Security, Administration & Governance for SharePoint On-Prem, Online, & Everything In-between

transcript

Security, Administration and Governance for SharePoint On-Premises, Online,

and Everything In-Between

Steve Marsh, Director of Product Marketing, MetalogixChristian Buckley, Office365 MVP and Managing Director, GTconsult

Steve MarshDirector of Product Marketingat Metalogix

www.metalogix.com

@drstevemarsh

stevem@metalogix.com

Christian BuckleyManaging Director at GTconsultand Office365 MVP

www.gtconsult.com and www.buckleyplanet.com

@buckleyplanet

cbuck@gtconsult.com

Serious Tools. For Serious Collaboration.

At Metalogix, our Continuing Mission is to improve the use and performance of Enterprise Content to power knowledge sharing and collaboration.

14,000+ customer licenses shipped

Fastest Growing and Largest ISV.

Complete & Best-of-Breed tools for mission-critical collaboration platforms.

We are committed to your Success with Collaboration across Exchange, SharePoint and the Cloud.

About GTconsult

Managing SharePoint On-Premises vs. Online

What we’ll cover today:

• The evolution of SharePoint management

• What’s different about SharePoint Online

• Considerations for your transition to the cloud

• Considerations for managing a hybrid solution

The evolution of SharePoint management

SharePoint Growth & Evolution

SharePoint ReleasesMetadata

Content

www.Microsoft.com

Infrastructure maintained solely for customer

On premises or off

Managed by the customer, or by a 3rd party hoster

Private Cloud Hybrid Cloud

Multiple infrastructure options

Components both on premises and off premises

Management spread between customer and 3rd party hosters

Infrastructure shared by multiple customers

Off premises

Managed by 3rd party on behalf of customers

Public Cloud

Cloud Infrastructure Options

http://social.technet.microsoft.com/wiki/contents/articles/4633.what-is-infrastructure-as-a-service.aspx

Infrastructure

Platform

Software

Service Delivery

Financial Management

DemandManagement

Business Relationship

Management

Service Catalog Management

Service LifecycleManagement

Service Level Management

Continuity & Availability

Management

CapacityManagement

Information Security

Management

Operations

Managem

Understanding service delivery roles

http://social.technet.microsoft.com/wiki/contents/articles/4633.what-is-infrastructure-as-a-service.aspx

In HouseOut Source

Partner Hosted Private Cloud

• Dedicated environment

• Externally hosted

• Externally or internally managed

• Internally designed

Self Hosted Private Cloud

• Dedicated environment

• Internally hosted

• Internally managed

• Internally designed

Shared or Dedicated Public Cloud

• Shared or dedicated environment

• Externally managed

• Externally designed

Public Dedicated Cloud• Partially or fully dedicated

• Externally or internally managed

• Minimal customization

Traditional on premises

Ye Olde Build vs. Buy argument

What are the 5 most common SharePoint management concerns?

1. Defining (and communicating) policies and procedures

Always start with non-technical elements

Develop a security policy

Implement a training plan for end users

Develop a strategy for ensuring users know what content is confidential

34% of IT administrators said that they'd "sneaked a peek" at documents they weren't authorized to view, including employee details and salary information (DarkReading)

2. Failure to implement any kind of permissions best practices

Apply permissions using Least Privileged principles

Don’t give users Direct Access

Embrace SharePoint Groups and/or Active Directory Groups

Ensure Appropriate Use of the Authenticated Users Group

Clean up Orphan Users

Use Broken Inheritance Responsibly

Revoke permissions quickly

3. Failure to regularly audit access to content and sites

Are we adhering to Compliance or Governance requirements?

Who has been accessing specific content?

How often are specific sites being accessed?

What features of SharePoint are being used?

Are we managing the volume of log data?

4. Failure to monitor changes to security settings

SharePoint security requirements change over time

Ensure users are continuing to adhere to security policies

Prevent users from causing havoc

We need to plan how we will stay on top of changes

5. Failure to empower users and admins with the right tools and permissions

Rapid provisioning of sites and permissions

Find your responsible business content owners

Enable and Equip them to manage access to their content

Ensure management access is limited to those with appropriate permissions

Segment your administration responsibilities – Power Users, business owners

How to manage within SharePoint On-premises

Out of the Box Admin Toolkit

The Usual Three Suspects

Permissions Management

Reporting & Insight – e.g. usage, growth

Responding to Audit requests

Clean-up of sites and content

Managing Permissions

Farm Admin is Site Collection Admin

AD v SP Groups

Broken Inheritance

Direct Permissions

Misuse of “Authenticated Users”

Anonymous Access

Auditing Usage in SharePoint

Beware of the large log file

Beware of the “disappearing” log file

Reactive v Proactive

Be prepared for lots of mouse clicks

Brush up on your Excel skills

Brush up on your SSRS skills

User Activity - Popular Items

Simple.One SharePoint Site.

Not so Simple.More than One Site?

The Out of the Box Tools

The Security and Compliance Gap

36 percent of SharePoint users are breaching security policies-CMSWire

A survey revealed that 79 percent of the respondent said that they stored sensitive or confidential information on the SharePoint platform - CMSWire

Only 18 percent of enterprises use technical controls to prevent access to sensitive information. Most — 73 percent — rely on written policies or informal understandings with their workforce - CMSWire

“60% of organizations have yet to bring SharePoint into line with existing data compliance policies.” – AIIM

Two-thirds of SharePoint-using companies in a recent survey have admitted to having ‘no active security policy’ in place -Emedia

view SharePoint Governance as critical have a well defined strategy

The SharePoint Governance Gap

- Redmond Magazine Survey, 2013

The End Result?

How to manage within SharePoint Online

Tactical Team Responsibilities

Operations Team

• Help Enforce Governance Plan

• Manage Routine Maintenance Tasks:

• Nightly Backups

• Usage Monitoring & Analysis

• Scheduled Task Validation

• Security Release & System Upgrades

Support Team

• Create Support System with SLA’s

• Respond to questions, bugs and other issue resolution

• Provide typical SharePoint Admin roles such as:

• Site Provisioning

• Security Permissions for users and groups

Development Team

• New features and program management while adhering to standards.

• Develop customized & personalized solutions for departments & division sites.

Whose job will be changing the most?

From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole

Tactical Team Responsibilities

Operations Team

• Help Enforce Governance Plan

• Manage Routine Maintenance Tasks:

• Nightly Backups

• Usage Monitoring & Analysis

• Scheduled Task Validation

• Security Release & System Upgrades

• Oracle & DBA Role will be eliminated

• Active Directory Role could change (Ping Identity, FBA, etc.)

• No Equipment to Support

Support Team

• Create Support System with SLA’s

• Respond to questions, bugs and other issue resolution

• Provide typical SharePoint Admin roles such as:

• Site Provisioning

• Security Permissions for users and groups

Development Team

• New features and program management while adhering to standards.

• Develop customized & personalized solutions for departments & division sites.

Impacts of Office 365

In some ways, it simplifies Governance

SharePoint and Exchange are primarily affected

Biggest impact of 365 has is on sizing limits

Data sprawl must be watched more carefully in Office 365 to avoid hitting capacity limits!

Feature Specifications

Storage (pooled)

10 GB per user500 MB per enterprise user 5 TB per Company

Site collection storage quotas

OneDrive for Business storage allocation

Site collections per tenant

500,000

Mailbox Size 25 gig

Management Shell

SharePoint Online Management Shell is a Windows PowerShell module that you can use to efficiently manage SharePoint Online users, sites, site collections, and organizations

You can find a list of available cmdlets here (TechNet)

Simple mode Admin experience

When you’re in Simple mode in the SharePoint Online admin center, the left-hand navigation shows only site collections, user profiles, and settings.

Advanced mode

Streamlined Admin tasks

Easier to add users, auto assign available licenses, reset passwords, and manually set passwords (instead of auto generated)

Creating information management policies

Create a policy to use on multiple content types within a site collection.

Create a policy for a site content type.

Create a policy for a list or library. (location-based retention policy)

Transition toward the cloud

Keeping up to date with the Office 365 Roadmap

Adjusting to Office 365 Updates

No access to Correlation errors or backend.

No ability to troubleshoot.

The continual updates to the site can also cause strange errors.

You may have to use different management tools.

Moving to Office 365 means giving up some level of control. For example, you won't have any control over the patch management process, software upgrades, and other similar administrative tasks.

Management considerations for hybrid

Factors in your hybrid planning

Location / facilities

Software licenses and support

Hardware and maintenance

Onsite support, personnel skills

Level of customization

Governance, auditing, security, compliance

Disaster Recovery and Business Continuity

Upgrades and migration

Location / facilities Need space and maintenance planning Most likely provided

Software licenses and support

Licensing costs, but also upgrades and ongoing support

Included in vendor-hosted solutions

Hardware and maintenance

Need to purchase, support and maintain, and upgrade as platform matures

Included in vendor-hosted solutions

Onsite support, personnel skills

Administrative, developer, and end user skills and training

Still requires administrative and possibly dev skills, end user training

On Premises Cloud Hybrid

Need space and maintenance planning

Licensing costs, but also upgrades and ongoing support

Need to purchase, support and maintain, and upgrade as platform matures

Administrative, developer, and end user skills and training

Level of customization Full control

Limited to none in SaaS, some control over PaaS, full control over IaaS

Limited ability to integrate depending on SaaS, PaaS, or IaaS

Governance, auditing, security,

compliance

Many limitations OTB, but very robust tools from partners Limited

Very complex across on prem and cloud components, very manual

Disaster Recovery and Business

Continuity Needs to be planned, limited features OTB Defined in SLAs

Upgrades and migration

Some OTB capabilities, 3rd party for tighter control and predictability

Microsoft recommends 3rd party tools

On Premises Cloud Hybrid

Very complex across on prem and cloud components, very manual

Some OTB capabilities, 3rd party for tighter control and predictability

Hybrid Health Warning!

Search Experience Limitations

Authentication Challenges

Lack of “Global” Navigation

Broken User Experience?

Different Release Schedules

As Complexity Increases the Inherent Weaknesses in the Out of the Box Tools will be Magnified! (1+1=5)

SummarySecurity, Administration and Governance for SharePoint On-Premises,

Online, and Everything In-Between

Best Practices

Focus on the user experience

Make governance a priority

Understand how your common management tasks scale across your online and on-premises systems

Clarify and document your permissions, information architecture, templates, content types, taxonomy -- and ownership of each

First define what policies, procedures, and metrics are needed to manage your environment, and then look at what is possible across your various tools and platforms

ControlPoint: Security and Compliance

BenefitsObjectives

Minimize or eliminate security breaches & unauthorized access to sensitive content

Meet compliance requirements for access control

Anticipate future IT needs to manage at scale

Eliminate human error with policy driven security across SharePoint farms

Mitigate risk of data loss due to unauthorized access to content

Provide audit trails of content access

Provide details of content growth and user activity

Provide automation of governance policies

30 Day Trial of ControlPointwww.metalogix.com/controlpoint

Governance Best Practices E-Bookhttp://

www.metalogix.com/Resources/Promotions/ControlPoint/White-Papers-and-E-books/SharePoint-Governance-Best-Practices.aspx

5 Step Plan for Securing SharePoint E-Bookhttp://

www.metalogix.com/Resources/Promotions/ControlPoint/White-Papers-and-E-books/5-Step-Plan-To-Securing-SharePoint.aspx

Recorded Webinar – SharePoint Permissions Audits, Reports & Policy Enforcement

http://www.metalogix.com/Resources/Promotions/ControlPoint/recordings/140925-us-cp-wb-sharepoint-permissions-audits-reports-and-policy-enforcements

Steve MarshDirector of Product Marketingat Metalogix

www.metalogix.com

@drstevemarsh

stevem@metalogix.com

Christian BuckleyManaging Director at GTconsultand Office365 MVP

www.gtconsult.com and www.buckleyplanet.com

@buckleyplanet

cbuck@gtconsult.com

Thank You

www.gtconsult.com

www.metalogix.com

Security, Administration & Governance for SharePoint On-Prem, Online, & Everything In-between

Technology