5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit



Similar documents
How to Secure Your SharePoint Deployment

SharePoint Governance & Security: Where to Start

Securing SharePoint 101. Rob Rachwald Imperva

10 Building Blocks for Securing File Data

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

10 Things Every Web Application Firewall Should Provide Share this ebook

End-to-End Application Security from the Cloud

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Applications and data are the main targets for modern attacks. Adoption of dedicated application and data security concepts, technologies and

White Paper. Managing Risk to Sensitive Data with SecureSphere

The New PCI Requirement: Application Firewall vs. Code Review

White Paper. Imperva Data Security and Compliance Lifecycle

Enterprise-Grade Security from the Cloud

ALERT LOGIC FOR HIPAA COMPLIANCE

White Paper. What Auditors Want Database Auditing. 5 Key Questions Auditors Ask During a Database Compliance Audit

Protecting What Matters Most. Bartosz Kryński Senior Consultant, Clico

What Next Gen Firewalls Miss: 6 Requirements to Protect Web Applications

Privilege Gone Wild: The State of Privileged Account Management in 2015

Contents of This Paper

Privilege Gone Wild: The State of Privileged Account Management in 2015

Akamai to Incapsula Migration Guide

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

Cutting the Cost of Application Security

Compliance and Security Solutions

Securing and Monitoring Access to Office 365

Extreme Networks Security Analytics G2 Risk Manager

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Facing Reality: Top Database Security Trends. Database security continues to be a top priority. » SQL Injection Attacks

FISMA / NIST REVISION 3 COMPLIANCE

Strengthen security with intelligent identity and access management

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Complete Database Security. Thomas Kyte

IBM Security QRadar Risk Manager

Stay ahead of insiderthreats with predictive,intelligent security

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Security for PCI Compliance Addressing Security and Auditing Requirements for In-scope Web Applications, Databases and File Servers

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Protecting Business Information With A SharePoint Data Governance Model. TITUS White Paper

The Cloud App Visibility Blindspot

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

IBM Security QRadar Risk Manager

We Secure What Matters Most: The Data Center. In physical, virtual, and cloud environments

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

SANS Top 20 Critical Controls for Effective Cyber Defense

ARS v2.0. Solution Brief. ARS v2.0. EventTracker Enterprise v7.x. Publication Date: July 22, 2014

Proven LANDesk Solutions

Cenzic Product Guide. Cloud, Mobile and Web Application Security

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information

Understanding Enterprise Cloud Governance

Top Five Security Must-Haves for Office 365. Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

SM B13: Symantec Data Insight Ketan Shah, Principal Product Manager John Dodds, Director Technical Product Manager

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

An Oracle White Paper June Oracle Database Firewall 5.0 Sizing Best Practices

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

IBM Security Intelligence Strategy

IBM QRadar Security Intelligence April 2013

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

An Oracle White Paper January Oracle Database Firewall

IBM SECURITY QRADAR INCIDENT FORENSICS

Safeguarding the cloud with IBM Dynamic Cloud Security

Imperva SecureSphere Data Security

Hacker Intelligence Initiative, Monthly Trend Report #15

The problem with privileged users: What you don t know can hurt you

Addressing Security for Hybrid Cloud

how can I comprehensively control sensitive content within Microsoft SharePoint?

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Application Layer Encryption: Protecting against Application Logic and Session Theft Attacks. Whitepaper

CA Service Desk Manager

How To Buy Nitro Security

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

8 Steps to Holistic Database Security

Top 10 Most Popular Reports in Enterprise Reporter

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

Data Masking: A baseline data security measure

I D C A N A L Y S T C O N N E C T I O N

An Oracle White Paper January Oracle Database Firewall

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

FIREMON SECURITY MANAGER

Enforcive /Cross-Platform Audit

Managing Unstructured Data: 10 Key Requirements

Real-Time Security Intelligence for Greater Visibility and Information-Asset Protection

Transcription:

SharePoint Security Playbook 5 Lines of Defense You Need to Secure Your SharePoint Environment

Contents IT S TIME TO THINK ABOUT SHAREPOINT SECURITY Challenge 1: Ensure access rights remain aligned with business needs Challenge 2: Address compliance mandates Challenge 3: Respond to suspicious activity in real time Challenge 4: Protect Web applications from attack Challenge 5: Take control when migrating data Conclusion: SharePoint Security Checklist ABOUT IMPERVA

It s Time to Think about SharePoint Security The increasing use of Microsoft SharePoint to store sensitive business data and extend access and collaboration to partners, customers, and suppliers has outpaced native SharePoint security capabilities. More and more organizations are storing and accessing sensitive, regulated information through this platform. To improve business security, organizations must invest in organizing, managing, and protecting these valuable assets. By implementing the five lines of defense outlined in this playbook, you will be able to overcome operational challenges and protect your SharePoint deployments against both internal and external threats.

CHALLENGE #1 Ensure access rights remain aligned with business needs. Unstructured data now accounts for more than 90% of the Digital Universe. -IDC 2011 SharePoint Security Gap Without an aggregated, centralized system to view rights information, SharePoint permissions for each site collection must first be extracted to an Excel spreadsheet and then combined by hand to analyze. And, that analysis must be done manually within Excel or exported yet again to a third-party analytics platform.

CHALLENGE #1 Ensure access rights remain aligned with business needs. The Play Aggregate permissions across the entire SharePoint deployment and automate the review process to keep rights aligned with business needs. The Advantage - Understand who has access to what data or, conversely, what data any given user or group can access, and how that access was assigned or inherited. - Simplify the process of identifying where excessive access rights have been granted, if there are dormant users, and who owns each item and document. - Help administrators and data owners establish a baseline snapshot of access rights and conduct rights reviews.

CHALLENGE #2 Address compliance mandates. 60% of organizations have yet to bring SharePoint into line with existing data compliance policies. -AIIM 2011 SharePoint Security Gap Native SharePoint activity monitoring lacks an intuitive, easy-to-use interface for reporting and analytics. Without a third-party solution, businesses must first decode SharePoint s internal representation of log data before they can access meaningful information.

CHALLENGE #2 Address compliance mandates. The Play Use enterprise-class technology that combines permissions and activity details to automate compliance reporting. The Advantage - Generate compliance reports on-time and tailored to each recipient s needs. - Drill down, filter, and organize data. - Enrich native data with relevant information, such as type of data, department, and data owner.

CHALLENGE #3 Respond to suspicious activity in real time. 96% of breaches were avoidable through simple or intermediate controls. -Verizon Data Breach Report 2011 SharePoint Security Gap Native SharePoint activity auditing does not provide the ability to automatically analyze access activity and respond with an alert or block.

CHALLENGE #3 Respond to suspicious activity in real time.?! The Play Use a policy framework to build rules across SharePoint s Web, file, and database components to identify suspicious behavior and complement native access controls. The Advantage - Monitor, control, and respond to suspicious activity in real time. - Balance the need for trust and openness with security concerns.

CHALLENGE #4 Protect Web applications from attack. 31% of organizations are using SharePoint for externally facing Web sites, and another 47% are planning to do so. -Forrester Research, Inc. 2011 SharePoint Security Gap Native SharePoint does not include Web application firewall protection.

CHALLENGE #4 Protect Web applications from attack. Keep Out (PLEASE) ADMIN DATABASE SharePoint The Play Deploy a proven Web application firewall (WAF) technology. The Advantage - Provide a powerful defense against common attacks, such as SQL injection and cross-site scripting. - Streamline and automate regulatory compliance. - Mitigate data risk.

CHALLENGE #5 Take control when migrating data. SharePoint 2010 deployments grew 5x in the past six months. -Global 360 2011 SharePoint Security Gap SharePoint enforces access controls for files using Access Control Lists (ACLs). What makes native permissions challenging, however, is that SharePoint lacks an automated way to ensure that ACLs remain aligned with business needs.

CHALLENGE #5 Take control when migrating data. The Play Identify where excessive access rights have been granted, and use file activity monitoring to locate stale data that can be archived or deleted. The Advantage - Keep rights aligned with business needs. - Free up storage space and reduce the amount of data that must be actively managed.

SharePoint Security Checklist Jump start your Microsoft SharePoint security efforts with this quick reference guide Get ahead of all SharePoint deployments Implement a SharePoint governance policy Put security requirements in place when SharePoint instances go live Look beyond native SharePoint security features Specify what kind of information can be put on SharePoint Concentrate on business-critical assets first Start with regulated, employee, or proprietary data, and intellectual property Streamline access to a business need-to-know level Identify and clean up dormant users and stale data Alert on unauthorized access Establish a regular review cycle for dormant users, stale data, and excessive rights Protect Web sites from external attack Identify SharePoint Web applications that work with sensitive data Deploy a Web application firewall to monitor and protect sensitive SharePoint Web sites, portals, and intranets Respond to suspicious activity such as external users accessing admin pages Enable auditing for compliance and forensics Who owns this data? Who accessed this data? When and what did they access? Have there been repeated failed login attempts? Work with data owners to manage user access Locate data owners Create permission reports so data owners have visibility into who can access their data Validate with owners that access to data is legitimate Create usage reports so owners can see who is accessing their data

About Imperva Imperva data security solutions provide visibility and control of high-value business data across critical systems within the data center. Imperva SecureSphere includes database, file, and Web application security solutions that prioritize and mitigate risks to business data, protect against hackers and malicious insiders, and streamline regulatory compliance. Find Us on the Web Contact Us Direct Read our Blog Facebook Twitter SlideShare YouTube Imperva Headquarters 3400 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 Tel: +1-650-345-9000 Fax: +1-650-345-9004 Toll Free (U.S. only): +1-866-926-4678 www.imperva.com Copyright 2012 Imperva, Inc. All rights reserved. Imperva, the Imperva logo and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information