Webinar presented on Oct 21st (US) and Oct 23rd (EMEA), 2014 by Christian Buckley, Managing Director at GTconsult and Steve Marsh, Director of Product Marketing at Metalogix.
1. Security, Administration and Governance
for SharePoint On-Premises, Online,
and Everything In-Between
Steve Marsh, Director of Product Marketing, Metalogix
Christian Buckley, Office365 MVP and Managing Director, GTconsult
1
2. Steve Marsh
Director of Product Marketing
at Metalogix
stevem@metalogix.com
www.metalogix.com
@drstevemarsh
Christian Buckley
Managing Director at GTconsult
and Office365 MVP
cbuck@gtconsult.com
www.gtconsult.com and
www.buckleyplanet.com
@buckleyplanet
3. Serious Tools. For Serious Collaboration.
At Metalogix, our Continuing Mission
is to improve the use and performance
of Enterprise Content to power
knowledge sharing and collaboration.
14,000+ customer licenses shipped
Fastest Growing and Largest ISV.
Complete & Best-of-Breed tools for
mission-critical collaboration platforms.
We are committed to your
Success with Collaboration
across Exchange, SharePoint
and the Cloud.
3
4.
5. Managing SharePoint
On-Premises vs. Online
5
What we’ll cover today:
• The evolution of SharePoint management
• What’s different about SharePoint Online
• Considerations for your transition to the cloud
• Considerations for managing a hybrid solution
8. Cloud Infrastructure Options
Private Cloud Hybrid Cloud
Public Cloud
8
Infrastructure
maintained solely
for customer
On premises or off
Managed by the
customer, or by a
3rd party hoster
Multiple
infrastructure
options
Components both
on premises and off
premises
Management spread
between customer
and 3rd party hosters
Infrastructure
shared by multiple
customers
Off premises
Managed by 3rd
party on behalf of
customers
10. 10
Partner Hosted Private
Cloud
• Dedicated environment
• Externally hosted
• Externally or internally
managed
• Internally designed
Self Hosted
Private Cloud
• Dedicated environment
• Internally hosted
• Internally managed
• Internally designed
Shared or Dedicated
Public Cloud
• Shared or dedicated
environment
• Externally hosted
• Externally managed
• Externally designed
Public Dedicated Cloud
• Partially or fully dedicated
• Externally hosted
• Externally or internally managed
• Minimal customization
Traditional
on premises
Ye Olde Build vs. Buy argument
11. What are the 5 most common
SharePoint management
concerns?
11
12. 1. Defining (and communicating)
policies and procedures
Always start with non-technical elements
Develop a security policy
Implement a training plan for end users
Develop a strategy for ensuring
users know what content
is confidential
12
34% of IT administrators said that
they'd "sneaked a peek" at
documents they weren't authorized
to view, including employee details
and salary information (DarkReading)
13. 2. Failure to implement any kind of
permissions best practices
Apply permissions using Least Privileged principles
Don’t give users Direct Access
Embrace SharePoint Groups and/or Active Directory Groups
Ensure Appropriate Use of the Authenticated Users Group
Clean up Orphan Users
Use Broken Inheritance Responsibly
Revoke permissions quickly
13
14. 3. Failure to regularly audit access
to content and sites
Are we adhering to Compliance or Governance requirements?
Who has been accessing specific content?
How often are specific sites being accessed?
What features of SharePoint are being used?
Are we managing the volume of log data?
14
15. 4. Failure to monitor changes to
15
security settings
SharePoint security requirements change
over time
Ensure users are continuing to adhere to
security policies
Prevent users from causing havoc
We need to plan how we will stay on top of
changes
16. 5. Failure to empower users and admins with
the right tools and permissions
Rapid provisioning of sites and permissions
Find your responsible business content
owners
Enable and Equip them to manage access to
their content
Ensure management access is limited to those
with appropriate permissions
Segment your administration responsibilities
– Power Users, business owners
16
17.
18. Out of the Box Admin Toolkit
18
The Usual Three Suspects
Permissions Management
Reporting & Insight – e.g. usage, growth
Responding to Audit requests
Clean-up of sites and content
19. Managing Permissions
19
Farm Admin is Site Collection Admin
AD v SP Groups
Broken Inheritance
Direct Permissions
Misuse of “Authenticated Users”
Anonymous Access
20. Auditing Usage in SharePoint
20
Beware of the large log file
Beware of the “disappearing” log file
Reactive v Proactive
Be prepared for lots of mouse clicks
Brush up on your Excel skills
Brush up on your SSRS skills
25. The Security and Compliance Gap
25
36 percent of SharePoint users
are breaching security policies-
CMSWire
A survey revealed that 79 percent of the
respondent said that they stored sensitive or
confidential information on the SharePoint
platform - CMSWire
Only 18 percent of
enterprises use technical
controls to prevent access to
sensitive information. Most
— 73 percent — rely on
written policies or informal
understandings with their
workforce - CMSWire
“60% of organizations have yet to bring
SharePoint into line with existing data
compliance policies.” – AIIM
Two-thirds of SharePoint-using
companies in a recent survey have
admitted to having ‘no active
security policy’ in place -Emedia
26. The SharePoint Governance Gap
view SharePoint Governance as critical have a well defined strategy
26
67%
26%
80%
70%
60%
50%
40%
30%
20%
10%
0%
- Redmond Magazine Survey, 2013
29. Tactical Team Responsibilities
Operations Team
• Help Enforce Governance
Plan
• Manage Routine
Maintenance Tasks:
• Nightly Backups
• Usage Monitoring & Analysis
• Scheduled Task Validation
• Security Release & System
Upgrades
Support Team
• Create Support
System with SLA’s
• Respond to
questions, bugs and
other issue resolution
• Provide typical
SharePoint Admin
roles such as:
• Site Provisioning
• Security
Permissions for
users and groups
Development Team
• New features and
program
management while
adhering to
standards.
• Develop customized
& personalized
solutions for
departments &
division sites.
Whose job will be changing the most?
From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole
30. Tactical Team Responsibilities
Operations Team
• Help Enforce Governance
Plan
• Manage Routine
Maintenance Tasks:
• Nightly Backups
• Usage Monitoring & Analysis
• Scheduled Task Validation
• Security Release & System
Upgrades
• Oracle & DBA Role will be
eliminated
• Active Directory Role could
change (Ping Identity, FBA, etc.)
• No Equipment to Support
Support Team
• Create Support
System with SLA’s
• Respond to
questions, bugs and
other issue resolution
• Provide typical
SharePoint Admin
roles such as:
• Site Provisioning
• Security
Permissions for
users and groups
Development Team
• New features and
program
management while
adhering to
standards.
• Develop customized
& personalized
solutions for
departments &
division sites.
From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole
31. Impacts of Office 365
In some ways, it simplifies
Governance
SharePoint and Exchange are
primarily affected
Biggest impact of 365 has is on
sizing limits
Data sprawl must be watched
more carefully in Office 365 to
avoid hitting capacity limits!
Feature Specifications
Storage (pooled)
10 GB per user
500 MB per enterprise user
5 TB per Company
Site collection
storage quotas
1 TB
OneDrive for
Business storage
allocation
1 TB
Site collections
per tenant
500,000
Mailbox Size 25 gig
From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole
32. Management Shell
SharePoint Online Management Shell is a Windows PowerShell module that
you can use to efficiently manage SharePoint Online users, sites, site
collections, and organizations
You can find a list of
available cmdlets
here (TechNet)
33. Simple mode Admin experience
When you’re in Simple mode in the SharePoint Online admin center, the left-hand navigation
shows only site collections, user profiles, and settings.
35. Streamlined Admin tasks
Easier to add users, auto assign available licenses, reset passwords,
and manually set passwords (instead of auto generated)
36. Creating information
management policies
Create a policy to use on multiple content types within a site collection.
Create a policy for a site content type.
Create a policy for a list or library. (location-based retention policy)
39. Adjusting to Office 365 Updates
No access to Correlation errors or backend.
No ability to troubleshoot.
The continual updates to the site can also cause strange errors.
You may have to use different management tools.
Moving to Office 365 means giving up some level of control. For
example, you won't have any control over the patch
management process, software upgrades, and other similar
administrative tasks.
39
40.
41. Factors in your hybrid planning
Location / facilities
Software licenses and support
Hardware and maintenance
Onsite support, personnel skills
Level of customization
Governance, auditing, security, compliance
Disaster Recovery and Business Continuity
Upgrades and migration
41
42. On Premises Cloud Hybrid
Need space and
maintenance planning Most likely provided
42
Licensing costs, but also
upgrades and ongoing
support
Included in vendor-hosted
solutions
Need to purchase,
support and maintain,
and upgrade as
platform matures
Included in vendor-hosted
solutions
Administrative,
developer, and end user
skills and training
Still requires
administrative and
possibly dev skills, end
user training
Need space and
maintenance planning
Licensing costs, but also
upgrades and ongoing
support
Need to purchase,
support and maintain,
and upgrade as
platform matures
Administrative,
developer, and end user
skills and training
43. On Premises Cloud Hybrid
43
Full control
Limited to none in SaaS,
some control over PaaS,
full control over IaaS
Limited ability to
integrate depending on
SaaS, PaaS, or IaaS
Many limitations OTB,
but very robust tools
from partners Limited
Very complex across
on prem and cloud
components, very
manual
Needs to be planned,
limited features OTB Defined in SLAs
Some OTB capabilities, 3rd
party for tighter control
and predictability
Microsoft
recommends 3rd party
tools
Very complex across
on prem and cloud
components, very
manual
Some OTB capabilities, 3rd
party for tighter control
and predictability
44. Hybrid Health Warning!
44
Search Experience Limitations
Authentication Challenges
Lack of “Global” Navigation
Broken User Experience?
Different Release Schedules
As Complexity Increases the
Inherent Weaknesses in the
Out of the Box Tools will be
Magnified! (1+1=5)
46. 46
Best Practices
Focus on the user experience
Make governance a priority
Understand how your common management tasks scale across your online
and on-premises systems
Clarify and document your permissions, information architecture, templates,
content types, taxonomy -- and ownership of each
First define what policies, procedures, and metrics are needed to manage
your environment, and then look at what is possible across your various tools
and platforms
47. ControlPoint: Security and Compliance
Objectives Benefits
47
Minimize or eliminate security breaches &
unauthorized access to sensitive content
Meet compliance requirements for access
control
Anticipate future IT needs to manage at scale
Eliminate human error with policy driven
security across SharePoint farms
Mitigate risk of data loss due to unauthorized
access to content
Provide audit trails of content access
Provide details of content growth and user
activity
Provide automation of governance policies
48. 30 Day Trial of ControlPoint
www.metalogix.com/controlpoint
Governance Best Practices E-Book
http://www.metalogix.com/Resources/Promotions/ControlPoint/White-Papers-and-
E-books/SharePoint-Governance-Best-Practices.aspx
5 Step Plan for Securing SharePoint E-Book
http://www.metalogix.com/Resources/Promotions/ControlPoint/White-Papers-and-
E-books/5-Step-Plan-To-Securing-SharePoint.aspx
Recorded Webinar – SharePoint Permissions Audits,
Reports & Policy Enforcement
http://www.metalogix.com/Resources/Promotions/ControlPoint/recordings/14
0925-us-cp-wb-sharepoint-permissions-audits-reports-and-policy-enforcements
48
49. Thank You
Steve Marsh
Director of Product Marketing
at Metalogix
stevem@metalogix.com
www.metalogix.com
@drstevemarsh
Christian Buckley
Managing Director at GTconsult
and Office365 MVP
cbuck@gtconsult.com
www.gtconsult.com and
www.buckleyplanet.com
@buckleyplanet
Decisions need to be made about build or buy, out source or keep in house
Can’t restrict people from “collaborating” – that’s why we have SP - 34% of respondents also said they'd never even considered the security implications surrounding SharePoint – consider including how to share content as part of the strategy since people will. put clear policies in place regarding how information can be shared, and then to monitor access and enforce policy compliance
Training - 92% agreed that removing information from SharePoint made it less secure, but 30% were willing to take that risk "if it helps me get the job done."
Classify sites as confidential or non-confidential – sensitivity level – maybe it’s customer or partner focused sites vs intranet sites
Yet the study discovered that 65% of respondents are not yet marking any of their data. A very low 9% of respondents said they protectively mark all emails, and the same percentage said they do the same for all documents. Only 17% of respondents said they mark all email and documents
Demo –
Permissions Report
Highlight how someone gets permissions
Show users with Direct Permissions
Show Cleanup User Permissions
Show Authenticated Users
Orphan User
Revoke Permissions
From pervious slide – show tagging sites to show confidential, etc
Demo
Audit log report
Site or Site Collection features
Talk about archiving the audit log
Demo
CP alerts for permissions changes - Receive alerts when changes are made
CP policies - Prevent users from causing havoc
If your organization were only to implement one SharePoint site, administration would be a breeze. There would always be a clear path of what is happening and how to get from point A to point B.
But none of us administrate one site.
The good news is your organization is committed to SharePoint.
The bad news is broad adoption breeds complexity. The more engaged your users, the more work it requires to maintain visibility and control.
Think of it like a highway– one that is constantly growing, paths evolving, visitors changing…
Out of the box tools don not adequately meet the needs of SharePoint Administrators for the modern SharePoint deployment.
Permissions management is in siloes for individual site collections, sites or lists.
Broken inheritance when used properly is good, when used incorrectly is a security nightmare.
Ability to know who accessed what content, when di they access something or how often is nearly impossible to obtain
Insider threats, compliance rules and regulations are increasingly difficult to manage or meet
If the percentages here are extrapolated across the entire SharePoint user set, then there is a significant problem here
In more organizations the corn maze of SharePoint creates a governance gap.
Startling Truth:
67% of organizations view SharePoint Governance as critical but only 26% have a well defined strategy (Source: Axceler Governance Benchmark Survey of 1,000+ SharePoint Administrators)
The Gap exists because without the right tools it’s HARD not to get lost in the maze. And the result is not only a lot of time is wasted trying to pull data from across multiple sites & farms – but policy enforcement becomes impossible.
But there is light shining on the maze.
Axceler clients rate better on the SharePoint Maturity Spectrum because organizations with 3rd party tools (such as Axceler) are 3X as likely to run regular audits and conduct other governance best practice activities…because they now have the capability to do so.
A failure of policy, inadequate procedures and lack of technical enforcement can often lead to serious data leaks
These factors will help you decided how much your own organization can support, as well as help you determine the suitability of vendors