SlideShare ist ein Scribd-Unternehmen logo

4 Security Guidelines for SharePoint Governance

Imperva
Imperva
Technologie
1 von 29
Downloaden Sie, um offline zu lesen
© 2013 Imperva, Inc. All rights reserved. SharePoint Governance: 4 Security Guidelines 1 Carrie McDaniel, File Security Team
© 2013 Imperva, Inc. All rights reserved. Agenda 2 §  Introduction to SharePoint governance §  Common business drivers §  4 guidelines for SharePoint governance and security §  SecureSphere for SharePoint §  Q&A
© 2013 Imperva, Inc. All rights reserved. Carrie McDaniel – File Security Team 3 §  Product Marketing Manager for File Security; focus on SharePoint security §  Previously held product marketing position at Moody’s Analytics in San Francisco §  Past experience in finance and tech industries at Wells Fargo and NetApp §  Holds degrees in Marketing and French from Santa Clara University
© 2013 Imperva, Inc. All rights reserved. Efficient & Effective Use of Business Data 4 BUILD Build  sites   Build  apps   Publish  apps       MANAGE Manage  costs   Manage  risk   Manage  6me   DISCOVER Connect  across  the  organiza6on   Draw  insights  from  reports   Customizable  search ORGANIZE Keep  projects  on  track   Connect  with  your  team   Store  and  sync  documents   SHARE Share  ideas  with  social  features   Share  content  internally  and   externally     microsoft.com
© 2013 Imperva, Inc. All rights reserved. Challenges 5 BUILD Build  sites   Build  apps   Publish  apps       MANAGE Manage  costs   Manage  risk   Manage  6me   DISCOVER Connect  across  the  organiza6on   Draw  insights  from  reports   Customizable  search ORGANIZE Keep  projects  on  track   Connect  with  your  team   Store  and  sync  documents   SHARE Share  ideas  with  social  features   Share  content  internally  and   externally     •  Migration •  Customization •  Security •  Rollout •  Adoption
© 2013 Imperva, Inc. All rights reserved. Microsoft’s View of SharePoint Governance 6 §  Streamlining the deployment of products and technologies §  Helping protect your enterprise from security threats or noncompliance liability §  Helping ensure the best return on your investment in technologies Governance is the set of policies, roles, responsibilities, and processes that guide, direct, and control how an organization's business divisions and IT teams cooperate to achieve business goals.
© 2013 Imperva, Inc. All rights reserved. Governance From The Start, Or… 7
© 2013 Imperva, Inc. All rights reserved. Business Drivers for Effective SharePoint Governance 8 ADOPTION COMPLIANCE RISK 41% 72% 82%
© 2013 Imperva, Inc. All rights reserved. 4 Steps to Streamline SharePoint Security Governance Efforts 9
© 2013 Imperva, Inc. All rights reserved. Step 1: Identify and Secure Critical Business Assets 10 §  Address valuable data targets Financial Information Personal Health Information (PHI) Legal Documents Intellectual Property Personally Identifiable Information (PII)
© 2013 Imperva, Inc. All rights reserved. Step 1: Identify and Secure Critical Business Assets 11 §  Identify valuable data targets You need to identify the data assets that generate value for the business that are high-risk targets for cybercriminals, or that are subject to regulatory compliance, and then focus your efforts there. Forrester Research, Inc.
© 2013 Imperva, Inc. All rights reserved. Step 1: Identify and Secure Critical Business Assets 12 §  Address valuable data targets §  Secure business critical assets with automation Financial Information Personal Health Information (PHI) Legal Documents Intellectual Property Personally Identifiable Information (PII)
© 2013 Imperva, Inc. All rights reserved. Step 2: Establish a User Rights Management Framework 13 §  Sensitive content accessible to everyone §  Access rights granted but not used §  Data where individual users have rights, not groups §  Dormant user accounts and stale files Common Access Rights Risks
© 2013 Imperva, Inc. All rights reserved. Step 2: Establish a User Rights Management Framework 14 §  Sensitive content accessible to everyone §  Access rights granted but not used §  Data where individual users have rights, not groups §  Dormant user accounts and stale files Common Access Rights Risks The top four internal and external audit findings relate to access management, with excessive access rights being the top audit finding. Deloitte
© 2013 Imperva, Inc. All rights reserved. Step 2: Establish a User Rights Management Framework 15 §  Streamline access processes §  Formalize the approval cycle §  Report on effective permissions, usage, and permissions changes §  Send permissions and usage reports on a scheduled basis for review §  Identify data owners §  Track approval tasks Benefits of Automating User Rights Management
© 2013 Imperva, Inc. All rights reserved. Step 2: Establish a User Rights Management Framework 16 Understanding How Access is Granted §  Gain insight into how access was granted §  Align access with business need-to-know §  Minimize business interruptions
© 2013 Imperva, Inc. All rights reserved. Step 2: Establish a User Rights Management Framework 17 Unauthorized Access Scenarios A high volume of activity within a short period of time Operations outside of normal business hours or maintenance windows Activity from suspicious or external IPs Access of sensitive data from different departments or by administrators Creation of new sites or administrative accounts
© 2013 Imperva, Inc. All rights reserved. Step 3: Defend Applications from Web Attacks and Code Exploits 18 §  Test SharePoint applications §  Scan for vulnerabilities §  Perform virtual patching
© 2013 Imperva, Inc. All rights reserved. Step 3: Defend Applications from Web Attacks and Code Exploits 19 §  Test SharePoint applications §  Scan for vulnerabilities §  Perform virtual patching Web Application Firewalls genuinely raise the bar on application security…they ‘virtually’ patch the application faster than code fixes can be implemented. Adrian Lane, CTO, Securosis
© 2013 Imperva, Inc. All rights reserved. Step 4: Trust, But Verify, User Behavior 20 §  Establish a complete audit trail §  Leverage sophisticated analytics and reporting capabilities Address compliance requirements Monitor activity in real-time Store data in a secured, centralized repository Enrich native audit information
© 2013 Imperva, Inc. All rights reserved. Step 4: Trust, But Verify, User Behavior 21 §  Establish a complete audit trail §  Leverage sophisticated analytics and reporting capabilities Address compliance requirements Monitor activity in real-time Store data in a secured, centralized repository Enrich native audit information
© 2013 Imperva, Inc. All rights reserved.22
© 2013 Imperva, Inc. All rights reserved. Where Native SharePoint Security and Controls Fall Short 23 Defending against Web-based attacks Maintaining a comprehensive audit trail Real-time responses to unwanted activity Managing permissions and rights Performing rights reviews Monitoring MS SQL database activity
© 2013 Imperva, Inc. All rights reserved. Imperva Data Security 24 External Customers Staff, Partners Hackers Internal Employees Malicious Insiders Compromised Insiders Data Center Systems and Admins Tech. Attack Protection Logic Attack Protection Fraud Prevention Usage Audit User Rights Management Access Control
© 2013 Imperva, Inc. All rights reserved. Security for SharePoint’s File, Web and Database Resources 25 Web Application Firewall File Activity Monitoring Database Firewall §  Protection against Web-based attacks §  Tuned for Microsoft SharePoint traffic §  Fraud prevention and reputation controls available §  Protect against changes to SQL server that would render it unsupportable by Microsoft §  Enforce separation of duties §  Prevent unauthorized access and fraudulent activity §  Monitor and audit file activity §  Comprehensive user rights management §  Enforce file access control policies SecureSphereforSharePoint
© 2013 Imperva, Inc. All rights reserved. Audit Enterprise Users The Internet SQL Injection XSS IIS Web Servers Application Servers MS SQL Databases Web-Application Firewall Activity Monitoring & User Rights Management Excessive Rights Administrators DB Activity Monitoring & Access Control Unauthorized Changes Audit Unauthorized Access Layers of SharePoint Protection 26
© 2013 Imperva, Inc. All rights reserved. Additional Resources 27
© 2013 Imperva, Inc. All rights reserved. Additional Resources 28 DOWNLOAD SHAREPOINT GOVERNANCE & SECURITY WHITE PAPER VIEW SHAREPOINT SECURITY CUSTOMER STORY
© 2013 Imperva, Inc. All rights reserved. www.imperva.com 29

Empfohlen

Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss ProtectionGabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
centralohioissa
 
Securing SharePoint -- 5 SharePoint Security Essentials You Cannot Afford to ...
Securing SharePoint -- 5 SharePoint Security Essentials You Cannot Afford to ...Securing SharePoint -- 5 SharePoint Security Essentials You Cannot Afford to ...
Securing SharePoint -- 5 SharePoint Security Essentials You Cannot Afford to ...
Christian Buckley
 
Cisa 2013 ch0
Cisa 2013 ch0Cisa 2013 ch0
Cisa 2013 ch0
Aladdin Dandis
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3
Aladdin Dandis
 
Cisa 2013 ch5
Cisa 2013 ch5Cisa 2013 ch5
Cisa 2013 ch5
Aladdin Dandis
 
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsHow to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS Environments
Info-Tech Research Group
 

Empfohlen

Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss ProtectionGabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
centralohioissa
 
Securing SharePoint -- 5 SharePoint Security Essentials You Cannot Afford to ...
Securing SharePoint -- 5 SharePoint Security Essentials You Cannot Afford to ...Securing SharePoint -- 5 SharePoint Security Essentials You Cannot Afford to ...
Securing SharePoint -- 5 SharePoint Security Essentials You Cannot Afford to ...
Christian Buckley
 
Cisa 2013 ch0
Cisa 2013 ch0Cisa 2013 ch0
Cisa 2013 ch0
Aladdin Dandis
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3
Aladdin Dandis
 
Cisa 2013 ch5
Cisa 2013 ch5Cisa 2013 ch5
Cisa 2013 ch5
Aladdin Dandis
 
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsHow to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS Environments
Info-Tech Research Group
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Comprehensive Data Leak Prevention
Comprehensive Data Leak PreventionComprehensive Data Leak Prevention
Comprehensive Data Leak Prevention
Tanvir Hashmi
 
Security operation center
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Eryk Budi Pratama
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
PECB
 
Bridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit GapBridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit Gap
Jerod Brennen
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
Qualys
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
Erni Susanti
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
ALI ANWAR, OCP®
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
KloudLearn
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
Anshu Gupta
 
Security Modelling in ArchiMate
Security Modelling in ArchiMateSecurity Modelling in ArchiMate
Security Modelling in ArchiMate
PECB
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
Greenway Health
 
Community IT - Crafting Nonprofit IT Security Policy
Community IT - Crafting Nonprofit IT Security PolicyCommunity IT - Crafting Nonprofit IT Security Policy
Community IT - Crafting Nonprofit IT Security Policy
Community IT Innovators
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
CloudLock
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
Raleigh ISSA
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Ignyte Assurance Platform
 
Building HIPAA Compliance in service delivery teams
Building HIPAA Compliance in service delivery teamsBuilding HIPAA Compliance in service delivery teams
Building HIPAA Compliance in service delivery teams
Gaurav Garg
 
The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent Threat
Imperva
 
CMS Hacking 101
CMS Hacking 101CMS Hacking 101
CMS Hacking 101
Imperva
 

Weitere ähnliche Inhalte

Was ist angesagt?

Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
PECB
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
Qualys
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
Erni Susanti
 
Security Modelling in ArchiMate
Security Modelling in ArchiMateSecurity Modelling in ArchiMate
Security Modelling in ArchiMate
PECB
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Ignyte Assurance Platform
 

Was ist angesagt? (20)

Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Comprehensive Data Leak Prevention
Comprehensive Data Leak PreventionComprehensive Data Leak Prevention
Comprehensive Data Leak Prevention
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
Bridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit GapBridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit Gap
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
 
Security Modelling in ArchiMate
Security Modelling in ArchiMateSecurity Modelling in ArchiMate
Security Modelling in ArchiMate
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
Community IT - Crafting Nonprofit IT Security Policy
Community IT - Crafting Nonprofit IT Security PolicyCommunity IT - Crafting Nonprofit IT Security Policy
Community IT - Crafting Nonprofit IT Security Policy
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
Building HIPAA Compliance in service delivery teams
Building HIPAA Compliance in service delivery teamsBuilding HIPAA Compliance in service delivery teams
Building HIPAA Compliance in service delivery teams
 

Andere mochten auch

The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent Threat
Imperva
 
Auditing SharePoint Permissions
Auditing SharePoint PermissionsAuditing SharePoint Permissions
Auditing SharePoint Permissions
Karim Roumani
 
Drupal sec
Drupal secDrupal sec
Drupal sec
mnescot
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks
Imperva
 
Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePoint
AntonioMaio2
 

Andere mochten auch (7)

The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent Threat
 
CMS Hacking 101
CMS Hacking 101CMS Hacking 101
CMS Hacking 101
 
Protecting Against Vulnerabilities in SharePoint Add-ons
Protecting Against Vulnerabilities in SharePoint Add-onsProtecting Against Vulnerabilities in SharePoint Add-ons
Protecting Against Vulnerabilities in SharePoint Add-ons
 
Auditing SharePoint Permissions
Auditing SharePoint PermissionsAuditing SharePoint Permissions
Auditing SharePoint Permissions
 
Drupal sec
Drupal secDrupal sec
Drupal sec
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks
 
Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePoint
 

Ähnlich wie 4 Security Guidelines for SharePoint Governance

Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Dreamforce
 
BayBio - Facilitating R&D Collaborations through the Cloud
BayBio - Facilitating R&D Collaborations through the CloudBayBio - Facilitating R&D Collaborations through the Cloud
BayBio - Facilitating R&D Collaborations through the Cloud
Sri Chilukuri
 
Feb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementFeb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor Management
TrustArc
 

Ähnlich wie 4 Security Guidelines for SharePoint Governance (20)

Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 
Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps Era
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and Security
 
BayBio - Facilitating R&D Collaborations through the Cloud
BayBio - Facilitating R&D Collaborations through the CloudBayBio - Facilitating R&D Collaborations through the Cloud
BayBio - Facilitating R&D Collaborations through the Cloud
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsSroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
 
Get your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPRGet your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPR
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
 
Understanding Data Loss Prevention
Understanding Data Loss PreventionUnderstanding Data Loss Prevention
Understanding Data Loss Prevention
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
 
Feb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementFeb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor Management
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 
Asset Management: Climbing the Asset Maturity Curve
Asset Management: Climbing the Asset Maturity CurveAsset Management: Climbing the Asset Maturity Curve
Asset Management: Climbing the Asset Maturity Curve
 
Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365
 

Mehr von Imperva

Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
Imperva
 

Mehr von Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 

Kürzlich hochgeladen

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Kürzlich hochgeladen (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

4 Security Guidelines for SharePoint Governance

  • 1. © 2013 Imperva, Inc. All rights reserved. SharePoint Governance: 4 Security Guidelines 1 Carrie McDaniel, File Security Team
  • 2. © 2013 Imperva, Inc. All rights reserved. Agenda 2 §  Introduction to SharePoint governance §  Common business drivers §  4 guidelines for SharePoint governance and security §  SecureSphere for SharePoint §  Q&A
  • 3. © 2013 Imperva, Inc. All rights reserved. Carrie McDaniel – File Security Team 3 §  Product Marketing Manager for File Security; focus on SharePoint security §  Previously held product marketing position at Moody’s Analytics in San Francisco §  Past experience in finance and tech industries at Wells Fargo and NetApp §  Holds degrees in Marketing and French from Santa Clara University
  • 4. © 2013 Imperva, Inc. All rights reserved. Efficient & Effective Use of Business Data 4 BUILD Build  sites   Build  apps   Publish  apps       MANAGE Manage  costs   Manage  risk   Manage  6me   DISCOVER Connect  across  the  organiza6on   Draw  insights  from  reports   Customizable  search ORGANIZE Keep  projects  on  track   Connect  with  your  team   Store  and  sync  documents   SHARE Share  ideas  with  social  features   Share  content  internally  and   externally     microsoft.com
  • 5. © 2013 Imperva, Inc. All rights reserved. Challenges 5 BUILD Build  sites   Build  apps   Publish  apps       MANAGE Manage  costs   Manage  risk   Manage  6me   DISCOVER Connect  across  the  organiza6on   Draw  insights  from  reports   Customizable  search ORGANIZE Keep  projects  on  track   Connect  with  your  team   Store  and  sync  documents   SHARE Share  ideas  with  social  features   Share  content  internally  and   externally     •  Migration •  Customization •  Security •  Rollout •  Adoption
  • 6. © 2013 Imperva, Inc. All rights reserved. Microsoft’s View of SharePoint Governance 6 §  Streamlining the deployment of products and technologies §  Helping protect your enterprise from security threats or noncompliance liability §  Helping ensure the best return on your investment in technologies Governance is the set of policies, roles, responsibilities, and processes that guide, direct, and control how an organization's business divisions and IT teams cooperate to achieve business goals.
  • 7. © 2013 Imperva, Inc. All rights reserved. Governance From The Start, Or… 7
  • 8. © 2013 Imperva, Inc. All rights reserved. Business Drivers for Effective SharePoint Governance 8 ADOPTION COMPLIANCE RISK 41% 72% 82%
  • 9. © 2013 Imperva, Inc. All rights reserved. 4 Steps to Streamline SharePoint Security Governance Efforts 9
  • 10. © 2013 Imperva, Inc. All rights reserved. Step 1: Identify and Secure Critical Business Assets 10 §  Address valuable data targets Financial Information Personal Health Information (PHI) Legal Documents Intellectual Property Personally Identifiable Information (PII)
  • 11. © 2013 Imperva, Inc. All rights reserved. Step 1: Identify and Secure Critical Business Assets 11 §  Identify valuable data targets You need to identify the data assets that generate value for the business that are high-risk targets for cybercriminals, or that are subject to regulatory compliance, and then focus your efforts there. Forrester Research, Inc.
  • 12. © 2013 Imperva, Inc. All rights reserved. Step 1: Identify and Secure Critical Business Assets 12 §  Address valuable data targets §  Secure business critical assets with automation Financial Information Personal Health Information (PHI) Legal Documents Intellectual Property Personally Identifiable Information (PII)
  • 13. © 2013 Imperva, Inc. All rights reserved. Step 2: Establish a User Rights Management Framework 13 §  Sensitive content accessible to everyone §  Access rights granted but not used §  Data where individual users have rights, not groups §  Dormant user accounts and stale files Common Access Rights Risks
  • 14. © 2013 Imperva, Inc. All rights reserved. Step 2: Establish a User Rights Management Framework 14 §  Sensitive content accessible to everyone §  Access rights granted but not used §  Data where individual users have rights, not groups §  Dormant user accounts and stale files Common Access Rights Risks The top four internal and external audit findings relate to access management, with excessive access rights being the top audit finding. Deloitte
  • 15. © 2013 Imperva, Inc. All rights reserved. Step 2: Establish a User Rights Management Framework 15 §  Streamline access processes §  Formalize the approval cycle §  Report on effective permissions, usage, and permissions changes §  Send permissions and usage reports on a scheduled basis for review §  Identify data owners §  Track approval tasks Benefits of Automating User Rights Management
  • 16. © 2013 Imperva, Inc. All rights reserved. Step 2: Establish a User Rights Management Framework 16 Understanding How Access is Granted §  Gain insight into how access was granted §  Align access with business need-to-know §  Minimize business interruptions
  • 17. © 2013 Imperva, Inc. All rights reserved. Step 2: Establish a User Rights Management Framework 17 Unauthorized Access Scenarios A high volume of activity within a short period of time Operations outside of normal business hours or maintenance windows Activity from suspicious or external IPs Access of sensitive data from different departments or by administrators Creation of new sites or administrative accounts
  • 18. © 2013 Imperva, Inc. All rights reserved. Step 3: Defend Applications from Web Attacks and Code Exploits 18 §  Test SharePoint applications §  Scan for vulnerabilities §  Perform virtual patching
  • 19. © 2013 Imperva, Inc. All rights reserved. Step 3: Defend Applications from Web Attacks and Code Exploits 19 §  Test SharePoint applications §  Scan for vulnerabilities §  Perform virtual patching Web Application Firewalls genuinely raise the bar on application security…they ‘virtually’ patch the application faster than code fixes can be implemented. Adrian Lane, CTO, Securosis
  • 20. © 2013 Imperva, Inc. All rights reserved. Step 4: Trust, But Verify, User Behavior 20 §  Establish a complete audit trail §  Leverage sophisticated analytics and reporting capabilities Address compliance requirements Monitor activity in real-time Store data in a secured, centralized repository Enrich native audit information
  • 21. © 2013 Imperva, Inc. All rights reserved. Step 4: Trust, But Verify, User Behavior 21 §  Establish a complete audit trail §  Leverage sophisticated analytics and reporting capabilities Address compliance requirements Monitor activity in real-time Store data in a secured, centralized repository Enrich native audit information
  • 22. © 2013 Imperva, Inc. All rights reserved.22
  • 23. © 2013 Imperva, Inc. All rights reserved. Where Native SharePoint Security and Controls Fall Short 23 Defending against Web-based attacks Maintaining a comprehensive audit trail Real-time responses to unwanted activity Managing permissions and rights Performing rights reviews Monitoring MS SQL database activity
  • 24. © 2013 Imperva, Inc. All rights reserved. Imperva Data Security 24 External Customers Staff, Partners Hackers Internal Employees Malicious Insiders Compromised Insiders Data Center Systems and Admins Tech. Attack Protection Logic Attack Protection Fraud Prevention Usage Audit User Rights Management Access Control
  • 25. © 2013 Imperva, Inc. All rights reserved. Security for SharePoint’s File, Web and Database Resources 25 Web Application Firewall File Activity Monitoring Database Firewall §  Protection against Web-based attacks §  Tuned for Microsoft SharePoint traffic §  Fraud prevention and reputation controls available §  Protect against changes to SQL server that would render it unsupportable by Microsoft §  Enforce separation of duties §  Prevent unauthorized access and fraudulent activity §  Monitor and audit file activity §  Comprehensive user rights management §  Enforce file access control policies SecureSphereforSharePoint
  • 26. © 2013 Imperva, Inc. All rights reserved. Audit Enterprise Users The Internet SQL Injection XSS IIS Web Servers Application Servers MS SQL Databases Web-Application Firewall Activity Monitoring & User Rights Management Excessive Rights Administrators DB Activity Monitoring & Access Control Unauthorized Changes Audit Unauthorized Access Layers of SharePoint Protection 26
  • 27. © 2013 Imperva, Inc. All rights reserved. Additional Resources 27
  • 28. © 2013 Imperva, Inc. All rights reserved. Additional Resources 28 DOWNLOAD SHAREPOINT GOVERNANCE & SECURITY WHITE PAPER VIEW SHAREPOINT SECURITY CUSTOMER STORY
  • 29. © 2013 Imperva, Inc. All rights reserved. www.imperva.com 29