The SharePoint Security Playbook [eBook] outlines the five lines of defense you need to secure your SharePoint environment from both internal and external threats.
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
SharePoint Security Playbook [eBook]
1. SharePoint Security Playbook
5 Lines of Defense You Need to Secure Your SharePoint Environment
SharePoint Security Resource Kit
2. Contents
IT’S TIME TO THINK ABOUT SHAREPOINT SECURITY
Challenge 1: Ensure access rights remain aligned with business needs
Challenge 2: Address compliance mandates
Challenge 3: Respond to suspicious activity in real time
Challenge 4: Protect Web applications from attack
Challenge 5: Take control when migrating data
Conclusion: SharePoint Security Checklist
ABOUT IMPERVA
SharePoint Security Resource Kit
3. It’s Time to Think about SharePoint Security
The increasing use of Microsoft SharePoint to store sensitive business data and extend
access and collaboration to partners, customers, and suppliers has outpaced native SharePoint
security capabilities. More and more organizations are storing and accessing sensitive, regulated
information through this platform. To improve business security, organizations must invest in
organizing, managing, and protecting these valuable assets. By implementing the five lines of
defense outlined in this playbook, you will be able to overcome operational challenges and
protect your SharePoint deployments against both internal and external threats.
SharePoint Security Resource Kit
4. CHALLENGE #1
Ensure access rights remain
aligned with business needs.
“ Unstructured data
now accounts for
SharePoint Security Gap
Without an aggregated, centralized system to view rights
information, SharePoint permissions for each site collection
must first be extracted to an Excel spreadsheet and then
more than 90% of combined by hand to analyze. And, that analysis must be
”
done manually within Excel or exported – yet again – to a
the Digital Universe. third-party analytics platform.
-IDC 2011
SharePoint Security Resource Kit
5. CHALLENGE #1
Ensure access rights remain aligned with business needs.
The Play The Advantage
Aggregate permissions across the entire SharePoint deployment and - Understand who has access to what data or, conversely, what data any given
automate the review process to keep rights aligned with business needs. user or group can access, and how that access was assigned or inherited.
- Simplify the process of identifying where excessive access rights have been
granted, if there are dormant users, and who owns each item and document.
- Help administrators and data owners establish a baseline snapshot of access
rights and conduct rights reviews.
SharePoint Security Resource Kit
6. CHALLENGE #2
Address compliance mandates.
“ 60% of organizations
have yet to bring SharePoint
SharePoint Security Gap
Native SharePoint activity monitoring lacks an intuitive,
easy-to-use interface for reporting and analytics. Without
a third-party solution, businesses must first decode
into line with existing data SharePoint’s internal representation of log data before
”
they can access meaningful information.
compliance policies.
-AIIM 2011
SharePoint Security Resource Kit
7. CHALLENGE #2
Address compliance mandates.
The Play The Advantage
Use enterprise-class technology that combines permissions and activity - Generate compliance reports on-time and tailored to each recipient’s needs.
details to automate compliance reporting. - Drill down, filter, and organize data.
- Enrich native data with relevant information, such as type of data, department,
and data owner.
SharePoint Security Resource Kit
8. CHALLENGE #3
Respond to suspicious
activity in real time.
“ 96% of breaches
were avoidable through
SharePoint Security Gap
Native SharePoint activity auditing does not provide
the ability to automatically analyze access activity
and respond with an alert or block.
simple or intermediate
controls.
”
-Verizon Data Breach Report 2011
SharePoint Security Resource Kit
9. CHALLENGE #3
Respond to suspicious activity in real time.
?!
The Play The Advantage
Use a policy framework to build rules across SharePoint’s Web, - Monitor, control, and respond to suspicious activity in real time.
file, and database components to identify suspicious behavior and - Balance the need for trust and openness with security concerns.
complement native access controls.
SharePoint Security Resource Kit
10. CHALLENGE #4
Protect Web applications
from attack.
“ 31% of organizations are using
SharePoint for externally facing
SharePoint Security Gap
Native SharePoint does not include Web
application firewall protection.
Web sites, and another 47%
are planning to do so.
”
-Forrester Research, Inc. 2011
SharePoint Security Resource Kit
11. CHALLENGE #4
Protect Web applications from attack.
Keep Out
(PLEASE)
ADMIN
DATABASE
SharePoint
The Play The Advantage
Deploy a proven Web application firewall (WAF) technology. - Provide a powerful defense against common attacks, such as SQL injection
and cross-site scripting.
- Streamline and automate regulatory compliance.
- Mitigate data risk.
SharePoint Security Resource Kit
12. CHALLENGE #5
Take control when
migrating data.
“ SharePoint 2010
deployments grew
SharePoint Security Gap
SharePoint enforces access controls for files using
Access Control Lists (ACLs). What makes native
permissions challenging, however, is that SharePoint
5x in the past lacks an automated way to ensure that ACLs remain
”
aligned with business needs.
six months.
-Global 360 2011
SharePoint Security Resource Kit
13. CHALLENGE #5
Take control when migrating data.
The Play The Advantage
Identify where excessive access rights have been granted, and use file - Keep rights aligned with business needs.
activity monitoring to locate stale data that can be archived or deleted. - Free up storage space and reduce the amount of data that must be
actively managed.
SharePoint Security Resource Kit
14. SharePoint Security Checklist
Jump start your Microsoft SharePoint security efforts with this quick reference guide
Get ahead of all SharePoint deployments Protect Web sites from external attack
Implement a SharePoint governance policy Identify SharePoint Web applications that work with sensitive data
Put security requirements in place when SharePoint instances go live Deploy a Web application firewall to monitor and protect sensitive SharePoint
Look beyond native SharePoint security features Web sites, portals, and intranets
Specify what kind of information can be put on SharePoint Respond to suspicious activity such as external users accessing admin pages
Concentrate on business-critical assets first Enable auditing for compliance and forensics
Start with regulated, employee, or proprietary data, Who owns this data?
and intellectual property Who accessed this data?
Streamline access to a “business need-to-know” level When and what did they access?
Identify and clean up dormant users and stale data Have there been repeated failed login attempts?
Alert on unauthorized access
Establish a regular review cycle for dormant users, stale data,
and excessive rights
Work with data owners to manage user access
Locate data owners
Create permission reports so data owners have visibility into
who can access their data
Validate with owners that access to data is legitimate
Create usage reports so owners can see who is accessing
their data
SharePoint Security Resource Kit