Reimagining a New Security Model for Microsoft SharePoint

11
www.torsionis.com Reimagining a New Security Model For SharePoint SharePoint's old security model was conceived in a different era. Let's imagine what a new security model might look like.

Transcript of Reimagining a New Security Model for Microsoft SharePoint

Page 1: Reimagining a New Security Model for Microsoft SharePoint

www.torsionis.com

Reimagining a New Security Model For SharePoint

SharePoint's old security model was conceived in a different era. Let's imagine what a new security model

might look like.

Page 2: Reimagining a New Security Model for Microsoft SharePoint

2|

SharePoint’s security model hasn’t changed since 15 years

Same basic approach to managing permissions:

‘We manually compile lists of people, then grant them permissions to stuff’

Let’s imagine what a ‘typical’ organization’s requirements for a brand new security model might be

Reimagining a New Security Model For SharePoint

Page 3: Reimagining a New Security Model for Microsoft SharePoint

3|

Constant Business Change

Reimagining a New Security Model For SharePoint

Change is possibly the only real constant: strategies, products, markets, people, systems…

Page 4: Reimagining a New Security Model for Microsoft SharePoint

4|

New security model needs to be designed to:

Be flexible to accomodate change, to adapt/respond swiftly when it happens

Keep information secure at all times

Reimagining a New Security Model For SharePoint

Page 5: Reimagining a New Security Model for Microsoft SharePoint

5|

Accuracy Information security is about connecting people with the

information they need, and keeping them from the information they shouldn't have

Reimagining a New Security Model For SharePoint

Page 6: Reimagining a New Security Model for Microsoft SharePoint

6|

Typical organizations have millions of permission configurations as to who gets access to what information

  Accurately ensuring that the right people only have access to only the right

information is how we minimise the risk of internal security breaches

A person may require access to a document today, but should not have it tomorrow.

Requires constant review and maintenance

The majority of security breaches arise when permission configurations inaccurately reflect business requirements which constantly change

Reimagining a New Security Model For SharePoint

Page 7: Reimagining a New Security Model for Microsoft SharePoint

7|

Quick and Simple

Reimagining a New Security Model For SharePoint

Page 8: Reimagining a New Security Model for Microsoft SharePoint

8|

Reimagining a New Security Model For SharePoint

Tools and processes around keeping information secure needs to be simple, out of people's way quickly and largely automatic

Otherwise, people will find another way to get things done

Page 9: Reimagining a New Security Model for Microsoft SharePoint

9|

Robust and Reliable

Reimagining a New Security Model For SharePoint

Page 10: Reimagining a New Security Model for Microsoft SharePoint

10|

If a business user grants access to their information to a certain set of people, they need to trust that those are the people who will get that access

No hidden back doors, no ifs, no buts, no complications

Otherwise, users will start avoiding the system because they don't trust it, or will use it anyway and hope for the best!

Reimagining a New Security Model For SharePoint

Page 11: Reimagining a New Security Model for Microsoft SharePoint

So these are four fundamental requirements we can start from: 1) Accomodating constant change2) Accuracy3) Quick and Simple 4) Robust and reliable

Thank you!

Read the full version on: www.torsionis.com/blog