SlideShare ist ein Scribd-Unternehmen logo

Boldon James - SharePoint: information security's weakest link?

B
boldonjames
TechnologieBusiness
1 von 23
Downloaden Sie, um offline zu lesen
Click to edit Master title style SharePoint: information security’s weakest link? Martin Sugden, CEO ISF UK Chapter 6th March 2014
Click to edit Master title style • About Us • The issue with SharePoint • Some statistics about SharePoint and related Security • How data classification can help • What it can look like • Secure collaboration panacea • Summary Agenda
Click to edit Master title styleSecure collaboration challenges Multi National organisations  Talent is dispersed  People who Need to Know don’t know each other  Pressure to get Efficiency and Cost Reduction is compelling Manufacturing Engineering Service Sales Partners & Suppliers Customers External Collaboration  Leverage Partner Expertise  Use Sophisticated Products  Efficiency and Cost Reduction  Trusted Business Partner  Consortium working Regulatory Jurisdictions Governance & Compliance  Reduce Business Risk  Maintain Business Integrity  Serve Global Markets Technology Mobility & Cloud  Any Data, Any Device, Anytime  Empower Employees  Productivity, Agility, Efficiency and Cost Reduction
Click to edit Master title styleTraditional security limitations Manufacturing Engineering Technology Regulatory Jurisdictions Customers Service External Collaboration Global Collaboration Sales Mobility & CloudRegulatory Compliance Container Based Security makes it difficult to share data across groups Unable to manage authorisation without owning external identity Infrastructure and IT operations not owned by data owner. Discretionary access control model insufficient for regulatory requirements Partners & Suppliers
Click to edit Master title styleEvery CISO’s worst nightmare…  Multiple access points, remote working  User access control and permissions to manage  Extended throughout supply chain  Massive storage limits available  Lack of automated tools for managing user access rights  Enforcing data governance policies challenging  Infrequent visits leads to a document graveyard… ...unmanageable from a data security perspective!
Click to edit Master title styleThe SharePoint Black Hole… Starts like this…. Ends up like this…
Click to edit Master title styleThe ideal garage… ADULT ONLY ZONE
Click to edit Master title styleWhy is it so difficult to manage?  Not SharePoint’s fault  Lack of policy, processes and procedures  Lack of tools to help support access control and enforce data governance policies  Employee turnover, loss of knowledge
Click to edit Master title styleSharePoint Security  So how do people approach SharePoint Security?  Some results from a survey that we carried out in late 2012
Click to edit Master title styleHow secure is SharePoint? 65% of organisations do not have a security policy that covers SharePoint
Click to edit Master title stylePerceived benefits
Click to edit Master title stylePutting the foundations in place
Click to edit Master title styleNeed for greater Access Control  SharePoint customers often struggle with managing fine grain access  Need for collaboration that simplifies classification and enforces dynamic control according to centrally defined policies  Provides the capability to authorise, classify, enforce and audit enterprise resources  Enterprises need to enjoy secure internal/external collaboration while improving compliance and protecting intellectual property
Click to edit Master title style Visual Markings Handling RulesMetadata “placing a key identifier onto a piece of information to ensure appropriate handling” What is Classification?
Click to edit Master title styleUser driven data classification Dynamic and proactive labelling Enforce Labelling/Data Classification Policy Domain, User & Attachment checks Ensure consistent markings are applied Visual Labels & Metadata Multiple platforms & file types
Click to edit Master title style Raise User Awareness More effective access control Metadata drives technology Control Unstructured Data How can data classification help? Protect valuable and sensitive information
Click to edit Master title styleMetadata – the secret sauce Metadata drives complementary security and information management technologies: • Data Loss Prevention (e.g. Symantec, McAfee) • Rights Management Systems (RMS) • Document Management Systems (EDRMS) • Archiving (e.g. Symantec EV) • Search & Retrieval (e.g. eDiscovery) • Encryption (e.g. Egress) • Fine Grain Access Control (e.g. Nextlabs)
Click to edit Master title styleSecuring data through the lifecycle
Click to edit Master title styleAccess Control in Practice  Check & apply labels upon upload  Enforce classification upon import
Click to edit Master title styleAccess control (cont.)  Access control by classification value Employee view Partner view
Click to edit Master title styleThe Secure Collaboration Panacea… Manufacturing Engineering Technology Regulatory Jurisdictions Partners & Suppliers Customers Service External CollaborationGlobal Business Process Sales Mobility & CloudRegulatory Compliance Classification driven access control align security with data value Control access to data for external partners based on partner claims Protects data from privileged users on 3rd party infrastructure Turn Compliance Rules into automated information controls
Click to edit Master title styleSummary  Appropriately classify data at point of creation  Control access based on the sensitivity and value of data  Ensure that access management stays with the document To realise the following benefits…  Supports compliance to industry regulations and standards  Maintain business viability – protect intellectual property  Supports more secure collaborative working across the supply chain  Greater return on your SharePoint investment How you can turn SharePoint from being the weakest link to your strongest ally…
Click to edit Master title style Thank you for your time For more information please contact us Connect with us… Twitter: @boldonjames Linked In: Boldon James Web: www.boldonjames.com

Empfohlen

Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Databoldonjames
 
Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP DataWebinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP DataUL Transaction Security
 
18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure IslandsSecure Islands - Data Security Policy
 
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...UL Transaction Security
 
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...ekyklos Κύκλος Ιδεών για τη Εθνική Ανασυγκρότηση
 
How to turn GDPR into a Strategic Advantage using Connected Data
How to turn GDPR into a Strategic Advantage using Connected DataHow to turn GDPR into a Strategic Advantage using Connected Data
How to turn GDPR into a Strategic Advantage using Connected DataNeo4j
 
Effective data protection for businesses with multiple locations
Effective data protection for businesses with multiple locationsEffective data protection for businesses with multiple locations
Effective data protection for businesses with multiple locationsInTechnology Managed Services (part of Redcentric)
 
5 steps to secure data management
5 steps to secure data management5 steps to secure data management
5 steps to secure data managementshopiawilson
 

Empfohlen

Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Databoldonjames
 
Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP DataWebinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP DataUL Transaction Security
 
18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure IslandsSecure Islands - Data Security Policy
 
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...UL Transaction Security
 
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...ekyklos Κύκλος Ιδεών για τη Εθνική Ανασυγκρότηση
 
How to turn GDPR into a Strategic Advantage using Connected Data
How to turn GDPR into a Strategic Advantage using Connected DataHow to turn GDPR into a Strategic Advantage using Connected Data
How to turn GDPR into a Strategic Advantage using Connected DataNeo4j
 
Effective data protection for businesses with multiple locations
Effective data protection for businesses with multiple locationsEffective data protection for businesses with multiple locations
Effective data protection for businesses with multiple locationsInTechnology Managed Services (part of Redcentric)
 
5 steps to secure data management
5 steps to secure data management5 steps to secure data management
5 steps to secure data managementshopiawilson
 
FireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedFireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedArmor
 
Webinar: Eliminating Negative Impact on User Experience from Security Solutions
Webinar: Eliminating Negative Impact on User Experience from Security SolutionsWebinar: Eliminating Negative Impact on User Experience from Security Solutions
Webinar: Eliminating Negative Impact on User Experience from Security SolutionsUL Transaction Security
 
Andrew Warland
Andrew WarlandAndrew Warland
Andrew WarlandArk Group Australia Pty Ltd
 
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Iron Mountain
 
Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help Niklas Hjorthen
 
Webinar: How to Design a Compliant and GDPR Ready Collaboration System
Webinar: How to Design a Compliant and GDPR Ready Collaboration SystemWebinar: How to Design a Compliant and GDPR Ready Collaboration System
Webinar: How to Design a Compliant and GDPR Ready Collaboration SystemStorage Switzerland
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
Tackling the GDPR Dell EMC Index Engines Webinar
Tackling the GDPR Dell EMC Index Engines WebinarTackling the GDPR Dell EMC Index Engines Webinar
Tackling the GDPR Dell EMC Index Engines WebinarIndex Engines Inc.
 
Make a case for Data Classification in your organization
Make a case for Data Classification in your organizationMake a case for Data Classification in your organization
Make a case for Data Classification in your organizationWatchful Software
 
Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017Index Engines Inc.
 
Five Elements of Effective Data Access Governance
Five Elements of Effective Data Access Governance Five Elements of Effective Data Access Governance
Five Elements of Effective Data Access Governance Privacera
 
Will you be ready to comply with new EU Data Protection Regulation in time?
Will you be ready to comply with new EU Data Protection Regulation in time?Will you be ready to comply with new EU Data Protection Regulation in time?
Will you be ready to comply with new EU Data Protection Regulation in time?Per Norhammar
 
GDPR
GDPRGDPR
GDPRYounes Boukamher
 
Building the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR ComplianceBuilding the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR ComplianceIndex Engines Inc.
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365Don Daubert
 
Optimize operations
Optimize operationsOptimize operations
Optimize operationsYounes Boukamher
 
The Privacy Dividend Business Case
The Privacy Dividend Business CaseThe Privacy Dividend Business Case
The Privacy Dividend Business Caseprivacytalks
 
IO Journey All Up
IO Journey All UpIO Journey All Up
IO Journey All Upbaselsss
 
Using information management to support data driven actions
Using information management to support data driven actionsUsing information management to support data driven actions
Using information management to support data driven actionsManoj Vig
 
Data Governance and Embarcadero ER/Studio XE3
Data Governance and Embarcadero ER/Studio XE3Data Governance and Embarcadero ER/Studio XE3
Data Governance and Embarcadero ER/Studio XE3BTGrubu
 

Weitere ähnliche Inhalte

Was ist angesagt?

FireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedFireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedArmor
 
Webinar: Eliminating Negative Impact on User Experience from Security Solutions
Webinar: Eliminating Negative Impact on User Experience from Security SolutionsWebinar: Eliminating Negative Impact on User Experience from Security Solutions
Webinar: Eliminating Negative Impact on User Experience from Security SolutionsUL Transaction Security
 
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Iron Mountain
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help Niklas Hjorthen
 
Webinar: How to Design a Compliant and GDPR Ready Collaboration System
Webinar: How to Design a Compliant and GDPR Ready Collaboration SystemWebinar: How to Design a Compliant and GDPR Ready Collaboration System
Webinar: How to Design a Compliant and GDPR Ready Collaboration SystemStorage Switzerland
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
Tackling the GDPR Dell EMC Index Engines Webinar
Tackling the GDPR Dell EMC Index Engines WebinarTackling the GDPR Dell EMC Index Engines Webinar
Tackling the GDPR Dell EMC Index Engines WebinarIndex Engines Inc.
 
Make a case for Data Classification in your organization
Make a case for Data Classification in your organizationMake a case for Data Classification in your organization
Make a case for Data Classification in your organizationWatchful Software
 
Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017Index Engines Inc.
 
Five Elements of Effective Data Access Governance
Five Elements of Effective Data Access Governance Five Elements of Effective Data Access Governance
Five Elements of Effective Data Access Governance Privacera
 
Will you be ready to comply with new EU Data Protection Regulation in time?
Will you be ready to comply with new EU Data Protection Regulation in time?Will you be ready to comply with new EU Data Protection Regulation in time?
Will you be ready to comply with new EU Data Protection Regulation in time?Per Norhammar
 
Building the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR ComplianceBuilding the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR ComplianceIndex Engines Inc.
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365Don Daubert
 
The Privacy Dividend Business Case
The Privacy Dividend Business CaseThe Privacy Dividend Business Case
The Privacy Dividend Business Caseprivacytalks
 

Was ist angesagt? (19)

FireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedFireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository Deconstructed
 
Webinar: Eliminating Negative Impact on User Experience from Security Solutions
Webinar: Eliminating Negative Impact on User Experience from Security SolutionsWebinar: Eliminating Negative Impact on User Experience from Security Solutions
Webinar: Eliminating Negative Impact on User Experience from Security Solutions
 
Andrew Warland
Andrew WarlandAndrew Warland
Andrew Warland
 
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
 
Information classification
Information classificationInformation classification
Information classification
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help
 
Webinar: How to Design a Compliant and GDPR Ready Collaboration System
Webinar: How to Design a Compliant and GDPR Ready Collaboration SystemWebinar: How to Design a Compliant and GDPR Ready Collaboration System
Webinar: How to Design a Compliant and GDPR Ready Collaboration System
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
Tackling the GDPR Dell EMC Index Engines Webinar
Tackling the GDPR Dell EMC Index Engines WebinarTackling the GDPR Dell EMC Index Engines Webinar
Tackling the GDPR Dell EMC Index Engines Webinar
 
Make a case for Data Classification in your organization
Make a case for Data Classification in your organizationMake a case for Data Classification in your organization
Make a case for Data Classification in your organization
 
Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017
 
Five Elements of Effective Data Access Governance
Five Elements of Effective Data Access Governance Five Elements of Effective Data Access Governance
Five Elements of Effective Data Access Governance
 
Will you be ready to comply with new EU Data Protection Regulation in time?
Will you be ready to comply with new EU Data Protection Regulation in time?Will you be ready to comply with new EU Data Protection Regulation in time?
Will you be ready to comply with new EU Data Protection Regulation in time?
 
GDPR
GDPRGDPR
GDPR
 
Building the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR ComplianceBuilding the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR Compliance
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365
 
Optimize operations
Optimize operationsOptimize operations
Optimize operations
 
The Privacy Dividend Business Case
The Privacy Dividend Business CaseThe Privacy Dividend Business Case
The Privacy Dividend Business Case
 

Ähnlich wie Boldon James - SharePoint: information security's weakest link?

IO Journey All Up
IO Journey All UpIO Journey All Up
IO Journey All Upbaselsss
 
Using information management to support data driven actions
Using information management to support data driven actionsUsing information management to support data driven actions
Using information management to support data driven actionsManoj Vig
 
Data Governance and Embarcadero ER/Studio XE3
Data Governance and Embarcadero ER/Studio XE3Data Governance and Embarcadero ER/Studio XE3
Data Governance and Embarcadero ER/Studio XE3BTGrubu
 
Enterprise Data Governance for Financial Institutions
Enterprise Data Governance for Financial InstitutionsEnterprise Data Governance for Financial Institutions
Enterprise Data Governance for Financial InstitutionsSheldon McCarthy
 
Workable Enteprise Data Governance
Workable Enteprise Data GovernanceWorkable Enteprise Data Governance
Workable Enteprise Data GovernanceBhavendra Chavan
 
Intelligent Compliance to Optimize Energy Sector Enterprise Content Managemen...
Intelligent Compliance to Optimize Energy Sector Enterprise Content Managemen...Intelligent Compliance to Optimize Energy Sector Enterprise Content Managemen...
Intelligent Compliance to Optimize Energy Sector Enterprise Content Managemen...Concept Searching, Inc
 
Labelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityDrew Madelung
 
SharePoint Governance and Compliance
SharePoint Governance and ComplianceSharePoint Governance and Compliance
SharePoint Governance and ComplianceSPC Adriatics
 
SharePoint Governance and Compliance
SharePoint Governance and ComplianceSharePoint Governance and Compliance
SharePoint Governance and ComplianceAlistair Pugin
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Christian Buckley
 
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information SecurityFerraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Securitymferraz
 
Maximo User Group Presentation extract - BIRT Reporting options
Maximo User Group Presentation extract - BIRT Reporting optionsMaximo User Group Presentation extract - BIRT Reporting options
Maximo User Group Presentation extract - BIRT Reporting optionsSai Paravastu
 
The Business Case for SaaS Analytics for Salesforce.com
The Business Case for SaaS Analytics for Salesforce.comThe Business Case for SaaS Analytics for Salesforce.com
The Business Case for SaaS Analytics for Salesforce.comDarren Cunningham
 
Securing SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity LabelsSecuring SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity LabelsDrew Madelung
 
DataOps: Nine steps to transform your data science impact Strata London May 18
DataOps: Nine steps to transform your data science impact Strata London May 18DataOps: Nine steps to transform your data science impact Strata London May 18
DataOps: Nine steps to transform your data science impact Strata London May 18Harvinder Atwal
 
Building the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud ComputingBuilding the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud ComputingSrinivas Koushik
 
IBM - Understanding the value of ECM
IBM - Understanding the value of ECMIBM - Understanding the value of ECM
IBM - Understanding the value of ECMrashmin_cby
 
Advantages of an integrated governance, risk and compliance environment
Advantages of an integrated governance, risk and compliance environmentAdvantages of an integrated governance, risk and compliance environment
Advantages of an integrated governance, risk and compliance environmentIBM Analytics
 
Unlocking Success in the 3 Stages of Master Data Management
Unlocking Success in the 3 Stages of Master Data ManagementUnlocking Success in the 3 Stages of Master Data Management
Unlocking Success in the 3 Stages of Master Data ManagementPerficient, Inc.
 
Best Practices for Rating and Policy Administration System Replacement
Best Practices for Rating and Policy Administration System ReplacementBest Practices for Rating and Policy Administration System Replacement
Best Practices for Rating and Policy Administration System ReplacementEdgewater
 

Ähnlich wie Boldon James - SharePoint: information security's weakest link? (20)

IO Journey All Up
IO Journey All UpIO Journey All Up
IO Journey All Up
 
Using information management to support data driven actions
Using information management to support data driven actionsUsing information management to support data driven actions
Using information management to support data driven actions
 
Data Governance and Embarcadero ER/Studio XE3
Data Governance and Embarcadero ER/Studio XE3Data Governance and Embarcadero ER/Studio XE3
Data Governance and Embarcadero ER/Studio XE3
 
Enterprise Data Governance for Financial Institutions
Enterprise Data Governance for Financial InstitutionsEnterprise Data Governance for Financial Institutions
Enterprise Data Governance for Financial Institutions
 
Workable Enteprise Data Governance
Workable Enteprise Data GovernanceWorkable Enteprise Data Governance
Workable Enteprise Data Governance
 
Intelligent Compliance to Optimize Energy Sector Enterprise Content Managemen...
Intelligent Compliance to Optimize Energy Sector Enterprise Content Managemen...Intelligent Compliance to Optimize Energy Sector Enterprise Content Managemen...
Intelligent Compliance to Optimize Energy Sector Enterprise Content Managemen...
 
Labelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & Sensitivity
 
SharePoint Governance and Compliance
SharePoint Governance and ComplianceSharePoint Governance and Compliance
SharePoint Governance and Compliance
 
SharePoint Governance and Compliance
SharePoint Governance and ComplianceSharePoint Governance and Compliance
SharePoint Governance and Compliance
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
 
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information SecurityFerraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
 
Maximo User Group Presentation extract - BIRT Reporting options
Maximo User Group Presentation extract - BIRT Reporting optionsMaximo User Group Presentation extract - BIRT Reporting options
Maximo User Group Presentation extract - BIRT Reporting options
 
The Business Case for SaaS Analytics for Salesforce.com
The Business Case for SaaS Analytics for Salesforce.comThe Business Case for SaaS Analytics for Salesforce.com
The Business Case for SaaS Analytics for Salesforce.com
 
Securing SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity LabelsSecuring SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity Labels
 
DataOps: Nine steps to transform your data science impact Strata London May 18
DataOps: Nine steps to transform your data science impact Strata London May 18DataOps: Nine steps to transform your data science impact Strata London May 18
DataOps: Nine steps to transform your data science impact Strata London May 18
 
Building the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud ComputingBuilding the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud Computing
 
IBM - Understanding the value of ECM
IBM - Understanding the value of ECMIBM - Understanding the value of ECM
IBM - Understanding the value of ECM
 
Advantages of an integrated governance, risk and compliance environment
Advantages of an integrated governance, risk and compliance environmentAdvantages of an integrated governance, risk and compliance environment
Advantages of an integrated governance, risk and compliance environment
 
Unlocking Success in the 3 Stages of Master Data Management
Unlocking Success in the 3 Stages of Master Data ManagementUnlocking Success in the 3 Stages of Master Data Management
Unlocking Success in the 3 Stages of Master Data Management
 
Best Practices for Rating and Policy Administration System Replacement
Best Practices for Rating and Policy Administration System ReplacementBest Practices for Rating and Policy Administration System Replacement
Best Practices for Rating and Policy Administration System Replacement
 

Kürzlich hochgeladen

Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 

Kürzlich hochgeladen (20)

Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 

Boldon James - SharePoint: information security's weakest link?

  • 1. Click to edit Master title style SharePoint: information security’s weakest link? Martin Sugden, CEO ISF UK Chapter 6th March 2014
  • 2. Click to edit Master title style • About Us • The issue with SharePoint • Some statistics about SharePoint and related Security • How data classification can help • What it can look like • Secure collaboration panacea • Summary Agenda
  • 3. Click to edit Master title styleSecure collaboration challenges Multi National organisations  Talent is dispersed  People who Need to Know don’t know each other  Pressure to get Efficiency and Cost Reduction is compelling Manufacturing Engineering Service Sales Partners & Suppliers Customers External Collaboration  Leverage Partner Expertise  Use Sophisticated Products  Efficiency and Cost Reduction  Trusted Business Partner  Consortium working Regulatory Jurisdictions Governance & Compliance  Reduce Business Risk  Maintain Business Integrity  Serve Global Markets Technology Mobility & Cloud  Any Data, Any Device, Anytime  Empower Employees  Productivity, Agility, Efficiency and Cost Reduction
  • 4. Click to edit Master title styleTraditional security limitations Manufacturing Engineering Technology Regulatory Jurisdictions Customers Service External Collaboration Global Collaboration Sales Mobility & CloudRegulatory Compliance Container Based Security makes it difficult to share data across groups Unable to manage authorisation without owning external identity Infrastructure and IT operations not owned by data owner. Discretionary access control model insufficient for regulatory requirements Partners & Suppliers
  • 5. Click to edit Master title styleEvery CISO’s worst nightmare…  Multiple access points, remote working  User access control and permissions to manage  Extended throughout supply chain  Massive storage limits available  Lack of automated tools for managing user access rights  Enforcing data governance policies challenging  Infrequent visits leads to a document graveyard… ...unmanageable from a data security perspective!
  • 6. Click to edit Master title styleThe SharePoint Black Hole… Starts like this…. Ends up like this…
  • 7. Click to edit Master title styleThe ideal garage… ADULT ONLY ZONE
  • 8. Click to edit Master title styleWhy is it so difficult to manage?  Not SharePoint’s fault  Lack of policy, processes and procedures  Lack of tools to help support access control and enforce data governance policies  Employee turnover, loss of knowledge
  • 9. Click to edit Master title styleSharePoint Security  So how do people approach SharePoint Security?  Some results from a survey that we carried out in late 2012
  • 10. Click to edit Master title styleHow secure is SharePoint? 65% of organisations do not have a security policy that covers SharePoint
  • 11. Click to edit Master title stylePerceived benefits
  • 12. Click to edit Master title stylePutting the foundations in place
  • 13. Click to edit Master title styleNeed for greater Access Control  SharePoint customers often struggle with managing fine grain access  Need for collaboration that simplifies classification and enforces dynamic control according to centrally defined policies  Provides the capability to authorise, classify, enforce and audit enterprise resources  Enterprises need to enjoy secure internal/external collaboration while improving compliance and protecting intellectual property
  • 14. Click to edit Master title style Visual Markings Handling RulesMetadata “placing a key identifier onto a piece of information to ensure appropriate handling” What is Classification?
  • 15. Click to edit Master title styleUser driven data classification Dynamic and proactive labelling Enforce Labelling/Data Classification Policy Domain, User & Attachment checks Ensure consistent markings are applied Visual Labels & Metadata Multiple platforms & file types
  • 16. Click to edit Master title style Raise User Awareness More effective access control Metadata drives technology Control Unstructured Data How can data classification help? Protect valuable and sensitive information
  • 17. Click to edit Master title styleMetadata – the secret sauce Metadata drives complementary security and information management technologies: • Data Loss Prevention (e.g. Symantec, McAfee) • Rights Management Systems (RMS) • Document Management Systems (EDRMS) • Archiving (e.g. Symantec EV) • Search & Retrieval (e.g. eDiscovery) • Encryption (e.g. Egress) • Fine Grain Access Control (e.g. Nextlabs)
  • 18. Click to edit Master title styleSecuring data through the lifecycle
  • 19. Click to edit Master title styleAccess Control in Practice  Check & apply labels upon upload  Enforce classification upon import
  • 20. Click to edit Master title styleAccess control (cont.)  Access control by classification value Employee view Partner view
  • 21. Click to edit Master title styleThe Secure Collaboration Panacea… Manufacturing Engineering Technology Regulatory Jurisdictions Partners & Suppliers Customers Service External CollaborationGlobal Business Process Sales Mobility & CloudRegulatory Compliance Classification driven access control align security with data value Control access to data for external partners based on partner claims Protects data from privileged users on 3rd party infrastructure Turn Compliance Rules into automated information controls
  • 22. Click to edit Master title styleSummary  Appropriately classify data at point of creation  Control access based on the sensitivity and value of data  Ensure that access management stays with the document To realise the following benefits…  Supports compliance to industry regulations and standards  Maintain business viability – protect intellectual property  Supports more secure collaborative working across the supply chain  Greater return on your SharePoint investment How you can turn SharePoint from being the weakest link to your strongest ally…
  • 23. Click to edit Master title style Thank you for your time For more information please contact us Connect with us… Twitter: @boldonjames Linked In: Boldon James Web: www.boldonjames.com