SharePoint Security Playbook
Contents
IT’S TIME TO THINK ABOUT SHAREPOINT SECURITY
Challenge 1: Ensure access rights remain aligned with business needs
Challenge 2: Address compliance mandates
It’s Time to Think about SharePoint Security
Ensure access rights remain
aligned with business needs.
CHALLENGE #1
SharePoint Security Gap
Without an aggregated, centralized system to view rights information, SharePoint permissions for each site collection must first be extracted to an Excel spreadsheet and then combined by hand to analyze. And, that analysis must be done manually within Excel or exported – yet again – to a third-party analytics platform.
“
Unstructured data
now accounts for
more than 90% of
the Digital Universe.
”
Ensure access rights remain aligned with business needs.
The Play
Aggregate permissions across the entire SharePoint deployment and automate the review process to keep rights aligned with business needs.
The Advantage
- Understand who has access to what data or, conversely, what data any given user or group can access, and how that access was assigned or inherited. - Simplify the process of identifying where excessive access rights have been granted, if there are dormant users, and who owns each item and document. - Help administrators and data owners establish a baseline snapshot of access rights and conduct rights reviews.
Address compliance mandates.
CHALLENGE #2
SharePoint Security Gap
Native SharePoint activity monitoring lacks an intuitive, easy-to-use interface for reporting and analytics. Without a third-party solution, businesses must first decode SharePoint’s internal representation of log data before they can access meaningful information.
“
60% of organizations
have yet to bring SharePoint
into line with existing data
compliance policies.
”
Address compliance mandates.
The Play
Use enterprise-class technology that combines permissions and activity details to automate compliance reporting.
The Advantage
- Generate compliance reports on-time and tailored to each recipient’s needs. - Drill down, filter, and organize data.
- Enrich native data with relevant information, such as type of data, department, and data owner.
Respond to suspicious
activity in real time.
CHALLENGE #3
SharePoint Security Gap
Native SharePoint activity auditing does not provide the ability to automatically analyze access activity and respond with an alert or block.
“
96% of breaches
were avoidable through
simple or intermediate
controls.
”
Respond to suspicious activity in real time.
The Play
Use a policy framework to build rules across SharePoint’s Web, file, and database components to identify suspicious behavior and complement native access controls.
The Advantage
- Monitor, control, and respond to suspicious activity in real time. - Balance the need for trust and openness with security concerns.
?!
Protect Web applications
from attack.
CHALLENGE #4
SharePoint Security Gap
Native SharePoint does not include Web application firewall protection.
“
31% of organizations are using
SharePoint for externally facing
Web sites, and another 47%
are planning to do so.
”
Protect Web applications from attack.
The Play
Deploy a proven Web application firewall (WAF) technology.
The Advantage
- Provide a powerful defense against common attacks, such as SQL injection and cross-site scripting.
- Streamline and automate regulatory compliance. - Mitigate data risk.
Take control when
migrating data.
CHALLENGE #5
SharePoint Security Gap
SharePoint enforces access controls for files using Access Control Lists (ACLs). What makes native permissions challenging, however, is that SharePoint lacks an automated way to ensure that ACLs remain aligned with business needs.
“
SharePoint 2010
deployments grew
5x in the past
six months.
Take control when migrating data.
The Play
Identify where excessive access rights have been granted, and use file activity monitoring to locate stale data that can be archived or deleted.
The Advantage
- Keep rights aligned with business needs.
- Free up storage space and reduce the amount of data that must be actively managed.
SharePoint Security Checklist
Get ahead of all SharePoint deployments
Implement a SharePoint governance policy
Put security requirements in place when SharePoint instances go live
Look beyond native SharePoint security features
Specify what kind of information can be put on SharePoint
Concentrate on business-critical assets first
Start with regulated, employee, or proprietary data,
and intellectual property
Streamline access to a “business need-to-know” level
Identify and clean up dormant users and stale data
Alert on unauthorized access
Establish a regular review cycle for dormant users, stale data,
and excessive rights
Work with data owners to manage user access
Jump start your Microsoft SharePoint security efforts with this quick reference guide
Protect Web sites from external attack
Identify SharePoint Web applications that work with sensitive data
Deploy a Web application firewall to monitor and protect sensitive SharePoint
Web sites, portals, and intranets
Respond to suspicious activity such as external users accessing admin pages
Enable auditing for compliance and forensics
Who owns this data?
Who accessed this data?
When and what did they access?
Imperva Headquarters
3400 Bridge Parkway, Suite 200 Redwood Shores, CA 94065
Tel: +1-650-345-9000 Fax: +1-650-345-9004 Toll Free (U.S. only): +1-866-926-4678
www.imperva.com
