Security, Administration & Governance for SharePoint On-Prem, Online, & Everything In-between
Download as PPTX, PDF1 like1,882 views
The document discusses various aspects of security, administration, and governance for SharePoint across on-premises, online, and hybrid environments. It covers best practices for managing permissions, auditing access, and ensuring compliance with security policies, highlighting the importance of a well-defined governance strategy. Furthermore, it emphasizes the need for tools that empower users and administrators while addressing the challenges posed by transitioning to cloud solutions.
Security, Administration & Governance for SharePoint On-Prem, Online, & Everything In-between
- 1. Security, Administration and Governance for SharePoint On-Premises, Online, and Everything In-Between Steve Marsh, Director of Product Marketing, Metalogix Christian Buckley, Office365 MVP and Managing Director, GTconsult 1
- 2. Steve Marsh Director of Product Marketing at Metalogix stevem@metalogix.com www.metalogix.com @drstevemarsh Christian Buckley Managing Director at GTconsult and Office365 MVP cbuck@gtconsult.com www.gtconsult.com and www.buckleyplanet.com @buckleyplanet
- 3. Serious Tools. For Serious Collaboration. At Metalogix, our Continuing Mission is to improve the use and performance of Enterprise Content to power knowledge sharing and collaboration. 14,000+ customer licenses shipped Fastest Growing and Largest ISV. Complete & Best-of-Breed tools for mission-critical collaboration platforms. We are committed to your Success with Collaboration across Exchange, SharePoint and the Cloud. 3
- 5. Managing SharePoint On-Premises vs. Online 5 What we’ll cover today: • The evolution of SharePoint management • What’s different about SharePoint Online • Considerations for your transition to the cloud • Considerations for managing a hybrid solution
- 7. SharePoint Growth & Evolution 7 SharePoint Releases Metadata Content www.Microsoft.com
- 8. Cloud Infrastructure Options Private Cloud Hybrid Cloud Public Cloud 8 Infrastructure maintained solely for customer On premises or off Managed by the customer, or by a 3rd party hoster Multiple infrastructure options Components both on premises and off premises Management spread between customer and 3rd party hosters Infrastructure shared by multiple customers Off premises Managed by 3rd party on behalf of customers
- 9. Understanding service delivery roles Service Delivery 9
- 10. 10 Partner Hosted Private Cloud • Dedicated environment • Externally hosted • Externally or internally managed • Internally designed Self Hosted Private Cloud • Dedicated environment • Internally hosted • Internally managed • Internally designed Shared or Dedicated Public Cloud • Shared or dedicated environment • Externally hosted • Externally managed • Externally designed Public Dedicated Cloud • Partially or fully dedicated • Externally hosted • Externally or internally managed • Minimal customization Traditional on premises Ye Olde Build vs. Buy argument
- 11. What are the 5 most common SharePoint management concerns? 11
- 12. 1. Defining (and communicating) policies and procedures Always start with non-technical elements Develop a security policy Implement a training plan for end users Develop a strategy for ensuring users know what content is confidential 12 34% of IT administrators said that they'd "sneaked a peek" at documents they weren't authorized to view, including employee details and salary information (DarkReading)
- 13. 2. Failure to implement any kind of permissions best practices Apply permissions using Least Privileged principles Don’t give users Direct Access Embrace SharePoint Groups and/or Active Directory Groups Ensure Appropriate Use of the Authenticated Users Group Clean up Orphan Users Use Broken Inheritance Responsibly Revoke permissions quickly 13
- 14. 3. Failure to regularly audit access to content and sites Are we adhering to Compliance or Governance requirements? Who has been accessing specific content? How often are specific sites being accessed? What features of SharePoint are being used? Are we managing the volume of log data? 14
- 15. 4. Failure to monitor changes to 15 security settings SharePoint security requirements change over time Ensure users are continuing to adhere to security policies Prevent users from causing havoc We need to plan how we will stay on top of changes
- 16. 5. Failure to empower users and admins with the right tools and permissions Rapid provisioning of sites and permissions Find your responsible business content owners Enable and Equip them to manage access to their content Ensure management access is limited to those with appropriate permissions Segment your administration responsibilities – Power Users, business owners 16
- 18. Out of the Box Admin Toolkit 18 The Usual Three Suspects Permissions Management Reporting & Insight – e.g. usage, growth Responding to Audit requests Clean-up of sites and content
- 19. Managing Permissions 19 Farm Admin is Site Collection Admin AD v SP Groups Broken Inheritance Direct Permissions Misuse of “Authenticated Users” Anonymous Access
- 20. Auditing Usage in SharePoint 20 Beware of the large log file Beware of the “disappearing” log file Reactive v Proactive Be prepared for lots of mouse clicks Brush up on your Excel skills Brush up on your SSRS skills
- 21. User Activity - Popular Items 21
- 22. One SharePoint Site. Simple. 22
- 23. More than One Site? Not so Simple. 23
- 24. The Out of the Box Tools 24
- 25. The Security and Compliance Gap 25 36 percent of SharePoint users are breaching security policies- CMSWire A survey revealed that 79 percent of the respondent said that they stored sensitive or confidential information on the SharePoint platform - CMSWire Only 18 percent of enterprises use technical controls to prevent access to sensitive information. Most — 73 percent — rely on written policies or informal understandings with their workforce - CMSWire “60% of organizations have yet to bring SharePoint into line with existing data compliance policies.” – AIIM Two-thirds of SharePoint-using companies in a recent survey have admitted to having ‘no active security policy’ in place -Emedia
- 26. The SharePoint Governance Gap view SharePoint Governance as critical have a well defined strategy 26 67% 26% 80% 70% 60% 50% 40% 30% 20% 10% 0% - Redmond Magazine Survey, 2013
- 27. 27 The End Result?
- 29. Tactical Team Responsibilities Operations Team • Help Enforce Governance Plan • Manage Routine Maintenance Tasks: • Nightly Backups • Usage Monitoring & Analysis • Scheduled Task Validation • Security Release & System Upgrades Support Team • Create Support System with SLA’s • Respond to questions, bugs and other issue resolution • Provide typical SharePoint Admin roles such as: • Site Provisioning • Security Permissions for users and groups Development Team • New features and program management while adhering to standards. • Develop customized & personalized solutions for departments & division sites. Whose job will be changing the most? From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole
- 30. Tactical Team Responsibilities Operations Team • Help Enforce Governance Plan • Manage Routine Maintenance Tasks: • Nightly Backups • Usage Monitoring & Analysis • Scheduled Task Validation • Security Release & System Upgrades • Oracle & DBA Role will be eliminated • Active Directory Role could change (Ping Identity, FBA, etc.) • No Equipment to Support Support Team • Create Support System with SLA’s • Respond to questions, bugs and other issue resolution • Provide typical SharePoint Admin roles such as: • Site Provisioning • Security Permissions for users and groups Development Team • New features and program management while adhering to standards. • Develop customized & personalized solutions for departments & division sites. From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole
- 31. Impacts of Office 365 In some ways, it simplifies Governance SharePoint and Exchange are primarily affected Biggest impact of 365 has is on sizing limits Data sprawl must be watched more carefully in Office 365 to avoid hitting capacity limits! Feature Specifications Storage (pooled) 10 GB per user 500 MB per enterprise user 5 TB per Company Site collection storage quotas 1 TB OneDrive for Business storage allocation 1 TB Site collections per tenant 500,000 Mailbox Size 25 gig From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole
- 32. Management Shell SharePoint Online Management Shell is a Windows PowerShell module that you can use to efficiently manage SharePoint Online users, sites, site collections, and organizations You can find a list of available cmdlets here (TechNet)
- 33. Simple mode Admin experience When you’re in Simple mode in the SharePoint Online admin center, the left-hand navigation shows only site collections, user profiles, and settings.
- 34. Advanced mode
- 35. Streamlined Admin tasks Easier to add users, auto assign available licenses, reset passwords, and manually set passwords (instead of auto generated)
- 36. Creating information management policies Create a policy to use on multiple content types within a site collection. Create a policy for a site content type. Create a policy for a list or library. (location-based retention policy)
- 38. Keeping up to date with the Office 365 Roadmap 38
- 39. Adjusting to Office 365 Updates No access to Correlation errors or backend. No ability to troubleshoot. The continual updates to the site can also cause strange errors. You may have to use different management tools. Moving to Office 365 means giving up some level of control. For example, you won't have any control over the patch management process, software upgrades, and other similar administrative tasks. 39
- 41. Factors in your hybrid planning Location / facilities Software licenses and support Hardware and maintenance Onsite support, personnel skills Level of customization Governance, auditing, security, compliance Disaster Recovery and Business Continuity Upgrades and migration 41
- 42. On Premises Cloud Hybrid Need space and maintenance planning Most likely provided 42 Licensing costs, but also upgrades and ongoing support Included in vendor-hosted solutions Need to purchase, support and maintain, and upgrade as platform matures Included in vendor-hosted solutions Administrative, developer, and end user skills and training Still requires administrative and possibly dev skills, end user training Need space and maintenance planning Licensing costs, but also upgrades and ongoing support Need to purchase, support and maintain, and upgrade as platform matures Administrative, developer, and end user skills and training
- 43. On Premises Cloud Hybrid 43 Full control Limited to none in SaaS, some control over PaaS, full control over IaaS Limited ability to integrate depending on SaaS, PaaS, or IaaS Many limitations OTB, but very robust tools from partners Limited Very complex across on prem and cloud components, very manual Needs to be planned, limited features OTB Defined in SLAs Some OTB capabilities, 3rd party for tighter control and predictability Microsoft recommends 3rd party tools Very complex across on prem and cloud components, very manual Some OTB capabilities, 3rd party for tighter control and predictability
- 44. Hybrid Health Warning! 44 Search Experience Limitations Authentication Challenges Lack of “Global” Navigation Broken User Experience? Different Release Schedules As Complexity Increases the Inherent Weaknesses in the Out of the Box Tools will be Magnified! (1+1=5)
- 45. Summary Security, Administration and Governance for SharePoint On-Premises, Online, and Everything In-Between 45
- 46. 46 Best Practices Focus on the user experience Make governance a priority Understand how your common management tasks scale across your online and on-premises systems Clarify and document your permissions, information architecture, templates, content types, taxonomy -- and ownership of each First define what policies, procedures, and metrics are needed to manage your environment, and then look at what is possible across your various tools and platforms
- 47. ControlPoint: Security and Compliance Objectives Benefits 47 Minimize or eliminate security breaches & unauthorized access to sensitive content Meet compliance requirements for access control Anticipate future IT needs to manage at scale Eliminate human error with policy driven security across SharePoint farms Mitigate risk of data loss due to unauthorized access to content Provide audit trails of content access Provide details of content growth and user activity Provide automation of governance policies
- 48. 30 Day Trial of ControlPoint www.metalogix.com/controlpoint Governance Best Practices E-Book http://www.metalogix.com/Resources/Promotions/ControlPoint/White-Papers-and- E-books/SharePoint-Governance-Best-Practices.aspx 5 Step Plan for Securing SharePoint E-Book http://www.metalogix.com/Resources/Promotions/ControlPoint/White-Papers-and- E-books/5-Step-Plan-To-Securing-SharePoint.aspx Recorded Webinar – SharePoint Permissions Audits, Reports & Policy Enforcement http://www.metalogix.com/Resources/Promotions/ControlPoint/recordings/14 0925-us-cp-wb-sharepoint-permissions-audits-reports-and-policy-enforcements 48
- 49. Thank You Steve Marsh Director of Product Marketing at Metalogix stevem@metalogix.com www.metalogix.com @drstevemarsh Christian Buckley Managing Director at GTconsult and Office365 MVP cbuck@gtconsult.com www.gtconsult.com and www.buckleyplanet.com @buckleyplanet
Editor's Notes
- #11: Decisions need to be made about build or buy, out source or keep in house
- #13: Can’t restrict people from “collaborating” – that’s why we have SP - 34% of respondents also said they'd never even considered the security implications surrounding SharePoint – consider including how to share content as part of the strategy since people will. put clear policies in place regarding how information can be shared, and then to monitor access and enforce policy compliance Training - 92% agreed that removing information from SharePoint made it less secure, but 30% were willing to take that risk "if it helps me get the job done." Classify sites as confidential or non-confidential – sensitivity level – maybe it’s customer or partner focused sites vs intranet sites Yet the study discovered that 65% of respondents are not yet marking any of their data. A very low 9% of respondents said they protectively mark all emails, and the same percentage said they do the same for all documents. Only 17% of respondents said they mark all email and documents
- #14: Demo – Permissions Report Highlight how someone gets permissions Show users with Direct Permissions Show Cleanup User Permissions Show Authenticated Users Orphan User Revoke Permissions From pervious slide – show tagging sites to show confidential, etc
- #15: Demo Audit log report Site or Site Collection features Talk about archiving the audit log
- #16: Demo CP alerts for permissions changes - Receive alerts when changes are made CP policies - Prevent users from causing havoc
- #23: If your organization were only to implement one SharePoint site, administration would be a breeze. There would always be a clear path of what is happening and how to get from point A to point B. But none of us administrate one site.
- #24: The good news is your organization is committed to SharePoint. The bad news is broad adoption breeds complexity. The more engaged your users, the more work it requires to maintain visibility and control. Think of it like a highway– one that is constantly growing, paths evolving, visitors changing…
- #25: Out of the box tools don not adequately meet the needs of SharePoint Administrators for the modern SharePoint deployment. Permissions management is in siloes for individual site collections, sites or lists. Broken inheritance when used properly is good, when used incorrectly is a security nightmare. Ability to know who accessed what content, when di they access something or how often is nearly impossible to obtain Insider threats, compliance rules and regulations are increasingly difficult to manage or meet
- #26: If the percentages here are extrapolated across the entire SharePoint user set, then there is a significant problem here
- #27: In more organizations the corn maze of SharePoint creates a governance gap. Startling Truth: 67% of organizations view SharePoint Governance as critical but only 26% have a well defined strategy (Source: Axceler Governance Benchmark Survey of 1,000+ SharePoint Administrators) The Gap exists because without the right tools it’s HARD not to get lost in the maze. And the result is not only a lot of time is wasted trying to pull data from across multiple sites & farms – but policy enforcement becomes impossible. But there is light shining on the maze. Axceler clients rate better on the SharePoint Maturity Spectrum because organizations with 3rd party tools (such as Axceler) are 3X as likely to run regular audits and conduct other governance best practice activities…because they now have the capability to do so.
- #28: A failure of policy, inadequate procedures and lack of technical enforcement can often lead to serious data leaks
- #42: These factors will help you decided how much your own organization can support, as well as help you determine the suitability of vendors
- #43: Point out that in this example, cloud = Office365
- #48: Presentation Title