Presentation is loading. Please wait.

Presentation is loading. Please wait.

General Business Secure Information Sharing in SharePoint 2010 Antonio Maio Senior Product Manager, Titus Inc.

Published byPhilomena Olivia Banks Modified over 9 years ago

Similar presentations

Presentation on theme: "General Business Secure Information Sharing in SharePoint 2010 Antonio Maio Senior Product Manager, Titus Inc."— Presentation transcript:

1 General Business Secure Information Sharing in SharePoint 2010 Antonio Maio Senior Product Manager, Titus Inc. antonio.maio@titus.comwww.titus.com/blog

2 General Business Agenda Sharing Information vs. Securing Information Information Security Risks in SharePoint 1.Uploading to the Wrong Location Where do I put this?! 2.Sensitive Content What’s that?! 3.Unauthorized Editing and Data LossWiki-what?! Security Strategies to deal with them Real World Experiences Checklist/Considerations: Secure Information Sharing Strategy 2

3 General Business Sharing Information vs. Security Information Balancing Information Sharing & Security is Challenging for Everyone Militaries and Governments Working to Achieve This… Relates Directly to National Security Ex. Recommendation from the 9/11 Commission to U.S. Government (Rec. #34, page 417 - 9/11 Commission Report) 3 Corporations and Business Working to Achieve This… Relates to Business Productivity

4 General Business Information Security Risks in SharePoint SharePoint is not Insecure As the amount of content in SharePoint grows… Management Consistency Take advantage of SharePoint 2010 Security Features Use 3 rd Party Security Add-On’s 4

5 General Business Information Security Risk #1 –Upload Content Users Uploading Content to Incorrect Libraries “Where do I put this thing?” Users don’t know where to upload documents Multiple document libraries look like the correct location Correct location is buried under sites and sub-sites User doesn’t care or is inexperienced Result Inherited Permissions from the site or library – Incorrectly Set Sensitive content ends up available to the masses For regulated industries, this can be a major issue – Ex. ITAR 5

6 General Business Security Strategy – Content Organizer Content Organizer in SharePoint 2010 Automatically route documents to the correct libraries and folders Documents can come from… Save As to library from within Office app Upload to library or to ‘Drop Off Library’ Automatically added to library via Web Service Send To within SharePoint Email Limit the number of items in a document library or folder 6

7 General Business Security Strategy – Content Organizer 7 Select Site Settings, then click Manage Site Features

8 General Business Security Strategy – Content Organizer 8 Activate Content Organizer

9 General Business Security Strategy – Content Organizer 9 Configure Settings and Rules… separately Things to do first: Create libraries and folders that you want documents to be routed to Content types must be associated with documents that are to be routed

10 General Business Security Strategy – Content Organizer 10 Content Organizer Settings Redirect Users to the Drop Off Library Sending to Another Site Folder Partitioning Duplicate Submissions Preserve Context Rule Managers Submission Points

11 General Business Security Strategy – Content Organizer 11 Content Organizer Rules Name Status & Priority Content Type Conditions Target Location

12 General Business Security Strategy – Using the Content Organizer 12 Using the Drop Off Library…

13 General Business Information Security Risk #2 – Sensitive Content Sensitive Content in SharePoint is fine… with proper controls Uploading Sensitive Content Can Violate Corporate Policy or Compliance Standards PCI DSS, HIPAA, ITAR, SEC Disclosure Rules Users Unaware of what Information is Sensitive and How to Handle It Easy to Upload to Wrong Library Easy to download a document, change it, re-upload 13

14 General Business Security Strategy – Classification & Visual Security Labels Classify Documents with Metadata Native SharePoint columns and metadata Managed metadata keeps metadata values standard and consistent Automatically Apply Visual Markings based on Metadata Raise Awareness within the organization What information is sensitive How should sensitive information be handled Educate users on information security policy 14

15 General Business Security Strategy – Classification & Visual Security Labels Classify Documents with Metadata Columns 15

16 General Business Security Strategy – Classification & Visual Security Labels Classify Documents with Metadata Columns 16

17 General Business Security Strategy – Classification & Visual Security Labels Managed Metadata Service – Term Store Management 17

18 General Business Security Strategy – Classification & Visual Security Labels Manage Metadata Terms Centrally for the Site Collection 18

19 General Business Security Strategy – Classification & Visual Security Labels Militaries and Governments take this very seriously Have had classification standards for decades Distinguish between Classified and Unclassified Information Defense & Aerospace have Serious Challenges with Regulations Strict compliance standards to follow Commercial Enterprises are starting to take this seriously Recent data breaches – they now see the risks and the costs Documents, Emails & SharePoint 19

20 General Business Security Strategy – Classification & Visual Security Labels Ex. ITT Faces $100 Million Fine for ITAR Violations 20

21 General Business Security Strategy – Classification & Visual Security Labels Seek out 3 rd Party Tools Headers & Footers Watermarks Time and date stamping Upon upload and bulk marking Consider file formats: MS Office and PDF documents 21 Raising Awareness and Educating Users about Sensitive Documents

22 General Business Security Strategy – Classification & Visual Security Labels SharePoint Security Goes Part of the Way Metadata Columns Managed Metadata Service Develop Yourself or Seek out 3 rd Party Tools to Complete the Solution Classify your documents with Metadata Apply Visual Markings to Documents Automate to Ensure Consistency Ensure Changes in Policy are Applied Across the Org 22

23 General Business Information Security Risk #3 – Unauthorized Editing/Data Loss Unauthorized Editing of Documents Easy to download a document, change it, re-upload it SharePoint Versioning helps - admins and content owners need to know to revert back to a previous version Data Loss Sensitive Information Incorrectly Inheriting Permissions from Parent Library or Folders Data exposed to incorrect groups/teams internally Data sent outside the organization 23

24 General Business Security Strategy – PDFs & Visual Markings on Download Unauthorized Editing - Automatically Convert to PDF SharePoint 2010 has some native capabilities Word Automation Services can convert MS Word docs Code must be written Consider all document types in play MS Excel, PowerPoint, Visio, etc… Should be automatic – convert and re-convert Keep PDFs up to date Choose from Numerous 3 rd Party Tools 24

25 General Business Consider 3 rd Party tools that mark PDF files upon Download 25 Current User Date and Timestamp Security Strategy – Classification & Visual Security Labels

26 General Business Data Loss – 2 kinds of Leaks Inadvertent Disclosure (accidental) Unauthorized Disclosure (Intentional) Use Inheritance, Permissions and Metadata Sensitive content incorrectly inheriting permissions from parent library or folders Important to understand how inheritance and permissions work 26 Security Strategy – Item-Level Permissions

27 General Business Security Strategies – Inheritance & Permissions Inheritance Permissions established for the “parent” level in a site will replicate to its children Example: give a user ‘full control’ permission to a site gives the user “full control” to every library & list in the site Permissions can also be granted at levels: Sub-site List/Library Item 27

28 General Business Security Strategies - Inheritance & Permissions Inheritance can be broken and unique permissions granted to “Child” items Once broken, any changes at the parent level will no longer propagate to the child items Permission inheritance must be broken from the parent level before custom permissions can be applied 28

29 General Business Security Strategies - Inheritance & Permissions Permissions management and inheritance is very flexible Its also very manual …and very difficult to scale as SharePoint repositories grow 29

30 General Business Security Strategies – Item-Level Permissions Use Item-Level Permissions for Sensitive Content Use where appropriate Be aware of SharePoint limitations – performance can be impacted If possible, Automate Item-Level Permissions Ensures permissions continue to be set as content grows Ensures permissions are set consistently across the entire SharePoint deployment 30

31 General Business Secure Information Sharing Strategy - Considerations Goal: Balance Sharing and Securing Information Checklist of Security Concerns to consider Administrative Access to Content Control Uploading Know what kind of information you have Classify Content with Metadata Raise Awareness about sensitive info with Visual Markings Use PDFs where necessary to avoid Unauthorized Editing 31

32 General Business Secure Information Sharing Strategy - Checklist Checklist of Security Concerns to consider Inheritance & Item-level Permissions for Sensitive Content Automate as much Security as you can Data Retention and Regular Auditing 32

33 General Business 33 Antonio Maio Senior Product Manager, Titus Inc. antonio.maio@titus.com www.titus.com/blog antonio.maio@titus.com www.titus.com/blog

Download ppt "General Business Secure Information Sharing in SharePoint 2010 Antonio Maio Senior Product Manager, Titus Inc."

Similar presentations

Copyright © 2006 Quest Software Quest SharePoint Management.

Copyright © 2006 Quest Software Quest SharePoint Management.
MediTract Contract Management Software

MediTract Contract Management Software
MICHAEL MARINO CSC 101 Whats New in Office 2007. Office Live Workspace 3 new things about Office Live Workspace are: Anywhere Access Store 1000+ Microsoft.

MICHAEL MARINO CSC 101 Whats New in Office Office Live Workspace 3 new things about Office Live Workspace are: Anywhere Access Store Microsoft.
An Introduction to Using

An Introduction to Using
Implementing enterprise governance can sometimes feel like trying to corral an exuberant crowd.

Implementing enterprise governance can sometimes feel like trying to corral an exuberant crowd.
SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)

SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)
SharePoint 2007: Enterprise Content Management (ECM) Deep Dive Erik Mau Inetium.

SharePoint 2007: Enterprise Content Management (ECM) Deep Dive Erik Mau Inetium.
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
©2011 Quest Software, Inc. All rights reserved. Steve Walch, Senior Product Manager Blog: November, 2011 Partner Training Webcast.

©2011 Quest Software, Inc. All rights reserved. Steve Walch, Senior Product Manager Blog: November, 2011 Partner Training Webcast.
AIIM Presentation Selecting and Implementing A Records Management System June 5, 2008.

AIIM Presentation Selecting and Implementing A Records Management System June 5, 2008.
Agenda 104 1.Overview 2.What is SharePoint? 3.NCDOT Websites 4.Roles 5.Search 6.SharePoint Interface.

Agenda Overview 2.What is SharePoint? 3.NCDOT Websites 4.Roles 5.Search 6.SharePoint Interface.
Welcome to the Nebraska SharePoint User Group May 7 th, 2008 Enterprise Content Management (ECM) in SharePoint Corey Erkes.

Welcome to the Nebraska SharePoint User Group May 7 th, 2008 Enterprise Content Management (ECM) in SharePoint Corey Erkes.
Microsoft Office Excel 2013 Expert Microsoft Office Excel 2013 Expert Courseware # 3254 Lesson 6: Protecting and Configuring Workbooks.

Microsoft Office Excel 2013 Expert Microsoft Office Excel 2013 Expert Courseware # 3254 Lesson 6: Protecting and Configuring Workbooks.
EDUCATION YOU CAN TRUST ® SharePoint Designer 2010 Course Review Review provided by: DNS Computing Services, LLC

EDUCATION YOU CAN TRUST ® SharePoint Designer 2010 Course Review Review provided by: DNS Computing Services, LLC
ViciDocs for BPO Companies Creating Info repositories from documents.

ViciDocs for BPO Companies Creating Info repositories from documents.
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
Module 9 Configuring Messaging Policy and Compliance.

Module 9 Configuring Messaging Policy and Compliance.

Similar presentations

Ads by Google