SlideShare une entreprise Scribd logo

SharePoint Security Risks and Compliance - Best Practices for Governance

A
AntonioMaio2

Organizations are generating vast amounts of content and, with mobile access, enterprise social collaboration and cloud solutions, employees are sharing information in new ways, continually expanding how we collaborate. Microsoft SharePoint has become the corporate information hub for most organizations, and SharePoint content is often coming from for both internal employees as well as external partners and clients. This presents new risks to organizations like the inadvertent exposure of sensitive information, malware entering the enterprise and regulatory compliance issues. It’s important to consider if you are protecting yourself against these types of security risks and compliance issues? Is your corporate SharePoint Strategy using the best practices available for information security and governance? In this live webinar, Antonio Maio, Microsoft SharePoint MVP, and Chris Taylor, Trend Micro Director of Global Product Marketing, will discuss how current shifts in SharePoint utilization can create risks and compliance concerns for even the most veteran users and IT organizations. A live recording of this webinar can be found by visiting: https://www.brighttalk.com/webcast/1506/102913

Technologie
1  sur  29
SharePoint Security Risks & Compliance: Best Practices for Governance Antonio Maio SharePoint Consultant, Microsoft SharePoint MVP www.trustsharepoint.com @AntonioMaio2 Chris Taylor Dir of Global Product Mgt Trend Micro @ctaylor123 Presented by: To listen to the online recording visit: https://www.brighttalk.com/webcast/1506/102913
Microsoft SharePoint has Grown to be Critical Business Infrastructure 23/25/2014 Copyright 2014 Trend Micro Inc. 80% Fortune 500s Use SharePoint 62% SharePoint Users Use It Every Day 125M SharePoint Licenses Worldwide > *
SharePoint is Not just a Web Application 33/25/2014 Copyright 2014 Trend Micro Inc. SharePoint is a Platform on which Business is Run
Information is the New Currency 43/25/2014 Copyright 2014 Trend Micro Inc. Sharing Information is Critical to Business Success
Sharing with Internal Teams and Knowledge Workers 53/25/2014 Copyright 2014 Trend Micro Inc. Traditional SharePoint Deployments… *Microsoft Case Study (United Airlines and SharePoint 2013) http://bit.ly/1is4RWO
Information Sharing is Evolving… 63/25/2014 Copyright 2014 Trend Micro Inc. Going beyond the Traditional!
Extranet: Sharing with External Partners 73/25/2014 Copyright 2014 Trend Micro Inc. *Microsoft Case Studies: • (FTN Financial Group and SharePoint 2010) http://bit.ly/1nbojZT • (IBE Consulting Engineers and SharePoint 2013) http://bit.ly/1nbod4n Public Web Sites: Sharing with Customers
Cloud Deployments - SharePoint Online and the Hybrid Environment 83/25/2014 Copyright 2014 Trend Micro Inc. SharePoint Online Widely Shared Data SharePoint On Premise Sensitive Internal Data
Risk: Information Leaks • The Insider Threat • Inadvertently leaking PII, PHI outside the organization • Sharing incorrect information with partners 93/25/2014 Copyright 2014 Trend Micro Inc.
Risk: Malware & Viruses • Malware Infected Content • Malicious URLs 103/25/2014 Copyright 2014 Trend Micro Inc.
Risk: Loss of Productivity • IT Costs • System Downtime • Information Leaks in the Press 113/25/2014 Copyright 2014 Trend Micro Inc.
Plan for Governance and Security • Know your Data and Where its Coming From • Understand your Obligations and your Risks • Insider Threats • Inadvertent Data Leaks • Malware and Viruses • Regulatory Compliance Obligations • Risks to Productivity and Reputation • Plan and Document Governance Strategies • Protect your Content and Infrastructure • Automate as Much as Possible 123/25/2014 Copyright 2014 Trend Micro Inc.
What Data Do You Need to Control? 3/25/2014 13Copyright 2014 Trend Micro Inc. Privacy: Customer, Employee & Patient Data (structured) Regulatory Compliance • Account Information • Credit Card Numbers • Contact Information • Health Information Intellectual Property (unstructured) Competitive • Source Code • Engineering Specs • Strategy Documents • Pricing Company Confidential (unstructured) Contracts Reputation • Quarterly Results • M&A Strategy • Internal Conversations
What Data Do You Need to Control? • Privacy data – Industry specific: HIPAA, PCI,… – Personal information: personnel records, ID numbers 3/25/2014 14Copyright 2014 Trend Micro Inc. Mississippi Guard Personnel Information Compromised
• Higher impact to worker productivity • Higher IT/Compliance Admin review time • Lower risk of data leak / compliance violation Trading Off Review Time vs. Productivity vs. Risk When Using DLP Controls 3/25/2014 15Copyright 2014 Trend Micro Inc. Quarantine/ Block Warn UserAlert Admin / Report
Trading Off Review Time vs. Productivity vs. Risk When Using DLP Controls 3/25/2014 16Copyright 2014 Trend Micro Inc. Quarantine/ Block Warn UserAlert Admin / Report Use threshold settings for # violations in one document: vs.
Risk of Inappropriate Content 3/25/2014 17Copyright 2014 Trend Micro Inc. physical team discussion virtual team discussion vs. What’s the difference between these two scenarios?
Where is Inappropriate Content Most Likely to Occur? (i.e. harassment, profanity,…) 3/25/2014 18Copyright 2014 Trend Micro Inc. Forums, social sites, blog comments… (web parts) Documents or
Where is Inappropriate Content Most Likely to Occur? (i.e. harassment, profanity,…) 3/25/2014 19Copyright 2014 Trend Micro Inc. Forums, social sites, blog comments… (web parts) Documents or Most content filtering solutions can’t look here
Users Outside Your Control Increase Malware Risk 3/25/2014 20Copyright 2014 Trend Micro Inc. Employees
Users Outside Your Control Increase Malware Risk 3/25/2014 21Copyright 2014 Trend Micro Inc. Contractors, consultants Mobile / Remote workers Employees
Users Outside Your Control Increase Malware Risk 3/25/2014 22Copyright 2014 Trend Micro Inc. Partners, Customers Contractors, Consultants Mobile / Remote workers Employees
Malware Scanning Considerations • Standard server security can’t scan SharePoint content! 3/25/2014 23Copyright 2014 Trend Micro Inc. Server SharePoint Content
Malware Scanning Considerations • Standard server security can’t scan SharePoint content! • Real-time scan vs. manual/scheduled scans • Is your malware scanner compatible with your SharePoint storage plans? – Remote BLOB, Shredded storage 3/25/2014 24Copyright 2014 Trend Micro Inc. 90,000 new threats / day Server SharePoint Content
Trend Micro: The largest independent security provider Global Security Leader: • Server • Virtualization • Cloud Mission: Protecting the exchange of digital information for businesses and consumers How We Do It Global Threat Intelligence • 1,200 threats experts Who We Are Eva Chen: Co-Founder / CTO  CEO 25 Years of Innovation 36 Offices Worldwide 5,000 Employees 1,500 R&D Engineers $1.2B USD Revenue Protect 48 of 50 top global corporations Cloud Security R&D: $400M USD & 500 engineers over last 4 years 3/25/2014 25Confidential | Copyright 2012 Trend Micro Inc. What We Do
Trend Micro PortalProtect for SharePoint • Securing SharePoint since 2002 3/25/2014 26Copyright 2014 Trend Micro Inc. Application Servers Database Servers Corporate users External users SharePoint Web Servers
Trend Micro PortalProtect for SharePoint • Securing SharePoint since 2002 • Comprehensive content protection: – Top antimalware (AV-Test.org) – Unique malicious URL protection – Content filtering for web parts (& docs) – DLP included 3/25/2014 27Copyright 2014 Trend Micro Inc. Application Servers Database Servers Corporate users External users SharePoint Web Servers
Trend Micro PortalProtect for SharePoint • Securing SharePoint since 2002 • Comprehensive content protection: – Top antimalware (AV-Test.org) – Unique malicious URL protection – Content filtering for web parts (& docs) – DLP included • Supports: – SharePoint 2013 / 2010 / 2007 – Remote BLOB / Shredded storage – Virtual and cloud datacenters 3/25/2014 28Copyright 2014 Trend Micro Inc. Application Servers Database Servers Corporate users External users SharePoint Web Servers
Thank You 29 Antonio Maio SharePoint Consultant, Microsoft SharePoint MVP www.trustsharepoint.com @AntonioMaio2 Chris Taylor Dir of Global Product Mgt Trend Micro @ctaylor123 To listen to the online recording visit: https://www.brighttalk.com/webcast/1506/102913

Recommandé

Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013
AntonioMaio2
 
Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013
AntonioMaio2
 
SharePoint Security Management - Lessons Learned
SharePoint Security Management - Lessons LearnedSharePoint Security Management - Lessons Learned
SharePoint Security Management - Lessons Learned
Benjamin Niaulin
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
AntonioMaio2
 
SharePoint Team Sites Overview - A High Level Introduction into Team Sites
SharePoint Team Sites Overview - A High Level Introduction into Team SitesSharePoint Team Sites Overview - A High Level Introduction into Team Sites
SharePoint Team Sites Overview - A High Level Introduction into Team Sites
Ivor Davies
 
SPSSV 2013 - Ultimate SharePoint Infrastructure Best Practices Session
SPSSV 2013 - Ultimate SharePoint Infrastructure Best Practices SessionSPSSV 2013 - Ultimate SharePoint Infrastructure Best Practices Session
SPSSV 2013 - Ultimate SharePoint Infrastructure Best Practices Session
Michael Noel
 
Get > Set > Go On Sharepoint 2013
Get > Set > Go On Sharepoint 2013Get > Set > Go On Sharepoint 2013
Get > Set > Go On Sharepoint 2013
Amos Wachanga
 
Discover SharePoint 2013
Discover SharePoint 2013Discover SharePoint 2013
Discover SharePoint 2013
Benjamin Niaulin
 

Recommandé

Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013
AntonioMaio2
 
Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013
AntonioMaio2
 
SharePoint Security Management - Lessons Learned
SharePoint Security Management - Lessons LearnedSharePoint Security Management - Lessons Learned
SharePoint Security Management - Lessons Learned
Benjamin Niaulin
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
AntonioMaio2
 
SharePoint Team Sites Overview - A High Level Introduction into Team Sites
SharePoint Team Sites Overview - A High Level Introduction into Team SitesSharePoint Team Sites Overview - A High Level Introduction into Team Sites
SharePoint Team Sites Overview - A High Level Introduction into Team Sites
Ivor Davies
 
SPSSV 2013 - Ultimate SharePoint Infrastructure Best Practices Session
SPSSV 2013 - Ultimate SharePoint Infrastructure Best Practices SessionSPSSV 2013 - Ultimate SharePoint Infrastructure Best Practices Session
SPSSV 2013 - Ultimate SharePoint Infrastructure Best Practices Session
Michael Noel
 
Get > Set > Go On Sharepoint 2013
Get > Set > Go On Sharepoint 2013Get > Set > Go On Sharepoint 2013
Get > Set > Go On Sharepoint 2013
Amos Wachanga
 
Discover SharePoint 2013
Discover SharePoint 2013Discover SharePoint 2013
Discover SharePoint 2013
Benjamin Niaulin
 
OneDrive for Business Administration Security Compliance Boston Office 365 Us...
OneDrive for Business Administration Security Compliance Boston Office 365 Us...OneDrive for Business Administration Security Compliance Boston Office 365 Us...
OneDrive for Business Administration Security Compliance Boston Office 365 Us...
Oliver Bartholdson
 
How to best setup SharePoint 2013, Web Apps, Workflow Manager with Powershell
How to best setup SharePoint 2013, Web Apps, Workflow Manager with PowershellHow to best setup SharePoint 2013, Web Apps, Workflow Manager with Powershell
How to best setup SharePoint 2013, Web Apps, Workflow Manager with Powershell
Samuel Zürcher
 
Power Up with PowerApps
Power Up with PowerAppsPower Up with PowerApps
Power Up with PowerApps
Bobby Chang
 
10 Reasons to Avoid Folders in SharePoint 2013/2010
10 Reasons to Avoid Folders in SharePoint 2013/201010 Reasons to Avoid Folders in SharePoint 2013/2010
10 Reasons to Avoid Folders in SharePoint 2013/2010
Bobby Chang
 
Don't Suck at SharePoint - Avoid the common mistakes
Don't Suck at SharePoint - Avoid the common mistakesDon't Suck at SharePoint - Avoid the common mistakes
Don't Suck at SharePoint - Avoid the common mistakes
Benjamin Niaulin
 
12 13-2011 - arezzo&co investor day - retail presentation
12 13-2011 - arezzo&co investor day - retail presentation12 13-2011 - arezzo&co investor day - retail presentation
12 13-2011 - arezzo&co investor day - retail presentation
Arezzori
 
4 q12 arezzo_apresentacao_call eng
4 q12 arezzo_apresentacao_call eng4 q12 arezzo_apresentacao_call eng
4 q12 arezzo_apresentacao_call eng
Arezzori
 
How Is Mine Doing 2011
How Is Mine Doing 2011How Is Mine Doing 2011
How Is Mine Doing 2011
OBristowe
 
Millainen olisi Porin alueen uusi kunta?
Millainen olisi Porin alueen uusi kunta?Millainen olisi Porin alueen uusi kunta?
Millainen olisi Porin alueen uusi kunta?
TimoAro
 
Ntu life of a foreigner
Ntu life of a foreigner Ntu life of a foreigner
Ntu life of a foreigner
Pablo Echeverria
 
Closing marks
Closing marksClosing marks
Closing marks
Arezzori
 
May 2012 - institutional presentation - may, 2012
May 2012 - institutional presentation - may, 2012May 2012 - institutional presentation - may, 2012
May 2012 - institutional presentation - may, 2012
Arezzori
 
2011 Canadian Institute - Records Retention - The Indispensable Nitty Gritty ...
2011 Canadian Institute - Records Retention - The Indispensable Nitty Gritty ...2011 Canadian Institute - Records Retention - The Indispensable Nitty Gritty ...
2011 Canadian Institute - Records Retention - The Indispensable Nitty Gritty ...
Keith Atteck C.Tech. ERMm
 
Institutional presentation 3 q13
Institutional presentation 3 q13Institutional presentation 3 q13
Institutional presentation 3 q13
Arezzori
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + Security
AntonioMaio2
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365
AntonioMaio2
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maio
AntonioMaio2
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat team
AntonioMaio2
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maio
AntonioMaio2
 
SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?
AntonioMaio2
 
Office 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioOffice 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maio
AntonioMaio2
 
Real world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedReal world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - published
AntonioMaio2
 

Contenu connexe

En vedette

Don't Suck at SharePoint - Avoid the common mistakes
Don't Suck at SharePoint - Avoid the common mistakesDon't Suck at SharePoint - Avoid the common mistakes
Don't Suck at SharePoint - Avoid the common mistakes
Benjamin Niaulin
 
12 13-2011 - arezzo&co investor day - retail presentation
12 13-2011 - arezzo&co investor day - retail presentation12 13-2011 - arezzo&co investor day - retail presentation
12 13-2011 - arezzo&co investor day - retail presentation
Arezzori
 
4 q12 arezzo_apresentacao_call eng
4 q12 arezzo_apresentacao_call eng4 q12 arezzo_apresentacao_call eng
4 q12 arezzo_apresentacao_call eng
Arezzori
 
How Is Mine Doing 2011
How Is Mine Doing 2011How Is Mine Doing 2011
How Is Mine Doing 2011
OBristowe
 
Millainen olisi Porin alueen uusi kunta?
Millainen olisi Porin alueen uusi kunta?Millainen olisi Porin alueen uusi kunta?
Millainen olisi Porin alueen uusi kunta?
TimoAro
 
Closing marks
Closing marksClosing marks
Closing marks
Arezzori
 
May 2012 - institutional presentation - may, 2012
May 2012 - institutional presentation - may, 2012May 2012 - institutional presentation - may, 2012
May 2012 - institutional presentation - may, 2012
Arezzori
 
Institutional presentation 3 q13
Institutional presentation 3 q13Institutional presentation 3 q13
Institutional presentation 3 q13
Arezzori
 

En vedette (14)

OneDrive for Business Administration Security Compliance Boston Office 365 Us...
OneDrive for Business Administration Security Compliance Boston Office 365 Us...OneDrive for Business Administration Security Compliance Boston Office 365 Us...
OneDrive for Business Administration Security Compliance Boston Office 365 Us...
 
How to best setup SharePoint 2013, Web Apps, Workflow Manager with Powershell
How to best setup SharePoint 2013, Web Apps, Workflow Manager with PowershellHow to best setup SharePoint 2013, Web Apps, Workflow Manager with Powershell
How to best setup SharePoint 2013, Web Apps, Workflow Manager with Powershell
 
Power Up with PowerApps
Power Up with PowerAppsPower Up with PowerApps
Power Up with PowerApps
 
10 Reasons to Avoid Folders in SharePoint 2013/2010
10 Reasons to Avoid Folders in SharePoint 2013/201010 Reasons to Avoid Folders in SharePoint 2013/2010
10 Reasons to Avoid Folders in SharePoint 2013/2010
 
Don't Suck at SharePoint - Avoid the common mistakes
Don't Suck at SharePoint - Avoid the common mistakesDon't Suck at SharePoint - Avoid the common mistakes
Don't Suck at SharePoint - Avoid the common mistakes
 
12 13-2011 - arezzo&co investor day - retail presentation
12 13-2011 - arezzo&co investor day - retail presentation12 13-2011 - arezzo&co investor day - retail presentation
12 13-2011 - arezzo&co investor day - retail presentation
 
4 q12 arezzo_apresentacao_call eng
4 q12 arezzo_apresentacao_call eng4 q12 arezzo_apresentacao_call eng
4 q12 arezzo_apresentacao_call eng
 
How Is Mine Doing 2011
How Is Mine Doing 2011How Is Mine Doing 2011
How Is Mine Doing 2011
 
Millainen olisi Porin alueen uusi kunta?
Millainen olisi Porin alueen uusi kunta?Millainen olisi Porin alueen uusi kunta?
Millainen olisi Porin alueen uusi kunta?
 
Ntu life of a foreigner
Ntu life of a foreigner Ntu life of a foreigner
Ntu life of a foreigner
 
Closing marks
Closing marksClosing marks
Closing marks
 
May 2012 - institutional presentation - may, 2012
May 2012 - institutional presentation - may, 2012May 2012 - institutional presentation - may, 2012
May 2012 - institutional presentation - may, 2012
 
2011 Canadian Institute - Records Retention - The Indispensable Nitty Gritty ...
2011 Canadian Institute - Records Retention - The Indispensable Nitty Gritty ...2011 Canadian Institute - Records Retention - The Indispensable Nitty Gritty ...
2011 Canadian Institute - Records Retention - The Indispensable Nitty Gritty ...
 
Institutional presentation 3 q13
Institutional presentation 3 q13Institutional presentation 3 q13
Institutional presentation 3 q13
 

Plus de AntonioMaio2

Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + Security
AntonioMaio2
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365
AntonioMaio2
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maio
AntonioMaio2
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat team
AntonioMaio2
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maio
AntonioMaio2
 
SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?
AntonioMaio2
 
Office 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioOffice 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maio
AntonioMaio2
 
Real world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedReal world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - published
AntonioMaio2
 
Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePoint
AntonioMaio2
 
What’s new in SharePoint 2016!
What’s new in SharePoint 2016!What’s new in SharePoint 2016!
What’s new in SharePoint 2016!
AntonioMaio2
 
Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365
AntonioMaio2
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
AntonioMaio2
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
AntonioMaio2
 
Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...
AntonioMaio2
 
A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013
AntonioMaio2
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 published
AntonioMaio2
 

Plus de AntonioMaio2 (20)

Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + Security
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maio
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat team
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maio
 
SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?
 
Office 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioOffice 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maio
 
Real world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedReal world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - published
 
Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePoint
 
What’s new in SharePoint 2016!
What’s new in SharePoint 2016!What’s new in SharePoint 2016!
What’s new in SharePoint 2016!
 
Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
 
Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...
 
A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 published
 
Keeping SharePoint Always On
Keeping SharePoint Always OnKeeping SharePoint Always On
Keeping SharePoint Always On
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
 
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
 
SharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the CloudSharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the Cloud
 

Dernier

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

SharePoint Security Risks and Compliance - Best Practices for Governance

  • 1. SharePoint Security Risks & Compliance: Best Practices for Governance Antonio Maio SharePoint Consultant, Microsoft SharePoint MVP www.trustsharepoint.com @AntonioMaio2 Chris Taylor Dir of Global Product Mgt Trend Micro @ctaylor123 Presented by: To listen to the online recording visit: https://www.brighttalk.com/webcast/1506/102913
  • 2. Microsoft SharePoint has Grown to be Critical Business Infrastructure 23/25/2014 Copyright 2014 Trend Micro Inc. 80% Fortune 500s Use SharePoint 62% SharePoint Users Use It Every Day 125M SharePoint Licenses Worldwide > *
  • 3. SharePoint is Not just a Web Application 33/25/2014 Copyright 2014 Trend Micro Inc. SharePoint is a Platform on which Business is Run
  • 4. Information is the New Currency 43/25/2014 Copyright 2014 Trend Micro Inc. Sharing Information is Critical to Business Success
  • 5. Sharing with Internal Teams and Knowledge Workers 53/25/2014 Copyright 2014 Trend Micro Inc. Traditional SharePoint Deployments… *Microsoft Case Study (United Airlines and SharePoint 2013) http://bit.ly/1is4RWO
  • 6. Information Sharing is Evolving… 63/25/2014 Copyright 2014 Trend Micro Inc. Going beyond the Traditional!
  • 7. Extranet: Sharing with External Partners 73/25/2014 Copyright 2014 Trend Micro Inc. *Microsoft Case Studies: • (FTN Financial Group and SharePoint 2010) http://bit.ly/1nbojZT • (IBE Consulting Engineers and SharePoint 2013) http://bit.ly/1nbod4n Public Web Sites: Sharing with Customers
  • 8. Cloud Deployments - SharePoint Online and the Hybrid Environment 83/25/2014 Copyright 2014 Trend Micro Inc. SharePoint Online Widely Shared Data SharePoint On Premise Sensitive Internal Data
  • 9. Risk: Information Leaks • The Insider Threat • Inadvertently leaking PII, PHI outside the organization • Sharing incorrect information with partners 93/25/2014 Copyright 2014 Trend Micro Inc.
  • 10. Risk: Malware & Viruses • Malware Infected Content • Malicious URLs 103/25/2014 Copyright 2014 Trend Micro Inc.
  • 11. Risk: Loss of Productivity • IT Costs • System Downtime • Information Leaks in the Press 113/25/2014 Copyright 2014 Trend Micro Inc.
  • 12. Plan for Governance and Security • Know your Data and Where its Coming From • Understand your Obligations and your Risks • Insider Threats • Inadvertent Data Leaks • Malware and Viruses • Regulatory Compliance Obligations • Risks to Productivity and Reputation • Plan and Document Governance Strategies • Protect your Content and Infrastructure • Automate as Much as Possible 123/25/2014 Copyright 2014 Trend Micro Inc.
  • 13. What Data Do You Need to Control? 3/25/2014 13Copyright 2014 Trend Micro Inc. Privacy: Customer, Employee & Patient Data (structured) Regulatory Compliance • Account Information • Credit Card Numbers • Contact Information • Health Information Intellectual Property (unstructured) Competitive • Source Code • Engineering Specs • Strategy Documents • Pricing Company Confidential (unstructured) Contracts Reputation • Quarterly Results • M&A Strategy • Internal Conversations
  • 14. What Data Do You Need to Control? • Privacy data – Industry specific: HIPAA, PCI,… – Personal information: personnel records, ID numbers 3/25/2014 14Copyright 2014 Trend Micro Inc. Mississippi Guard Personnel Information Compromised
  • 15. • Higher impact to worker productivity • Higher IT/Compliance Admin review time • Lower risk of data leak / compliance violation Trading Off Review Time vs. Productivity vs. Risk When Using DLP Controls 3/25/2014 15Copyright 2014 Trend Micro Inc. Quarantine/ Block Warn UserAlert Admin / Report
  • 16. Trading Off Review Time vs. Productivity vs. Risk When Using DLP Controls 3/25/2014 16Copyright 2014 Trend Micro Inc. Quarantine/ Block Warn UserAlert Admin / Report Use threshold settings for # violations in one document: vs.
  • 17. Risk of Inappropriate Content 3/25/2014 17Copyright 2014 Trend Micro Inc. physical team discussion virtual team discussion vs. What’s the difference between these two scenarios?
  • 18. Where is Inappropriate Content Most Likely to Occur? (i.e. harassment, profanity,…) 3/25/2014 18Copyright 2014 Trend Micro Inc. Forums, social sites, blog comments… (web parts) Documents or
  • 19. Where is Inappropriate Content Most Likely to Occur? (i.e. harassment, profanity,…) 3/25/2014 19Copyright 2014 Trend Micro Inc. Forums, social sites, blog comments… (web parts) Documents or Most content filtering solutions can’t look here
  • 20. Users Outside Your Control Increase Malware Risk 3/25/2014 20Copyright 2014 Trend Micro Inc. Employees
  • 21. Users Outside Your Control Increase Malware Risk 3/25/2014 21Copyright 2014 Trend Micro Inc. Contractors, consultants Mobile / Remote workers Employees
  • 22. Users Outside Your Control Increase Malware Risk 3/25/2014 22Copyright 2014 Trend Micro Inc. Partners, Customers Contractors, Consultants Mobile / Remote workers Employees
  • 23. Malware Scanning Considerations • Standard server security can’t scan SharePoint content! 3/25/2014 23Copyright 2014 Trend Micro Inc. Server SharePoint Content
  • 24. Malware Scanning Considerations • Standard server security can’t scan SharePoint content! • Real-time scan vs. manual/scheduled scans • Is your malware scanner compatible with your SharePoint storage plans? – Remote BLOB, Shredded storage 3/25/2014 24Copyright 2014 Trend Micro Inc. 90,000 new threats / day Server SharePoint Content
  • 25. Trend Micro: The largest independent security provider Global Security Leader: • Server • Virtualization • Cloud Mission: Protecting the exchange of digital information for businesses and consumers How We Do It Global Threat Intelligence • 1,200 threats experts Who We Are Eva Chen: Co-Founder / CTO  CEO 25 Years of Innovation 36 Offices Worldwide 5,000 Employees 1,500 R&D Engineers $1.2B USD Revenue Protect 48 of 50 top global corporations Cloud Security R&D: $400M USD & 500 engineers over last 4 years 3/25/2014 25Confidential | Copyright 2012 Trend Micro Inc. What We Do
  • 26. Trend Micro PortalProtect for SharePoint • Securing SharePoint since 2002 3/25/2014 26Copyright 2014 Trend Micro Inc. Application Servers Database Servers Corporate users External users SharePoint Web Servers
  • 27. Trend Micro PortalProtect for SharePoint • Securing SharePoint since 2002 • Comprehensive content protection: – Top antimalware (AV-Test.org) – Unique malicious URL protection – Content filtering for web parts (& docs) – DLP included 3/25/2014 27Copyright 2014 Trend Micro Inc. Application Servers Database Servers Corporate users External users SharePoint Web Servers
  • 28. Trend Micro PortalProtect for SharePoint • Securing SharePoint since 2002 • Comprehensive content protection: – Top antimalware (AV-Test.org) – Unique malicious URL protection – Content filtering for web parts (& docs) – DLP included • Supports: – SharePoint 2013 / 2010 / 2007 – Remote BLOB / Shredded storage – Virtual and cloud datacenters 3/25/2014 28Copyright 2014 Trend Micro Inc. Application Servers Database Servers Corporate users External users SharePoint Web Servers
  • 29. Thank You 29 Antonio Maio SharePoint Consultant, Microsoft SharePoint MVP www.trustsharepoint.com @AntonioMaio2 Chris Taylor Dir of Global Product Mgt Trend Micro @ctaylor123 To listen to the online recording visit: https://www.brighttalk.com/webcast/1506/102913