Organizations are generating vast amounts of content and, with mobile access, enterprise social collaboration and cloud solutions, employees are sharing information in new ways, continually expanding how we collaborate. Microsoft SharePoint has become the corporate information hub for most organizations, and SharePoint content is often coming from for both internal employees as well as external partners and clients. This presents new risks to organizations like the inadvertent exposure of sensitive information, malware entering the enterprise and regulatory compliance issues.
It’s important to consider if you are protecting yourself against these types of security risks and compliance issues? Is your corporate SharePoint Strategy using the best practices available for information security and governance?
In this live webinar, Antonio Maio, Microsoft SharePoint MVP, and Chris Taylor, Trend Micro Director of Global Product Marketing, will discuss how current shifts in SharePoint utilization can create risks and compliance concerns for even the most veteran users and IT organizations.
A live recording of this webinar can be found by visiting: https://www.brighttalk.com/webcast/1506/102913
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
SharePoint Security Risks and Compliance - Best Practices for Governance
1. SharePoint Security Risks
& Compliance:
Best Practices for
Governance
Antonio Maio
SharePoint Consultant,
Microsoft SharePoint MVP
www.trustsharepoint.com
@AntonioMaio2
Chris Taylor
Dir of Global Product Mgt
Trend Micro
@ctaylor123
Presented by:
To listen to the online recording visit: https://www.brighttalk.com/webcast/1506/102913
2. Microsoft SharePoint has Grown to be
Critical Business Infrastructure
23/25/2014 Copyright 2014 Trend Micro Inc.
80%
Fortune 500s
Use SharePoint
62% SharePoint Users
Use It
Every Day
125M
SharePoint Licenses
Worldwide
> *
3. SharePoint is Not just a Web Application
33/25/2014 Copyright 2014 Trend Micro Inc.
SharePoint is a Platform on which
Business is Run
4. Information is the New Currency
43/25/2014 Copyright 2014 Trend Micro Inc.
Sharing Information is Critical to Business Success
5. Sharing with Internal Teams and
Knowledge Workers
53/25/2014 Copyright 2014 Trend Micro Inc.
Traditional SharePoint Deployments…
*Microsoft Case Study (United Airlines and SharePoint 2013) http://bit.ly/1is4RWO
6. Information Sharing is Evolving…
63/25/2014 Copyright 2014 Trend Micro Inc.
Going beyond the Traditional!
7. Extranet: Sharing with External Partners
73/25/2014 Copyright 2014 Trend Micro Inc.
*Microsoft Case Studies:
• (FTN Financial Group and SharePoint 2010) http://bit.ly/1nbojZT
• (IBE Consulting Engineers and SharePoint 2013) http://bit.ly/1nbod4n
Public Web Sites: Sharing with Customers
8. Cloud Deployments - SharePoint Online and
the Hybrid Environment
83/25/2014 Copyright 2014 Trend Micro Inc.
SharePoint Online
Widely Shared Data
SharePoint On Premise
Sensitive Internal Data
9. Risk: Information Leaks
• The Insider Threat
• Inadvertently leaking PII, PHI
outside the organization
• Sharing incorrect information
with partners
93/25/2014 Copyright 2014 Trend Micro Inc.
11. Risk: Loss of Productivity
• IT Costs
• System Downtime
• Information Leaks
in the Press
113/25/2014 Copyright 2014 Trend Micro Inc.
12. Plan for Governance and Security
• Know your Data and Where its Coming From
• Understand your Obligations and your Risks
• Insider Threats
• Inadvertent Data Leaks
• Malware and Viruses
• Regulatory Compliance Obligations
• Risks to Productivity and Reputation
• Plan and Document Governance Strategies
• Protect your Content and Infrastructure
• Automate as Much as Possible
123/25/2014 Copyright 2014 Trend Micro Inc.
13. What Data Do You Need to Control?
3/25/2014 13Copyright 2014 Trend Micro Inc.
Privacy: Customer,
Employee & Patient Data
(structured)
Regulatory Compliance
• Account Information
• Credit Card Numbers
• Contact Information
• Health Information
Intellectual Property
(unstructured)
Competitive
• Source Code
• Engineering Specs
• Strategy Documents
• Pricing
Company Confidential
(unstructured)
Contracts
Reputation
• Quarterly Results
• M&A Strategy
• Internal Conversations
14. What Data Do You Need to Control?
• Privacy data
– Industry specific: HIPAA, PCI,…
– Personal information: personnel records, ID numbers
3/25/2014 14Copyright 2014 Trend Micro Inc.
Mississippi Guard Personnel
Information Compromised
15. • Higher impact to worker productivity
• Higher IT/Compliance Admin review time
• Lower risk of data leak / compliance violation
Trading Off Review Time vs. Productivity
vs. Risk When Using DLP Controls
3/25/2014 15Copyright 2014 Trend Micro Inc.
Quarantine/
Block
Warn UserAlert Admin
/ Report
16. Trading Off Review Time vs. Productivity
vs. Risk When Using DLP Controls
3/25/2014 16Copyright 2014 Trend Micro Inc.
Quarantine/
Block
Warn UserAlert Admin
/ Report
Use threshold settings
for # violations in one
document:
vs.
17. Risk of Inappropriate Content
3/25/2014 17Copyright 2014 Trend Micro Inc.
physical team discussion virtual team discussion
vs.
What’s the difference between these two scenarios?
18. Where is Inappropriate Content Most Likely
to Occur? (i.e. harassment, profanity,…)
3/25/2014 18Copyright 2014 Trend Micro Inc.
Forums, social sites,
blog comments…
(web parts)
Documents
or
19. Where is Inappropriate Content Most Likely
to Occur? (i.e. harassment, profanity,…)
3/25/2014 19Copyright 2014 Trend Micro Inc.
Forums, social sites,
blog comments…
(web parts)
Documents
or
Most content filtering
solutions can’t look here
20. Users Outside Your Control Increase
Malware Risk
3/25/2014 20Copyright 2014 Trend Micro Inc.
Employees
21. Users Outside Your Control Increase
Malware Risk
3/25/2014 21Copyright 2014 Trend Micro Inc.
Contractors,
consultants
Mobile /
Remote
workers
Employees
22. Users Outside Your Control Increase
Malware Risk
3/25/2014 22Copyright 2014 Trend Micro Inc.
Partners,
Customers
Contractors,
Consultants
Mobile /
Remote
workers
Employees
23. Malware Scanning Considerations
• Standard server security can’t
scan SharePoint content!
3/25/2014 23Copyright 2014 Trend Micro Inc.
Server
SharePoint
Content
24. Malware Scanning Considerations
• Standard server security can’t
scan SharePoint content!
• Real-time scan vs.
manual/scheduled scans
• Is your malware scanner
compatible with your SharePoint
storage plans?
– Remote BLOB, Shredded storage
3/25/2014 24Copyright 2014 Trend Micro Inc.
90,000 new
threats / day
Server
SharePoint
Content
25. Trend Micro: The largest independent security provider
Global Security Leader:
• Server
• Virtualization
• Cloud
Mission:
Protecting the exchange
of digital information for
businesses and
consumers
How We Do It
Global Threat
Intelligence
• 1,200 threats experts
Who We Are
Eva Chen:
Co-Founder / CTO CEO
25 Years of Innovation
36 Offices Worldwide
5,000 Employees
1,500 R&D Engineers
$1.2B USD Revenue
Protect 48 of 50 top global corporations
Cloud Security R&D:
$400M USD & 500
engineers over last 4 years
3/25/2014 25Confidential | Copyright 2012 Trend Micro Inc.
What We Do
26. Trend Micro PortalProtect for SharePoint
• Securing SharePoint since 2002
3/25/2014 26Copyright 2014 Trend Micro Inc.
Application
Servers
Database
Servers
Corporate
users
External
users
SharePoint Web Servers
27. Trend Micro PortalProtect for SharePoint
• Securing SharePoint since 2002
• Comprehensive content protection:
– Top antimalware (AV-Test.org)
– Unique malicious URL protection
– Content filtering for web parts (& docs)
– DLP included
3/25/2014 27Copyright 2014 Trend Micro Inc.
Application
Servers
Database
Servers
Corporate
users
External
users
SharePoint Web Servers
28. Trend Micro PortalProtect for SharePoint
• Securing SharePoint since 2002
• Comprehensive content protection:
– Top antimalware (AV-Test.org)
– Unique malicious URL protection
– Content filtering for web parts (& docs)
– DLP included
• Supports:
– SharePoint 2013 / 2010 / 2007
– Remote BLOB / Shredded storage
– Virtual and cloud datacenters
3/25/2014 28Copyright 2014 Trend Micro Inc.
Application
Servers
Database
Servers
Corporate
users
External
users
SharePoint Web Servers
29. Thank You
29
Antonio Maio
SharePoint Consultant,
Microsoft SharePoint MVP
www.trustsharepoint.com
@AntonioMaio2
Chris Taylor
Dir of Global Product Mgt
Trend Micro
@ctaylor123
To listen to the online recording visit:
https://www.brighttalk.com/webcast/1506/102913