Microsoft’s Virtual Employee Town Hall Playbook Playbook ...
SharePoint Security Playbook [eBook]
-
Upload
imperva -
Category
Technology
-
view
5.573 -
download
6
description
Transcript of SharePoint Security Playbook [eBook]
SharePoint Security Resource Kit
SharePoint Security Playbook
5 Lines of Defense You Need to Secure Your SharePoint Environment
SharePoint Security Resource Kit
Contents
IT’S TIME TO THINK ABOUT SHAREPOINT SECURITY
Challenge 1: Ensure access rights remain aligned with business needs
Challenge 2: Address compliance mandates
Challenge 3: Respond to suspicious activity in real time
Challenge 4: Protect Web applications from attack
Challenge 5: Take control when migrating data
Conclusion: SharePoint Security Checklist
ABOUT IMPERVA
SharePoint Security Resource Kit
It’s Time to Think about SharePoint Security
The increasing use of Microsoft SharePoint to store sensitive business data and extend
access and collaboration to partners, customers, and suppliers has outpaced native SharePoint
security capabilities. More and more organizations are storing and accessing sensitive, regulated
information through this platform. To improve business security, organizations must invest in
organizing, managing, and protecting these valuable assets. By implementing the five lines of
defense outlined in this playbook, you will be able to overcome operational challenges and
protect your SharePoint deployments against both internal and external threats.
SharePoint Security Resource Kit
Ensure access rights remain aligned with business needs.
CHALLENGE #1
SharePoint Security GapWithout an aggregated, centralized system to view rights information, SharePoint permissions for each site collection must first be extracted to an Excel spreadsheet and then combined by hand to analyze. And, that analysis must be done manually within Excel or exported – yet again – to a third-party analytics platform.
“Unstructured data now accounts for more than 90% of the Digital Universe. ”-IDC 2011
SharePoint Security Resource Kit
Ensure access rights remain aligned with business needs.
The PlayAggregate permissions across the entire SharePoint deployment and automate the review process to keep rights aligned with business needs.
The Advantage- Understand who has access to what data or, conversely, what data any given user or group can access, and how that access was assigned or inherited. - Simplify the process of identifying where excessive access rights have been granted, if there are dormant users, and who owns each item and document.- Help administrators and data owners establish a baseline snapshot of access rights and conduct rights reviews.
CHALLENGE #1
SharePoint Security Resource Kit
Address compliance mandates.
CHALLENGE #2
SharePoint Security GapNative SharePoint activity monitoring lacks an intuitive, easy-to-use interface for reporting and analytics. Without a third-party solution, businesses must first decode SharePoint’s internal representation of log data before they can access meaningful information.
“ 60% of organizations have yet to bring SharePoint into line with existing data compliance policies. ”-AIIM 2011
SharePoint Security Resource Kit
Address compliance mandates.
The PlayUse enterprise-class technology that combines permissions and activity details to automate compliance reporting.
The Advantage- Generate compliance reports on-time and tailored to each recipient’s needs. - Drill down, filter, and organize data.- Enrich native data with relevant information, such as type of data, department, and data owner.
CHALLENGE #2
SharePoint Security Resource Kit
Respond to suspicious activity in real time.
CHALLENGE #3
SharePoint Security GapNative SharePoint activity auditing does not provide the ability to automatically analyze access activity and respond with an alert or block.
“ 96% of breaches were avoidable through simple or intermediate controls. ”-Verizon Data Breach Report 2011
SharePoint Security Resource Kit
Respond to suspicious activity in real time.
The PlayUse a policy framework to build rules across SharePoint’s Web, file, and database components to identify suspicious behavior and complement native access controls.
The Advantage- Monitor, control, and respond to suspicious activity in real time.- Balance the need for trust and openness with security concerns.
?!
CHALLENGE #3
SharePoint Security Resource Kit
Protect Web applications from attack.
CHALLENGE #4
SharePoint Security GapNative SharePoint does not include Web application firewall protection.
“ 31% of organizations are using SharePoint for externally facing Web sites, and another 47% are planning to do so. ”-Forrester Research, Inc. 2011
SharePoint Security Resource Kit
Protect Web applications from attack.
The PlayDeploy a proven Web application firewall (WAF) technology.
The Advantage- Provide a powerful defense against common attacks, such as SQL injection and cross-site scripting. - Streamline and automate regulatory compliance. - Mitigate data risk.
Keep Out(PLEASE)
SharePoint
ADMIN
DATABASE
CHALLENGE #4
SharePoint Security Resource Kit
Take control when migrating data.
CHALLENGE #5
SharePoint Security GapSharePoint enforces access controls for files using Access Control Lists (ACLs). What makes native permissions challenging, however, is that SharePoint lacks an automated way to ensure that ACLs remain aligned with business needs.
“SharePoint 2010 deployments grew 5x in the past six months. ” -Global 360 2011
SharePoint Security Resource Kit
Take control when migrating data.
The PlayIdentify where excessive access rights have been granted, and use file activity monitoring to locate stale data that can be archived or deleted.
The Advantage- Keep rights aligned with business needs. - Free up storage space and reduce the amount of data that must be actively managed.
CHALLENGE #5
SharePoint Security Resource Kit
SharePoint Security Checklist
Get ahead of all SharePoint deployments Implement a SharePoint governance policy Put security requirements in place when SharePoint instances go live Look beyond native SharePoint security features Specify what kind of information can be put on SharePoint
Concentrate on business-critical assets first Start with regulated, employee, or proprietary data, and intellectual property Streamline access to a “business need-to-know” level Identify and clean up dormant users and stale data Alert on unauthorized access Establish a regular review cycle for dormant users, stale data, and excessive rights
Work with data owners to manage user access Locate data owners Create permission reports so data owners have visibility into who can access their data Validate with owners that access to data is legitimate Create usage reports so owners can see who is accessing their data
Jump start your Microsoft SharePoint security efforts with this quick reference guide
Protect Web sites from external attack Identify SharePoint Web applications that work with sensitive data Deploy a Web application firewall to monitor and protect sensitive SharePoint Web sites, portals, and intranets Respond to suspicious activity such as external users accessing admin pages
Enable auditing for compliance and forensics Who owns this data? Who accessed this data? When and what did they access? Have there been repeated failed login attempts?
SharePoint Security Resource Kit
Imperva Headquarters3400 Bridge Parkway, Suite 200
Redwood Shores, CA 94065Tel: +1-650-345-9000Fax: +1-650-345-9004
Toll Free (U.S. only): +1-866-926-4678www.imperva.com
© Copyright 2012 Imperva, Inc. All rights reserved. Imperva, the Imperva logo and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.
About Imperva
Imperva data security solutions provide visibility and control of high-value business data
across critical systems within the data center. Imperva SecureSphere includes database, file,
and Web application security solutions that prioritize and mitigate risks to business data,
protect against hackers and malicious insiders, and streamline regulatory compliance.
Find Us on the Web | Contact Us Direct | Read our Blog | Facebook | Twitter | SlideShare | YouTube