SlideShare a Scribd company logo

SharePoint Security Management - Lessons Learned

Benjamin Niaulin
Benjamin Niaulin

When working with SharePoint On-Premises or on Office 365, we can't ignore our Security Management. Many things we do can lead to further problems or even worse security breaches. This is a session recording of a webinar recorded and available http://en.share-gate.com/blog/sharepoint-security-management-lessons-learned which includes tips and best practises concerning your SharePoint Security.

TechnologySoftware
1 of 56
! ! by Benjamin Niaulin, a SharePoint GEEK @bniaulin share-gate.com/blog
WHY ARE WE HERE TODAY?
A recent study by Emedia, covered in full by InfoSecurity magazine in February 2013, found that only about one-third of organizations with 25-5000 users employing SharePoint have security policies covering the platform. Even worse, just over one-fifth, or 22%, admitted that they don't have one and won't be making one.
EDWARD SNOWDEN
I HAVE FULL CONTROL
BUT NOW I LOST CONTROL
“I SWEAR I DIDN’T DELETE THE LIBRARY BUT NOW IT’S GONE”
WHO HAS ACCESS TO WHAT?
“WE DON’T PUT SENSITIVE DATA IN SHAREPOINT! WE STORE THEM IN ANOTHER SYSTEM WHERE WE LIMIT ACCESS AND PASSWORD ENCRYPT THOSE OFFICE DOCS WHEN SHARING THEM VIA EMAIL.”
“UMMM…. I REMOVED MYSELF AS AN ADMINISTRATOR OF THE SITE”
“MY SHAREPOINT IS SO SLOW…”
HOW DO YOU MANAGE SECURITY ON SO MANY DIFFERENT THINGS? (SHAREPOINT, OFFICE 365, ONEDRIVE FOR BUSINESS)
SO HOW CAN WE GET STARTED AND LEARN FROM OUR PAST EXPERIENCE?
FIRST, GET TO KNOW SHAREPOINT
AND UNDERSTAND THAT NOT EVERYTHING CAN BE ASSIGNED SECURITY
SITES
LISTS/LIBRARIES FOLDERS / DOCUMENTS / ITEMS
NO YOU CANNOT PUT SECURITY ON YOUR SHAREPOINT VIEWS
AND IT’S THE SAME FOR YOUR COLUMNS AND CONTENT TYPES
BUT HOW DOES IT ALL WORK? INHERIT PERMISSIONS? BREAK INHERITANCE?
INHERITED PERMISSIONS SITE COLLECTIONS SITES CHILD SITES LISTS & LIBRARIES FOLDERS ITEMS & DOCUMENTS BY DEFAULT Image inspired by Bobby Chang - Planet Technologies
SITE COLLECTIONS SITES CHILD SITES LISTS & LIBRARIES FOLDERS ITEMS & DOCUMENTS BREAK INHERITANCE Image inspired by Bobby Chang - Planet Technologies
SITE COLLECTIONS SITES CHILD SITES LISTS & LIBRARIES FOLDERS ITEMS & DOCUMENTS BREAK INHERITANCE Image inspired by Bobby Chang - Planet Technologies LIMITED ACCESS
LIMI TED ACCESS FAMOUS WHY IS IT EVERYWHERE AND CAN YOU DELETE IT?
EDIT VS CONTRIBUTE
BUT BE CAREFUL WITH ASSIGNING PERMISSIONS EVERYWHERE
Permissions and Security Scopes • Every time permission inheritance is broken a new security scope is created • Security Scope is made of up principles: • Domain users/groups • SharePoint users/groups • Claims • Be aware of “Limited Access” • Limitations • Security Scopes (50K per list) • Size of Scope (5K per scope) Microsoft SharePoint Boundaries and Limits: http://technet.microsoft.com/en-­‐us/library/cc262787.aspx © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer.
LESSON #1 DON’T GIVE FULL CONTROL TO EVERYONE
THEN HOW IS ACCESS GIVEN TO PEOPLE EXACTLY?
SP GROUPS VS AD GROUPS CHANGING MEMBERS OF SP GROUPS WILL LAUNCH A FULL CRAWL AT NEXT PASS TO CALCULATE ACLs MSDN Security guidance on SP Groups vs AD Groups
LESSON #2 ALWAYS USE AD GROUPS WHEN POSSIBLE
UNDERSTAND THE SETTINGS
LESSON #3 NEVER GRANT PERMISSIONS DIRECTLY TO A USER
“HEY ANTONIO, CAN YOU TELL ME WHAT BENJAMIN HAS ACCESS TO IN OUR SHAREPOINT?”
…
OK… YOU CAN AT LEAST TELL ME ALL THE EXTERNAL USERS THAT HAVE ACCESS RIGHT? SIGH…
WHAT YOU WILL NEED IS Governance http://en.share-gate.com/blog/real-world-sharepoint-governance-plan
but keep it simple. it’s a set of rules and guidelines to help, no one is going to read that 27 page PDF
AND THE NEW “SHARE” WILL NOT MAKE IT EASY TO MANAGE AND CONTROL
THAT’S WHY SOME TRAINING IS IMPORTANT
REAL TRAINING! NOT A PAMPHLET IN-CLASS | SELF-SERVICE VIDEOS | DOCUMENTATION | PROVIDE A TRAINING KIT FOR NEW SITE OWNERS
MAYBE A GOOD TIME TO LEVERAGE OFFICE 365 VIDEO?
LESSON #4 HELP THEM UNDERSTAND WHY ITEM-LEVEL PERMISSION IS BAD
IN SHAREPOINT, YOU DON’T SEE WHAT YOU DON’T HAVE ACCESS TO
BUT YOU SEE EVERYTHING YOU HAVE ACCESS TO WITH SEARCH. PROPERLY PLAN THE ACCOUNTS YOU WILL USE TO INDEX SHAREPOINT AS WELL.
AND OF COURSE IT GOES BEYOND WHAT WE SAW TODAY
« Google the words ‘View All Site Content’ see what happens » -Sean Wallbridge ANONYMOUS ACCESS AND THE EXPOSURE RISKS WITH SHAREPOINT
DID YOU THINK OF RETENTION AND YOUR ARCHIVES? HOW IS SECURITY MAINTAINED?
KNOW ABOUT IRM AND RMS
BUT SECURITY GOES BEYOND SHAREPOINT
TIPS FROM ANTONIO MAIO Claims Server SQL Authentication
@BNIAULIN @ANTONIOMAIO2 THANK YOU!

Recommended

SPC Master Power User SharePoint & Office 365
SPC Master Power User SharePoint & Office 365SPC Master Power User SharePoint & Office 365
SPC Master Power User SharePoint & Office 365Benjamin Niaulin
 
Stop Updating, Start Evolving - The Digital Workplace Truth
Stop Updating, Start Evolving - The Digital Workplace TruthStop Updating, Start Evolving - The Digital Workplace Truth
Stop Updating, Start Evolving - The Digital Workplace TruthBenjamin Niaulin
 
What's new in SharePoint 2013 - Discover it
What's new in SharePoint 2013 - Discover itWhat's new in SharePoint 2013 - Discover it
What's new in SharePoint 2013 - Discover itBenjamin Niaulin
 
SharePoint Tips and Tricks you cannot live without
SharePoint Tips and Tricks you cannot live withoutSharePoint Tips and Tricks you cannot live without
SharePoint Tips and Tricks you cannot live withoutGregory Zelfond
 
Don't Suck at SharePoint - Avoid the common mistakes
Don't Suck at SharePoint - Avoid the common mistakesDon't Suck at SharePoint - Avoid the common mistakes
Don't Suck at SharePoint - Avoid the common mistakesBenjamin Niaulin
 
Introduction to SharePoint Information Architecture
Introduction to SharePoint Information ArchitectureIntroduction to SharePoint Information Architecture
Introduction to SharePoint Information ArchitectureGregory Zelfond
 
Understand the SharePoint Basics
Understand the SharePoint BasicsUnderstand the SharePoint Basics
Understand the SharePoint BasicsBenjamin Niaulin
 
10 SharePoint 2013 OOTB Solutions Every Power User Should Know
10 SharePoint 2013 OOTB Solutions Every Power User Should Know10 SharePoint 2013 OOTB Solutions Every Power User Should Know
10 SharePoint 2013 OOTB Solutions Every Power User Should KnowAdam Levithan
 

Recommended

SPC Master Power User SharePoint & Office 365
SPC Master Power User SharePoint & Office 365SPC Master Power User SharePoint & Office 365
SPC Master Power User SharePoint & Office 365Benjamin Niaulin
 
Stop Updating, Start Evolving - The Digital Workplace Truth
Stop Updating, Start Evolving - The Digital Workplace TruthStop Updating, Start Evolving - The Digital Workplace Truth
Stop Updating, Start Evolving - The Digital Workplace TruthBenjamin Niaulin
 
What's new in SharePoint 2013 - Discover it
What's new in SharePoint 2013 - Discover itWhat's new in SharePoint 2013 - Discover it
What's new in SharePoint 2013 - Discover itBenjamin Niaulin
 
SharePoint Tips and Tricks you cannot live without
SharePoint Tips and Tricks you cannot live withoutSharePoint Tips and Tricks you cannot live without
SharePoint Tips and Tricks you cannot live withoutGregory Zelfond
 
Don't Suck at SharePoint - Avoid the common mistakes
Don't Suck at SharePoint - Avoid the common mistakesDon't Suck at SharePoint - Avoid the common mistakes
Don't Suck at SharePoint - Avoid the common mistakesBenjamin Niaulin
 
Introduction to SharePoint Information Architecture
Introduction to SharePoint Information ArchitectureIntroduction to SharePoint Information Architecture
Introduction to SharePoint Information ArchitectureGregory Zelfond
 
Understand the SharePoint Basics
Understand the SharePoint BasicsUnderstand the SharePoint Basics
Understand the SharePoint BasicsBenjamin Niaulin
 
10 SharePoint 2013 OOTB Solutions Every Power User Should Know
10 SharePoint 2013 OOTB Solutions Every Power User Should Know10 SharePoint 2013 OOTB Solutions Every Power User Should Know
10 SharePoint 2013 OOTB Solutions Every Power User Should KnowAdam Levithan
 
SharePoint Tutorial and SharePoint Training - Introduction
SharePoint Tutorial and SharePoint Training - IntroductionSharePoint Tutorial and SharePoint Training - Introduction
SharePoint Tutorial and SharePoint Training - IntroductionGregory Zelfond
 
How to build an Intranet portal in SharePoint using out of the box features
How to build an Intranet portal in SharePoint using out of the box featuresHow to build an Intranet portal in SharePoint using out of the box features
How to build an Intranet portal in SharePoint using out of the box featuresGregory Zelfond
 
SharePoint Governance - No one should carry the burden alone
SharePoint Governance - No one should carry the burden aloneSharePoint Governance - No one should carry the burden alone
SharePoint Governance - No one should carry the burden aloneBenjamin Niaulin
 
SharePoint Beginner Training for End Users
SharePoint Beginner Training for End UsersSharePoint Beginner Training for End Users
SharePoint Beginner Training for End UsersGregory Zelfond
 
SharePoint Permissions Worst Practices
SharePoint Permissions Worst PracticesSharePoint Permissions Worst Practices
SharePoint Permissions Worst PracticesBobby Chang
 
SharePoint Training
SharePoint TrainingSharePoint Training
SharePoint TrainingJohn Mongell
 
Exploring the New Search in SharePoint 2013 - What can you do now?
Exploring the New Search in SharePoint 2013 - What can you do now?Exploring the New Search in SharePoint 2013 - What can you do now?
Exploring the New Search in SharePoint 2013 - What can you do now?Benjamin Niaulin
 
Kick-Ass Project Collaboration with Office 365 Groups
Kick-Ass Project Collaboration with Office 365 GroupsKick-Ass Project Collaboration with Office 365 Groups
Kick-Ass Project Collaboration with Office 365 GroupsGregory Zelfond
 
Sharepoint tips and tricks
Sharepoint tips and tricksSharepoint tips and tricks
Sharepoint tips and tricksJeff Wisniewski
 
Top 10 SharePoint Terms and Acronyms Explained
Top 10 SharePoint Terms and Acronyms ExplainedTop 10 SharePoint Terms and Acronyms Explained
Top 10 SharePoint Terms and Acronyms ExplainedGregory Zelfond
 
How to use a SharePoint Team Site effectively for Collaboration
How to use a SharePoint Team Site effectively for CollaborationHow to use a SharePoint Team Site effectively for Collaboration
How to use a SharePoint Team Site effectively for CollaborationBenjamin Niaulin
 
Designing a great SharePoint Online intranet in Office 365
Designing a great SharePoint Online intranet in Office 365Designing a great SharePoint Online intranet in Office 365
Designing a great SharePoint Online intranet in Office 365Danny Burlage
 
SharePoint Security A to Z
SharePoint Security A to ZSharePoint Security A to Z
SharePoint Security A to ZSteve Goldberg
 
SharePoint Power User (Site Owner) Training
SharePoint Power User (Site Owner) TrainingSharePoint Power User (Site Owner) Training
SharePoint Power User (Site Owner) TrainingGregory Zelfond
 
SharePoint 5000 Item List view Threshold Checklist and Best Practices
SharePoint 5000 Item List view Threshold Checklist and Best PracticesSharePoint 5000 Item List view Threshold Checklist and Best Practices
SharePoint 5000 Item List view Threshold Checklist and Best PracticesGregory Zelfond
 
Office 365 Tip: Create a team site on SharePoint
Office 365 Tip: Create a team site on SharePointOffice 365 Tip: Create a team site on SharePoint
Office 365 Tip: Create a team site on SharePointMicrosoft India
 
Collaboration Stories: How One Tool Doesn't Fit All Anymore
Collaboration Stories: How One Tool Doesn't Fit All AnymoreCollaboration Stories: How One Tool Doesn't Fit All Anymore
Collaboration Stories: How One Tool Doesn't Fit All AnymoreShareGate
 
Introduction to SharePoint 2013 Out of the box Webparts
Introduction to SharePoint 2013 Out of the box WebpartsIntroduction to SharePoint 2013 Out of the box Webparts
Introduction to SharePoint 2013 Out of the box WebpartsPrashant G Bhoyar (Microsoft MVP)
 
Demystify OneDrive for Business - The Good and the Bad
Demystify OneDrive for Business - The Good and the BadDemystify OneDrive for Business - The Good and the Bad
Demystify OneDrive for Business - The Good and the BadBenjamin Niaulin
 
10 Best SharePoint Features You’ve Never Used (But Should)
10 Best SharePoint Features You’ve Never Used (But Should)10 Best SharePoint Features You’ve Never Used (But Should)
10 Best SharePoint Features You’ve Never Used (But Should)Christian Buckley
 
Web 1 0 and 2-0
Web 1 0 and 2-0Web 1 0 and 2-0
Web 1 0 and 2-0Caroline Cerveny
 
Web 1.0 and Web 2.0
Web 1.0 and Web 2.0Web 1.0 and Web 2.0
Web 1.0 and Web 2.0Caroline Cerveny
 

More Related Content

What's hot

SharePoint Tutorial and SharePoint Training - Introduction
SharePoint Tutorial and SharePoint Training - IntroductionSharePoint Tutorial and SharePoint Training - Introduction
SharePoint Tutorial and SharePoint Training - IntroductionGregory Zelfond
 
How to build an Intranet portal in SharePoint using out of the box features
How to build an Intranet portal in SharePoint using out of the box featuresHow to build an Intranet portal in SharePoint using out of the box features
How to build an Intranet portal in SharePoint using out of the box featuresGregory Zelfond
 
SharePoint Governance - No one should carry the burden alone
SharePoint Governance - No one should carry the burden aloneSharePoint Governance - No one should carry the burden alone
SharePoint Governance - No one should carry the burden aloneBenjamin Niaulin
 
SharePoint Beginner Training for End Users
SharePoint Beginner Training for End UsersSharePoint Beginner Training for End Users
SharePoint Beginner Training for End UsersGregory Zelfond
 
SharePoint Permissions Worst Practices
SharePoint Permissions Worst PracticesSharePoint Permissions Worst Practices
SharePoint Permissions Worst PracticesBobby Chang
 
SharePoint Training
SharePoint TrainingSharePoint Training
SharePoint TrainingJohn Mongell
 
Exploring the New Search in SharePoint 2013 - What can you do now?
Exploring the New Search in SharePoint 2013 - What can you do now?Exploring the New Search in SharePoint 2013 - What can you do now?
Exploring the New Search in SharePoint 2013 - What can you do now?Benjamin Niaulin
 
Kick-Ass Project Collaboration with Office 365 Groups
Kick-Ass Project Collaboration with Office 365 GroupsKick-Ass Project Collaboration with Office 365 Groups
Kick-Ass Project Collaboration with Office 365 GroupsGregory Zelfond
 
Sharepoint tips and tricks
Sharepoint tips and tricksSharepoint tips and tricks
Sharepoint tips and tricksJeff Wisniewski
 
Top 10 SharePoint Terms and Acronyms Explained
Top 10 SharePoint Terms and Acronyms ExplainedTop 10 SharePoint Terms and Acronyms Explained
Top 10 SharePoint Terms and Acronyms ExplainedGregory Zelfond
 
How to use a SharePoint Team Site effectively for Collaboration
How to use a SharePoint Team Site effectively for CollaborationHow to use a SharePoint Team Site effectively for Collaboration
How to use a SharePoint Team Site effectively for CollaborationBenjamin Niaulin
 
Designing a great SharePoint Online intranet in Office 365
Designing a great SharePoint Online intranet in Office 365Designing a great SharePoint Online intranet in Office 365
Designing a great SharePoint Online intranet in Office 365Danny Burlage
 
SharePoint Security A to Z
SharePoint Security A to ZSharePoint Security A to Z
SharePoint Security A to ZSteve Goldberg
 
SharePoint Power User (Site Owner) Training
SharePoint Power User (Site Owner) TrainingSharePoint Power User (Site Owner) Training
SharePoint Power User (Site Owner) TrainingGregory Zelfond
 
SharePoint 5000 Item List view Threshold Checklist and Best Practices
SharePoint 5000 Item List view Threshold Checklist and Best PracticesSharePoint 5000 Item List view Threshold Checklist and Best Practices
SharePoint 5000 Item List view Threshold Checklist and Best PracticesGregory Zelfond
 
Office 365 Tip: Create a team site on SharePoint
Office 365 Tip: Create a team site on SharePointOffice 365 Tip: Create a team site on SharePoint
Office 365 Tip: Create a team site on SharePointMicrosoft India
 
Collaboration Stories: How One Tool Doesn't Fit All Anymore
Collaboration Stories: How One Tool Doesn't Fit All AnymoreCollaboration Stories: How One Tool Doesn't Fit All Anymore
Collaboration Stories: How One Tool Doesn't Fit All AnymoreShareGate
 
Demystify OneDrive for Business - The Good and the Bad
Demystify OneDrive for Business - The Good and the BadDemystify OneDrive for Business - The Good and the Bad
Demystify OneDrive for Business - The Good and the BadBenjamin Niaulin
 
10 Best SharePoint Features You’ve Never Used (But Should)
10 Best SharePoint Features You’ve Never Used (But Should)10 Best SharePoint Features You’ve Never Used (But Should)
10 Best SharePoint Features You’ve Never Used (But Should)Christian Buckley
 

What's hot (20)

SharePoint Tutorial and SharePoint Training - Introduction
SharePoint Tutorial and SharePoint Training - IntroductionSharePoint Tutorial and SharePoint Training - Introduction
SharePoint Tutorial and SharePoint Training - Introduction
 
How to build an Intranet portal in SharePoint using out of the box features
How to build an Intranet portal in SharePoint using out of the box featuresHow to build an Intranet portal in SharePoint using out of the box features
How to build an Intranet portal in SharePoint using out of the box features
 
SharePoint Governance - No one should carry the burden alone
SharePoint Governance - No one should carry the burden aloneSharePoint Governance - No one should carry the burden alone
SharePoint Governance - No one should carry the burden alone
 
SharePoint Beginner Training for End Users
SharePoint Beginner Training for End UsersSharePoint Beginner Training for End Users
SharePoint Beginner Training for End Users
 
SharePoint Permissions Worst Practices
SharePoint Permissions Worst PracticesSharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
 
SharePoint Training
SharePoint TrainingSharePoint Training
SharePoint Training
 
Exploring the New Search in SharePoint 2013 - What can you do now?
Exploring the New Search in SharePoint 2013 - What can you do now?Exploring the New Search in SharePoint 2013 - What can you do now?
Exploring the New Search in SharePoint 2013 - What can you do now?
 
Kick-Ass Project Collaboration with Office 365 Groups
Kick-Ass Project Collaboration with Office 365 GroupsKick-Ass Project Collaboration with Office 365 Groups
Kick-Ass Project Collaboration with Office 365 Groups
 
Sharepoint tips and tricks
Sharepoint tips and tricksSharepoint tips and tricks
Sharepoint tips and tricks
 
Top 10 SharePoint Terms and Acronyms Explained
Top 10 SharePoint Terms and Acronyms ExplainedTop 10 SharePoint Terms and Acronyms Explained
Top 10 SharePoint Terms and Acronyms Explained
 
How to use a SharePoint Team Site effectively for Collaboration
How to use a SharePoint Team Site effectively for CollaborationHow to use a SharePoint Team Site effectively for Collaboration
How to use a SharePoint Team Site effectively for Collaboration
 
Designing a great SharePoint Online intranet in Office 365
Designing a great SharePoint Online intranet in Office 365Designing a great SharePoint Online intranet in Office 365
Designing a great SharePoint Online intranet in Office 365
 
SharePoint Security A to Z
SharePoint Security A to ZSharePoint Security A to Z
SharePoint Security A to Z
 
SharePoint Power User (Site Owner) Training
SharePoint Power User (Site Owner) TrainingSharePoint Power User (Site Owner) Training
SharePoint Power User (Site Owner) Training
 
SharePoint 5000 Item List view Threshold Checklist and Best Practices
SharePoint 5000 Item List view Threshold Checklist and Best PracticesSharePoint 5000 Item List view Threshold Checklist and Best Practices
SharePoint 5000 Item List view Threshold Checklist and Best Practices
 
Office 365 Tip: Create a team site on SharePoint
Office 365 Tip: Create a team site on SharePointOffice 365 Tip: Create a team site on SharePoint
Office 365 Tip: Create a team site on SharePoint
 
Collaboration Stories: How One Tool Doesn't Fit All Anymore
Collaboration Stories: How One Tool Doesn't Fit All AnymoreCollaboration Stories: How One Tool Doesn't Fit All Anymore
Collaboration Stories: How One Tool Doesn't Fit All Anymore
 
Introduction to SharePoint 2013 Out of the box Webparts
Introduction to SharePoint 2013 Out of the box WebpartsIntroduction to SharePoint 2013 Out of the box Webparts
Introduction to SharePoint 2013 Out of the box Webparts
 
Demystify OneDrive for Business - The Good and the Bad
Demystify OneDrive for Business - The Good and the BadDemystify OneDrive for Business - The Good and the Bad
Demystify OneDrive for Business - The Good and the Bad
 
10 Best SharePoint Features You’ve Never Used (But Should)
10 Best SharePoint Features You’ve Never Used (But Should)10 Best SharePoint Features You’ve Never Used (But Should)
10 Best SharePoint Features You’ve Never Used (But Should)
 

Similar to SharePoint Security Management - Lessons Learned

Web 2.0, Hip or Hype - A Library Perspective
Web 2.0, Hip or Hype - A Library PerspectiveWeb 2.0, Hip or Hype - A Library Perspective
Web 2.0, Hip or Hype - A Library Perspectivelibsys
 
Wikis and Blogs at Law Firms by Matthew Parsons
Wikis and Blogs at Law Firms by Matthew ParsonsWikis and Blogs at Law Firms by Matthew Parsons
Wikis and Blogs at Law Firms by Matthew ParsonsNeil Richards
 
The Double Check - Leveraging Microsoft Best Practices for Information Govern...
The Double Check - Leveraging Microsoft Best Practices for Information Govern...The Double Check - Leveraging Microsoft Best Practices for Information Govern...
The Double Check - Leveraging Microsoft Best Practices for Information Govern...Heather Newman
 
Intranets evolved presentation apr 2011
Intranets evolved presentation apr 2011Intranets evolved presentation apr 2011
Intranets evolved presentation apr 2011View Strategic PLC
 
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...Resourceful Nonprofit
 
UK Department of Education intranet transformation case study w Erica Hodgson...
UK Department of Education intranet transformation case study w Erica Hodgson...UK Department of Education intranet transformation case study w Erica Hodgson...
UK Department of Education intranet transformation case study w Erica Hodgson...Toby Ward
 
UK Department of Education intranet transformation case study at The Intranet...
UK Department of Education intranet transformation case study at The Intranet...UK Department of Education intranet transformation case study at The Intranet...
UK Department of Education intranet transformation case study at The Intranet...Prescient Digital Media
 
The Future of ECM: Collaborative Workspaces
The Future of ECM: Collaborative WorkspacesThe Future of ECM: Collaborative Workspaces
The Future of ECM: Collaborative WorkspacesAIIM International
 
Getting grip on_web_20
Getting grip on_web_20Getting grip on_web_20
Getting grip on_web_20Betsy Fanning
 
Augmenting your Technical Documentation with User-Generated Content
Augmenting your Technical Documentation with User-Generated ContentAugmenting your Technical Documentation with User-Generated Content
Augmenting your Technical Documentation with User-Generated ContentScott Abel
 
SharePoint Governance 101 SPBiz June 2015
SharePoint Governance 101 SPBiz June 2015SharePoint Governance 101 SPBiz June 2015
SharePoint Governance 101 SPBiz June 2015Jim Adcock
 
Missionary disciples and new media part2
Missionary disciples and new media part2Missionary disciples and new media part2
Missionary disciples and new media part2Caroline Cerveny
 
Evaluating and Implementing Web 2.0 Tools in Libraries
Evaluating and Implementing Web 2.0 Tools in LibrariesEvaluating and Implementing Web 2.0 Tools in Libraries
Evaluating and Implementing Web 2.0 Tools in LibrariesLori Reed
 
Let's Do It Now! Mainstream Uses Of Collaborative Technologies
Let's Do It Now! Mainstream Uses Of Collaborative TechnologiesLet's Do It Now! Mainstream Uses Of Collaborative Technologies
Let's Do It Now! Mainstream Uses Of Collaborative Technologieslisbk
 
Enterprise 2.0: Connecting, Collaborating & You
Enterprise 2.0: Connecting, Collaborating & YouEnterprise 2.0: Connecting, Collaborating & You
Enterprise 2.0: Connecting, Collaborating & YouJerilyn Wagner
 
Acs Presentation Thinking Outside Of Inbox V2
Acs Presentation Thinking Outside Of Inbox V2Acs Presentation Thinking Outside Of Inbox V2
Acs Presentation Thinking Outside Of Inbox V2Johnny Teoh
 

Similar to SharePoint Security Management - Lessons Learned (20)

Web 1 0 and 2-0
Web 1 0 and 2-0Web 1 0 and 2-0
Web 1 0 and 2-0
 
Web 1.0 and Web 2.0
Web 1.0 and Web 2.0Web 1.0 and Web 2.0
Web 1.0 and Web 2.0
 
Web 2.0, Hip or Hype - A Library Perspective
Web 2.0, Hip or Hype - A Library PerspectiveWeb 2.0, Hip or Hype - A Library Perspective
Web 2.0, Hip or Hype - A Library Perspective
 
Wikis and Blogs at Law Firms by Matthew Parsons
Wikis and Blogs at Law Firms by Matthew ParsonsWikis and Blogs at Law Firms by Matthew Parsons
Wikis and Blogs at Law Firms by Matthew Parsons
 
The Double Check - Leveraging Microsoft Best Practices for Information Govern...
The Double Check - Leveraging Microsoft Best Practices for Information Govern...The Double Check - Leveraging Microsoft Best Practices for Information Govern...
The Double Check - Leveraging Microsoft Best Practices for Information Govern...
 
Intranets evolved presentation apr 2011
Intranets evolved presentation apr 2011Intranets evolved presentation apr 2011
Intranets evolved presentation apr 2011
 
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
Blockchain and Artificial Intelligence for Nonprofits and Impact Amy Neumann ...
 
UK Department of Education intranet transformation case study w Erica Hodgson...
UK Department of Education intranet transformation case study w Erica Hodgson...UK Department of Education intranet transformation case study w Erica Hodgson...
UK Department of Education intranet transformation case study w Erica Hodgson...
 
UK Department of Education intranet transformation case study at The Intranet...
UK Department of Education intranet transformation case study at The Intranet...UK Department of Education intranet transformation case study at The Intranet...
UK Department of Education intranet transformation case study at The Intranet...
 
Socialintranets
SocialintranetsSocialintranets
Socialintranets
 
The Social Intranet
The Social IntranetThe Social Intranet
The Social Intranet
 
The Future of ECM: Collaborative Workspaces
The Future of ECM: Collaborative WorkspacesThe Future of ECM: Collaborative Workspaces
The Future of ECM: Collaborative Workspaces
 
Getting grip on_web_20
Getting grip on_web_20Getting grip on_web_20
Getting grip on_web_20
 
Augmenting your Technical Documentation with User-Generated Content
Augmenting your Technical Documentation with User-Generated ContentAugmenting your Technical Documentation with User-Generated Content
Augmenting your Technical Documentation with User-Generated Content
 
SharePoint Governance 101 SPBiz June 2015
SharePoint Governance 101 SPBiz June 2015SharePoint Governance 101 SPBiz June 2015
SharePoint Governance 101 SPBiz June 2015
 
Missionary disciples and new media part2
Missionary disciples and new media part2Missionary disciples and new media part2
Missionary disciples and new media part2
 
Evaluating and Implementing Web 2.0 Tools in Libraries
Evaluating and Implementing Web 2.0 Tools in LibrariesEvaluating and Implementing Web 2.0 Tools in Libraries
Evaluating and Implementing Web 2.0 Tools in Libraries
 
Let's Do It Now! Mainstream Uses Of Collaborative Technologies
Let's Do It Now! Mainstream Uses Of Collaborative TechnologiesLet's Do It Now! Mainstream Uses Of Collaborative Technologies
Let's Do It Now! Mainstream Uses Of Collaborative Technologies
 
Enterprise 2.0: Connecting, Collaborating & You
Enterprise 2.0: Connecting, Collaborating & YouEnterprise 2.0: Connecting, Collaborating & You
Enterprise 2.0: Connecting, Collaborating & You
 
Acs Presentation Thinking Outside Of Inbox V2
Acs Presentation Thinking Outside Of Inbox V2Acs Presentation Thinking Outside Of Inbox V2
Acs Presentation Thinking Outside Of Inbox V2
 

More from Benjamin Niaulin

Discover SharePoint 2016 Preview and the Vision
Discover SharePoint 2016 Preview and the VisionDiscover SharePoint 2016 Preview and the Vision
Discover SharePoint 2016 Preview and the VisionBenjamin Niaulin
 
Cool Dashboards and Visualizations for SharePoint Power Users
Cool Dashboards and Visualizations for SharePoint Power UsersCool Dashboards and Visualizations for SharePoint Power Users
Cool Dashboards and Visualizations for SharePoint Power UsersBenjamin Niaulin
 
Build Killer Visuals with SharePoint 2013 Search & Display Templates
Build Killer Visuals with SharePoint 2013 Search & Display TemplatesBuild Killer Visuals with SharePoint 2013 Search & Display Templates
Build Killer Visuals with SharePoint 2013 Search & Display TemplatesBenjamin Niaulin
 
Should you migrate to SharePoint 2013?
Should you migrate to SharePoint 2013?Should you migrate to SharePoint 2013?
Should you migrate to SharePoint 2013?Benjamin Niaulin
 
SharePoint Saturday Twin Cities - Another Hit!
SharePoint Saturday Twin Cities - Another Hit!SharePoint Saturday Twin Cities - Another Hit!
SharePoint Saturday Twin Cities - Another Hit!Benjamin Niaulin
 
Comprendre la recherche dans SharePoint
Comprendre la recherche dans SharePointComprendre la recherche dans SharePoint
Comprendre la recherche dans SharePointBenjamin Niaulin
 
Mieux comprendre SharePoint 2013
Mieux comprendre SharePoint 2013Mieux comprendre SharePoint 2013
Mieux comprendre SharePoint 2013Benjamin Niaulin
 
10 Reasons your SharePoint Migration Failed
10 Reasons your SharePoint Migration Failed10 Reasons your SharePoint Migration Failed
10 Reasons your SharePoint Migration FailedBenjamin Niaulin
 
Understanding SharePoint Content Types
Understanding SharePoint Content TypesUnderstanding SharePoint Content Types
Understanding SharePoint Content TypesBenjamin Niaulin
 
SharePoint 2013 Content search web part - Get it all in one place and style it!
SharePoint 2013 Content search web part - Get it all in one place and style it!SharePoint 2013 Content search web part - Get it all in one place and style it!
SharePoint 2013 Content search web part - Get it all in one place and style it!Benjamin Niaulin
 
Re-Experience SharePoint: Interface Enhancements in SharePoint 2010
Re-Experience SharePoint: Interface Enhancements in SharePoint 2010Re-Experience SharePoint: Interface Enhancements in SharePoint 2010
Re-Experience SharePoint: Interface Enhancements in SharePoint 2010Benjamin Niaulin
 
Content query web part – get it all in one place and style it!
Content query web part – get it all in one place and style it!Content query web part – get it all in one place and style it!
Content query web part – get it all in one place and style it!Benjamin Niaulin
 
Step into the SharePoint branding world, tools and techniques
Step into the SharePoint branding world, tools and techniquesStep into the SharePoint branding world, tools and techniques
Step into the SharePoint branding world, tools and techniquesBenjamin Niaulin
 
SPUG Montreal: Comment personnaliser SharePoint a votre image
SPUG Montreal: Comment personnaliser SharePoint a votre imageSPUG Montreal: Comment personnaliser SharePoint a votre image
SPUG Montreal: Comment personnaliser SharePoint a votre imageBenjamin Niaulin
 
Understanding SharePoint site structure what's inside
Understanding SharePoint site structure what's insideUnderstanding SharePoint site structure what's inside
Understanding SharePoint site structure what's insideBenjamin Niaulin
 

More from Benjamin Niaulin (16)

Discover SharePoint 2016 Preview and the Vision
Discover SharePoint 2016 Preview and the VisionDiscover SharePoint 2016 Preview and the Vision
Discover SharePoint 2016 Preview and the Vision
 
Cool Dashboards and Visualizations for SharePoint Power Users
Cool Dashboards and Visualizations for SharePoint Power UsersCool Dashboards and Visualizations for SharePoint Power Users
Cool Dashboards and Visualizations for SharePoint Power Users
 
Build Killer Visuals with SharePoint 2013 Search & Display Templates
Build Killer Visuals with SharePoint 2013 Search & Display TemplatesBuild Killer Visuals with SharePoint 2013 Search & Display Templates
Build Killer Visuals with SharePoint 2013 Search & Display Templates
 
Should you migrate to SharePoint 2013?
Should you migrate to SharePoint 2013?Should you migrate to SharePoint 2013?
Should you migrate to SharePoint 2013?
 
SharePoint Saturday Twin Cities - Another Hit!
SharePoint Saturday Twin Cities - Another Hit!SharePoint Saturday Twin Cities - Another Hit!
SharePoint Saturday Twin Cities - Another Hit!
 
Discover SharePoint 2013
Discover SharePoint 2013Discover SharePoint 2013
Discover SharePoint 2013
 
Comprendre la recherche dans SharePoint
Comprendre la recherche dans SharePointComprendre la recherche dans SharePoint
Comprendre la recherche dans SharePoint
 
Mieux comprendre SharePoint 2013
Mieux comprendre SharePoint 2013Mieux comprendre SharePoint 2013
Mieux comprendre SharePoint 2013
 
10 Reasons your SharePoint Migration Failed
10 Reasons your SharePoint Migration Failed10 Reasons your SharePoint Migration Failed
10 Reasons your SharePoint Migration Failed
 
Understanding SharePoint Content Types
Understanding SharePoint Content TypesUnderstanding SharePoint Content Types
Understanding SharePoint Content Types
 
SharePoint 2013 Content search web part - Get it all in one place and style it!
SharePoint 2013 Content search web part - Get it all in one place and style it!SharePoint 2013 Content search web part - Get it all in one place and style it!
SharePoint 2013 Content search web part - Get it all in one place and style it!
 
Re-Experience SharePoint: Interface Enhancements in SharePoint 2010
Re-Experience SharePoint: Interface Enhancements in SharePoint 2010Re-Experience SharePoint: Interface Enhancements in SharePoint 2010
Re-Experience SharePoint: Interface Enhancements in SharePoint 2010
 
Content query web part – get it all in one place and style it!
Content query web part – get it all in one place and style it!Content query web part – get it all in one place and style it!
Content query web part – get it all in one place and style it!
 
Step into the SharePoint branding world, tools and techniques
Step into the SharePoint branding world, tools and techniquesStep into the SharePoint branding world, tools and techniques
Step into the SharePoint branding world, tools and techniques
 
SPUG Montreal: Comment personnaliser SharePoint a votre image
SPUG Montreal: Comment personnaliser SharePoint a votre imageSPUG Montreal: Comment personnaliser SharePoint a votre image
SPUG Montreal: Comment personnaliser SharePoint a votre image
 
Understanding SharePoint site structure what's inside
Understanding SharePoint site structure what's insideUnderstanding SharePoint site structure what's inside
Understanding SharePoint site structure what's inside
 

Recently uploaded

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Recently uploaded (20)

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

SharePoint Security Management - Lessons Learned

  • 1.
  • 2. ! ! by Benjamin Niaulin, a SharePoint GEEK @bniaulin share-gate.com/blog
  • 3.
  • 4. WHY ARE WE HERE TODAY?
  • 5. A recent study by Emedia, covered in full by InfoSecurity magazine in February 2013, found that only about one-third of organizations with 25-5000 users employing SharePoint have security policies covering the platform. Even worse, just over one-fifth, or 22%, admitted that they don't have one and won't be making one.
  • 7. I HAVE FULL CONTROL
  • 8. BUT NOW I LOST CONTROL
  • 9. “I SWEAR I DIDN’T DELETE THE LIBRARY BUT NOW IT’S GONE”
  • 10. WHO HAS ACCESS TO WHAT?
  • 11. “WE DON’T PUT SENSITIVE DATA IN SHAREPOINT! WE STORE THEM IN ANOTHER SYSTEM WHERE WE LIMIT ACCESS AND PASSWORD ENCRYPT THOSE OFFICE DOCS WHEN SHARING THEM VIA EMAIL.”
  • 12. “UMMM…. I REMOVED MYSELF AS AN ADMINISTRATOR OF THE SITE”
  • 13. “MY SHAREPOINT IS SO SLOW…”
  • 14. HOW DO YOU MANAGE SECURITY ON SO MANY DIFFERENT THINGS? (SHAREPOINT, OFFICE 365, ONEDRIVE FOR BUSINESS)
  • 15. SO HOW CAN WE GET STARTED AND LEARN FROM OUR PAST EXPERIENCE?
  • 16. FIRST, GET TO KNOW SHAREPOINT
  • 17. AND UNDERSTAND THAT NOT EVERYTHING CAN BE ASSIGNED SECURITY
  • 18. SITES
  • 19. LISTS/LIBRARIES FOLDERS / DOCUMENTS / ITEMS
  • 20. NO YOU CANNOT PUT SECURITY ON YOUR SHAREPOINT VIEWS
  • 21. AND IT’S THE SAME FOR YOUR COLUMNS AND CONTENT TYPES
  • 22. BUT HOW DOES IT ALL WORK? INHERIT PERMISSIONS? BREAK INHERITANCE?
  • 23. INHERITED PERMISSIONS SITE COLLECTIONS SITES CHILD SITES LISTS & LIBRARIES FOLDERS ITEMS & DOCUMENTS BY DEFAULT Image inspired by Bobby Chang - Planet Technologies
  • 24. SITE COLLECTIONS SITES CHILD SITES LISTS & LIBRARIES FOLDERS ITEMS & DOCUMENTS BREAK INHERITANCE Image inspired by Bobby Chang - Planet Technologies
  • 25. SITE COLLECTIONS SITES CHILD SITES LISTS & LIBRARIES FOLDERS ITEMS & DOCUMENTS BREAK INHERITANCE Image inspired by Bobby Chang - Planet Technologies LIMITED ACCESS
  • 26. LIMI TED ACCESS FAMOUS WHY IS IT EVERYWHERE AND CAN YOU DELETE IT?
  • 27.
  • 29. BUT BE CAREFUL WITH ASSIGNING PERMISSIONS EVERYWHERE
  • 30. Permissions and Security Scopes • Every time permission inheritance is broken a new security scope is created • Security Scope is made of up principles: • Domain users/groups • SharePoint users/groups • Claims • Be aware of “Limited Access” • Limitations • Security Scopes (50K per list) • Size of Scope (5K per scope) Microsoft SharePoint Boundaries and Limits: http://technet.microsoft.com/en-­‐us/library/cc262787.aspx © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer.
  • 31. LESSON #1 DON’T GIVE FULL CONTROL TO EVERYONE
  • 32. THEN HOW IS ACCESS GIVEN TO PEOPLE EXACTLY?
  • 33. SP GROUPS VS AD GROUPS CHANGING MEMBERS OF SP GROUPS WILL LAUNCH A FULL CRAWL AT NEXT PASS TO CALCULATE ACLs MSDN Security guidance on SP Groups vs AD Groups
  • 34. LESSON #2 ALWAYS USE AD GROUPS WHEN POSSIBLE
  • 36. LESSON #3 NEVER GRANT PERMISSIONS DIRECTLY TO A USER
  • 37. “HEY ANTONIO, CAN YOU TELL ME WHAT BENJAMIN HAS ACCESS TO IN OUR SHAREPOINT?”
  • 38.
  • 39. OK… YOU CAN AT LEAST TELL ME ALL THE EXTERNAL USERS THAT HAVE ACCESS RIGHT? SIGH…
  • 40. WHAT YOU WILL NEED IS Governance http://en.share-gate.com/blog/real-world-sharepoint-governance-plan
  • 41.
  • 42. but keep it simple. it’s a set of rules and guidelines to help, no one is going to read that 27 page PDF
  • 43. AND THE NEW “SHARE” WILL NOT MAKE IT EASY TO MANAGE AND CONTROL
  • 44. THAT’S WHY SOME TRAINING IS IMPORTANT
  • 45. REAL TRAINING! NOT A PAMPHLET IN-CLASS | SELF-SERVICE VIDEOS | DOCUMENTATION | PROVIDE A TRAINING KIT FOR NEW SITE OWNERS
  • 46. MAYBE A GOOD TIME TO LEVERAGE OFFICE 365 VIDEO?
  • 47. LESSON #4 HELP THEM UNDERSTAND WHY ITEM-LEVEL PERMISSION IS BAD
  • 48. IN SHAREPOINT, YOU DON’T SEE WHAT YOU DON’T HAVE ACCESS TO
  • 49. BUT YOU SEE EVERYTHING YOU HAVE ACCESS TO WITH SEARCH. PROPERLY PLAN THE ACCOUNTS YOU WILL USE TO INDEX SHAREPOINT AS WELL.
  • 50. AND OF COURSE IT GOES BEYOND WHAT WE SAW TODAY
  • 51. « Google the words ‘View All Site Content’ see what happens » -Sean Wallbridge ANONYMOUS ACCESS AND THE EXPOSURE RISKS WITH SHAREPOINT
  • 52. DID YOU THINK OF RETENTION AND YOUR ARCHIVES? HOW IS SECURITY MAINTAINED?
  • 53. KNOW ABOUT IRM AND RMS
  • 54. BUT SECURITY GOES BEYOND SHAREPOINT
  • 55. TIPS FROM ANTONIO MAIO Claims Server SQL Authentication