: How to Achieve Enterprise-Wide DiscoveryInside Analysis
The Briefing Room with Dr. Robin Bloor and IBM Information Management
Live Webcast Nov. 19, 2013
Watch the archive: https://bloorgroup.webex.com/bloorgroup/lsr.php?AT=pb&SP=EC&rID=7808847&rKey=73cc8052da2d9962
The bigger data volumes get, the wider the range of sources available, the more companies need to secure a strategic view of their information assets. This is no small challenge for all kinds of reasons, not the least of which is access to the growing array of valuable data sets available. Today's most innovative companies are using creative solutions to ride the information wave.
Register for this episode of The Briefing Room to hear veteran Analyst Dr. Robin Bloor, as he explains how the unbridled growth of data and information systems requires a holistic approach to information access. He will be briefed by Mark Myers and Scott Parker of IBM, who will showcase the company’s InfoSphere Data Explorer product, a solution aimed squarely at the need to gain a cohesive view of enterprise data, wherever it may be. Myers and Parker will discuss how Data Explorer can help organizations to get more from their SharePoint investments, enabling them to deliver information to front-line employees regardless of where it is managed.
Visit InsideAnalysis.com for more information
Out-of-the-Box Compliance and Auditing, SP2013 On-prem and OnlineChristian Buckley
A walkthrough of the out-of-the-box compliance and auditing capabilities in SharePoint 2013 and Office 365, with a focus on the parity between platforms. Presented at SharePointFest Seattle 2015.
The Enterprise Content Management features in SharePoint have steadily improved with each new release of the platform. In this session, we will explore the top 10 new ECM features that have been added to SharePoint 2013, with an emphasis on "new". The session will include demos that showcase real-world examples of how each feature can be used to enhance the overall user experience when working with email, collaborative documents as well as official records.
How ECM Has Improved in SharePoint 2013 and What’s Still MissingMike Ferrara
Enterprise content management is constantly evolving and SharePoint 2013 has a few new tricks up its sleeve to satisfy the appetites of end users and IT professionals alike. In this session you’ll see these new features in action and how you can take advantage of them in your own environment. I’ll showcase the new drag and drop capabilities, Exchange site mailboxes, the new eDiscovery Center and a few other cool things. Finally, I’ll take a step back and review some of the missing ECM features that still haven’t made it into SharePoint, and how you might be able to work around these shortcomings.
Le cloud s’est très nettement imposé ces dernières années. Nous avons commencé avec BPOS pour arriver aujourd’hui à Office 365 ! Il n’y a pas que l’offre commerciale de Microsoft qui a évoluée. Il existe différents scénarios possibles pour allier environnement local et cloud. Dans cette session, découvrez les avantages de passer à l’hybride. Les sujets de provisioning, fédération d’identité, messagerie avec Exchange ou encore collaboration avec SharePoint seront abordés. On va tout vous expliquer sur les outils utilisés et les possibilités qui s’offrent à vous … L’essayer, c’est l’adopter !
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
More Related Content
Similar to SPSRI - Sharing the Point in an A/D World
In this webinar we explained the core pillars of GDPR. You will also see some recommendations for SharePoint administration and how to help your company become GDPR compliant!
Included: action steps with 3rd party tool SPDocKit - keep your data secure!
Try SPDocKit: www.spdockit.com
Video: https://youtu.be/flT6SzrTSp8
Webinar presented on Oct 21st (US) and Oct 23rd (EMEA), 2014 by Christian Buckley, Managing Director at GTconsult and Steve Marsh, Director of Product Marketing at Metalogix.
Best practices for security and governance in share point 2013 publishedAntonioMaio2
Microsoft SharePoint provides features and capabilities enabling you to secure access, control authentication and authorize access to information. Choosing the capabilities to make use of, configuring them and understanding their impact can be a complex tax. In this session you will learn about the key security features available in Microsoft SharePoint 2013 and the best practices for using them. The sessions begin by talking about the business reasons that organizations need to consider when security their SharePoint content, and it will then review specific capabilities and options in detail with recommendations. We’ll also review various governance best practices and how they relate to SharePoint security capabilities. Throughout the session, you’ll hear examples from large commercial enterprise, government and military and about the best practices they use to secure their content within SharePoint.
Planning Your Migration to SharePoint Online #SPBiz60Christian Buckley
Session from SPBiz.com online event on June 18th, 2015. It’s always best to begin with a plan, and this session will provide a framework for developing your own migration plan. While tools will help automate some aspects of the content move, much of the complexity of a SharePoint migration happens before a tool is installed. This session will help analysts, project managers and admin of SharePoint to reduce migration time and increase success.
Taking the Share out of Sharepoint: SharePoint Application Security.Aspenware
The beauty of SharePoint is you can quickly enable the business to do anything anywhere. That freedom and flexibility can create a serious security risk for your organization. With every service and application you roll out you also roll out new ways for hackers to get at your data.
NetSource Secure, HOSTING, and Aspenware are pleased to bring you this critical SharePoint security presentation. In this presentation Senior SharePoint Architect Waughn Hughes and Senior Security Consultant Justin Tibbs will give you the information necessary to assess your SharePoint security risks and develop a plan for mitigating risks.
SharePoint 2013 Governance Planning - SharePoint governance is the set of policies, roles, responsibilities, and processes that guides, directs, and controls how an organization's business divisions and IT teams cooperate to achieve business goals.
The Rise of SharePoint as a Business Critical HubDan Barker
SharePoint has matured since its inception in the early 2000’s from a product that provides a lot of important features to a full blown platform that small and large business are building critical solutions on. The average $1 billion company maintains, on average, 48 disparate financial systems and uses 2.7 ERP systems. SharePoint enables incredible interoperability to these various systems in a way that’s consistent across various groups within the enterprise. In this session we will talk about how SharePoint can be used to create convergence across the various line of business systems in a way that not only saves time and money but also breaks down silos that impeded productivity and innovation.
Age of Exploration: How to Achieve Enterprise-Wide DiscoveryInside Analysis
The Briefing Room with Dr. Robin Bloor and IBM Information Management
Live Webcast Nov. 19, 2013
Watch the archive: https://bloorgroup.webex.com/bloorgroup/lsr.php?AT=pb&SP=EC&rID=7808847&rKey=73cc8052da2d9962
The bigger data volumes get, the wider the range of sources available, the more companies need to secure a strategic view of their information assets. This is no small challenge for all kinds of reasons, not the least of which is access to the growing array of valuable data sets available. Today's most innovative companies are using creative solutions to ride the information wave.
Register for this episode of The Briefing Room to hear veteran Analyst Dr. Robin Bloor, as he explains how the unbridled growth of data and information systems requires a holistic approach to information access. He will be briefed by Mark Myers and Scott Parker of IBM, who will showcase the company’s InfoSphere Data Explorer product, a solution aimed squarely at the need to gain a cohesive view of enterprise data, wherever it may be. Myers and Parker will discuss how Data Explorer can help organizations to get more from their SharePoint investments, enabling them to deliver information to front-line employees regardless of where it is managed.
Visit InsideAnalysis.com for more information
Out-of-the-Box Compliance and Auditing, SP2013 On-prem and OnlineChristian Buckley
A walkthrough of the out-of-the-box compliance and auditing capabilities in SharePoint 2013 and Office 365, with a focus on the parity between platforms. Presented at SharePointFest Seattle 2015.
The Enterprise Content Management features in SharePoint have steadily improved with each new release of the platform. In this session, we will explore the top 10 new ECM features that have been added to SharePoint 2013, with an emphasis on "new". The session will include demos that showcase real-world examples of how each feature can be used to enhance the overall user experience when working with email, collaborative documents as well as official records.
How ECM Has Improved in SharePoint 2013 and What’s Still MissingMike Ferrara
Enterprise content management is constantly evolving and SharePoint 2013 has a few new tricks up its sleeve to satisfy the appetites of end users and IT professionals alike. In this session you’ll see these new features in action and how you can take advantage of them in your own environment. I’ll showcase the new drag and drop capabilities, Exchange site mailboxes, the new eDiscovery Center and a few other cool things. Finally, I’ll take a step back and review some of the missing ECM features that still haven’t made it into SharePoint, and how you might be able to work around these shortcomings.
Le cloud s’est très nettement imposé ces dernières années. Nous avons commencé avec BPOS pour arriver aujourd’hui à Office 365 ! Il n’y a pas que l’offre commerciale de Microsoft qui a évoluée. Il existe différents scénarios possibles pour allier environnement local et cloud. Dans cette session, découvrez les avantages de passer à l’hybride. Les sujets de provisioning, fédération d’identité, messagerie avec Exchange ou encore collaboration avec SharePoint seront abordés. On va tout vous expliquer sur les outils utilisés et les possibilités qui s’offrent à vous … L’essayer, c’est l’adopter !
Similar to SPSRI - Sharing the Point in an A/D World (20)
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
How world-class product teams are winning in the AI era by CEO and Founder, P...
SPSRI - Sharing the Point in an A/D World
1. Sharing the Point in an A/D & Commercial World
Security & Governance Lessons Learned
November 2013
Jared Matfess
2. About Me
SharePoint Administrator at United Technologies Corporation
10+ years in the IT field, 0 book deals.
President of the CT SharePoint User Group
http://www.ctspug.org
Blog: www.JaredMatfess.com
Twitter: @JaredMatfess
E-mail: Jared.Matfess@outlook.com
2
5. Background Information
• June 2012, United Technologies has entered into a consent agreement
to settle violations of the AECA and ITAR in connection with the
unauthorized export and transfer of defense articles, to include
technical data, and the unauthorized provision of defense services to
various countries, including proscribed destinations.
• UTC developed new core focus on International Trade Compliance
http://www.pmddtc.state.gov/compliance/consent_agreements/UTC.html
5
7. Beginning of our Security Model Journey
• Immediate reaction was to separate users based on US Person vs NonUS Person status and not allow cross-collaboration
• Anonymous “departmental” sites would be allowed but require content
approval & publishing processes
7
8. Technical Implementation
• Created web applications and set user policies that would “Deny All” to
users that did not meet the container requirements.
• Relied on global Active Directory Groups such as “All Domain Users”.
8
9. What About Claims??
• Microsoft convinced us to create claims-based Web Applications
• Worked with Scot Hillier to develop a custom claims provider to augment
Windows token with Active Directory attribute values.
•
If US Person = Yes & Work Location = US, person meets US Person claim for
access to ITAR data
• Leverage Claims for the Web Application “Deny All” rules
Great TechNet Article (written by Scot & Ted Pattinson)
http://msdn.microsoft.com/en-us/library/gg615945.aspx
9
10. Some gotcha’s…
Deny All
• Service Accounts – Farm, Backup Software, Crawl account
• Support Staff - SharePoint Farm Administrators, IT Help Desk, etc
User Data
• Logic needs to include handling of value being NULL
• Source data should be clean and complete
10
11. Security Model – Roles & Permissions
Role
Overview
Permissions
Site Power User
Business Power User who
owns the site
Add/Update/Delete items
but no Manage List*,
Create Subsites, Groups, or
Permissions capability
IT Power User
Non-SharePoint Team
Full Control but no style
sheets or theme mgmt.
Contributor (No Delete)
Business user
Contribute but no delete
items
InfoPath Form Submitter
Form submitter
Add items
Web Analytics Viewer
Manager role who needs
metrics
View Web Analytics
11
12. Limitations of the Site Power User
We will talk about this more later on in the presentation.
12
13. Site Request Process Feeds Security Model
- InfoPath form captures key
site metadata
- Provisioning process
writes data to Hidden List
& Property Bag
- Site requests reviewed
weekly
13
14. Security Model - Visual Cues
- Identified security model training need for end-users
- Benchmarked against Microsoft Best Practice
- Site Risk (High / Medium / Low)
- Reviewed historical data escapes and identified “not knowing” as a
reason for inappropriate files being posted on file share
14
15. Security Model - Visual Cues
1
2
3
1. Site Classification cue – defines what type of data is allowed or
disallowed per the site request process
2. Site Information button – displays metadata about the site
3. Report Inappropriate content button – provides a list of avenues for
reporting information that a user deems is inappropriate
15
16. Site Classification cue
- Friendly cue to educate users to the classification of the site – is it locked
down to US Persons only? US Export Tech Data allowed/disallowed
- Delegate control placed on master page
<SharePoint:DelegateControl runat="server" ControlId=“Your Control Name" AllowMultipleControls="false"/>
- Displays either control based on Web Application name
16
17. Site Information button (Version 1)
- Friendly cue to display overall information about the site – data owner, site
owner, department, etc
- Delegate control placed on master page
<SharePoint:DelegateControl runat="server" ControlId=“Your Control Name" AllowMultipleControls="false"/>
- JQuery to read from hidden list and display values in table
17
18. Site Information button – Lessons Learned
- We liked having the site metadata available in a hidden list because:
- End users wouldn’t accidentally re-classify the site
- You could index the data and perform custom search queries
- We discovered we needed a process to update the site metadata beyond
just a Help Desk ticket
- As part of site provisioning we had been writing the information to both the
hidden list as well as the site collection property bag*
18
19. Report Inappropriate Content button
Content Excluded
- Popup window that provides employees options for reporting content
- Delegate control placed on master page
- Originated through discussions with HR about My Sites
19
20. The pain of “Manage Lists”
Question: What is SharePoint?
Short Answer: Lists & Libraries
20
21. Why we took it away?
Content Approval
Mandatory Content Types
21
23. Build or Buy?
1. Continue to enforce through process and delegated administration
(didn’t feel like an option)
2. Build a comprehensive solution
- Event receivers
- Timer jobs
- PowerShell Scripts
3. Purchase a third party solution
23
24. AvePoint – Governance Automation
- Service catalog to the business
- Site collection, list, & document library creation
- Site metadata management
- Site collection lifecycle management
24
27. Governance is King
Three most important decisions to make:
• Permissions – what level of access will you give users?
• Quotas – will you enforce quotas to corral the sprawl?
• Development / 3rd Party Applications – yes/no/maybe?
Blog Post by Me: http://wp.me/pj1do-5U
27
28. Our Governance
• Permissions – lots of custom roles & permissions
• Quotas
• 250 MB file upload
• Small / Medium / Large / Jumbo site quotas
• Development / 3rd Party Applications
• Dev / QA / Prod deployment cycle
• Code review by 3rd party Senior Developer
• Lots of politics to buy 3rd Party tools
28
29. Social
Main areas of concern:
1) Inappropriate comments being made
2) Unprofessional profile photos being set
3) EU Privacy Laws based on employee data being stored in separate
system
4) “Who can see what profile data”?
5) “We want people to agree to legal disclosure.”
29
30. “The Great Production Pilot”
- People mostly post “can you see this” on other people’s note boards
- Unprofessional photos will be set (and removed when asked)
- Not enabling My Content really limits the usefulness of My Sites
- Without incentive most My Sites are abandoned within the first few
weeks
30
31. End User Licensing Agreement
- Create delegate control (code that fires prior to page load) that
checks user profile property
- If not checked – provide popup window / If checked continue and
allow the user to navigate the site collection
31
32. Current status
- Available mostly in North America
- About 2,000 users have edited their profile
- Opportunities exist with the integration of Goodrich into our
Enterprise
- European deployment pending discussions with “Works Councils”
32
33. Summary
- Security is always a journey – people love it when you restrict their
access
- Governance is important – but you need something to govern
- Big companies aren’t always super social
33
34. Thanks for listening…
Blog: www.JaredMatfess.com
Twitter: @JaredMatfess
E-mail: Jared.Matfess@outlook.com
Connecticut SharePoint Users Group
http://www.ctspug.org
34
Editor's Notes
Information about UTC and the consent agreement is freely available on the Internet.
* Mention the Plumtree migration to SharePoint
Web Application security model – US only & US/FN no-tech data