Bring Your SharePoint Sites Under Control…
SharePoint has become one of the most popular, fastest-growing products ever shipped by Microsoft®. It’s designed to be easy to deploy and manage without significant IT involvement or expertise.
That’s the good news…the bad news is that the ease and convenience of SharePoint can create a security nightmare, especially if sensitive data winds up on the wrong site.
Key Features & Benefits
Know what SharePoint sites are in use – automatically locate and identify sites.
Determine who has access rights – Identify users and groups with access to the site and evaluate their permissions and access rights.
Identify security issues – Highlight users or groups with access rights that are inconsistent with corporate policy or industry best practices.
Correct deficiencies – Integration with Courion’s compliance solutions provides managers with the ability to quickly and effectively remediate permissions and inappropriate access rights.
Reduce or eliminate potential security risks – Verify that only users with the appropriate permissions have access to SharePoint sites containing sensitive data.
SharePoint Identity and Access Concerns
SharePoint is powerful, flexible and easy to implement, but it has a limited security and governance model.
Given the popularity of SharePoint, system administrators and security personnel have some thorny questions they need to answer:
What SharePoint sites are on our network and who owns them?
Who has access to these sites and what Permissions do they have?
Are sites with sensitive data are being managed using best practices consistent with the organization’s security policies?
How can I fix sites that are exposing the organization to security problems?
Protect Your SharePoint Sites
Courion, a leader in access management and compliance, has responded to customer’s needs by producing Courion Solutions for SharePoint, which gives IT managers the ability to analyze, evaluate and manage an organization’s exposure to risk as a result of inadequate SharePoint governance.
The solution is designed to enable system administrators to identify and reduce risk by remediating inappropriate access to SharePoint sites and bringing them into compliance with corporate policy. Using Courion, you can be assured that SharePoint users aren’t opening security holes and demonstrate to your auditors or industry regulators that you’re in compliance with corporate policy.
Courion Solutions for SharePoint can scan a SharePoint server and identify all the SharePoint sites on the server. For each site, the solution identifies all users who have access rights to the site. If the organization uses Active Directory, Courion also identifies users and groups who have been granted access to SharePoint sites through their Active Directory profile.
If the administrator determines that users have inappropriate rights to access data on a SharePoint site, he or she has the option to initiate a process to remediate those rights.
The administrator examining the SharePoint site can perform the following reviews:
Policy Review
This process allows the IT administrator to review a list of potential policy violations (such as a Finance portal with “Everyone” group access enabled). He or she can select a particular policy violation, evaluate the security implications of the violation and accept or modify the site configuration.
Privileged Access
The Privileged Access review allows the administrator to identify individuals with elevated SharePoint privileges (such as Administrator or Web Designer) and the sites where they are privileged access. If a user is identified as having inappropriate privileged access, action can be taken to either block the individual from accessing the site or reduce their permissions level.
Site Access
This workflow allows the IT manager to review a list of sites. After selecting a site, the manager sees a list of all users with access to the site, sorted by their permission level. At that point, the manager can select individual users and accept or modify their access rights to the site.
No comments:
Post a Comment