We talk about governance and compliance a whole lot on this blog, and for good reason. Across the board, IT security is a difficult undertaking, and it’s becoming more challenging by the day. For one thing, security threats from outside of the organization have only increased in the last few years, with hackers becoming more sophisticated. From the glamorization of hacking in popular culture (see Girl With A Dragon Tattoo hacker heroine Lisbeth Salander) to “hacking kits” available online (see Business Day on 1/18/2011), the constant threat of external attack is front and center on a daily basis. Perhaps even more dangerous, the threat from inside (like the alleged catalyst of Wikileaks, for instance) is alive and well, and often gets overlooked as organizations scramble to defend their perimeters.
The process for securing data and systems starts with protecting your resources by eliminating (or, at the very least, controlling) vulnerability, continues with active monitoring to detect deviations from norms and standards, and culminates with corrections for exceptions. Underlying all of these processes are industry-centric compliance regulations that ensure that all organizations in a particular vertical are adhering to the same strict security standards.
IT departments follow these regulations in an effort to pre-empt attacks and plug holes. Unfortunately, the tedious nature of the checkpoints for particular compliance standards makes them difficult for administrators to adhere to, potentially leaving environments fatally vulnerable. The problem stems from the fact that the data—detailed accounts of access, permissions, changes, etc. for users and groups, as well as patch and security configurations for systems—is difficult to come by. Extrapolate that difficulty by hundreds or even thousands of users and boxes, and millions and billions of files, and you begin to see the pain point. What’s more, even an exceedingly complex query may only be answering one of many compliance checkpoints from standards councils like PCI, HIPPA, NERC, and SOX.
The key to industry compliance, then, is a way to collect data once, and then use that data to check against an entire list of requirements. This approach will allow administrators to shift from data-gatherers to pro-active threat blockers. After all, discovering that Lisbeth Salander has rights to your system is only half the battle.
For more about our solution to the compliance-adherence problem, check out this video on the Compliance Baseline Manager.
Monday, January 24, 2011
Thursday, January 13, 2011
The SharePoint Governance Challenge
Microsoft SharePoint has become a leading solution for enterprise collaboration and document management. SharePoint supports a decentralized approach to administration, allowing organizations to assign Site Collection Administrators and Site Owners responsibilities for managing subsets of SharePoint content. While this delegation of responsibility may streamline the collaborative process in ways, it comes at a cost. Without proper governance plans in place within your SharePoint environment, SharePoint sites can begin to sprout up uncontrollably and may only be used for a matter of weeks, if at all. Eventually, you can end up with a chaotic SharePoint farm with content and permissions completely out of control and almost impossible to remediate.
Being able to take back control of your SharePoint environment can be a daunting task, but it must be done to have an efficiently managed SharePoint farm with proper governance in place. This is important to do before performing a SharePoint migration from SharePoint 2007 to SharePoint 2010. You wouldn’t move every piece of junk from your garage and attic into a new house without first sorting through them and only boxing up what you needed to bring with you. The same can be said for SharePoint. If your SharePoint farm is out of control with site, content and permission sprawl, you must go through and decide what you need to bring with you to your new SharePoint farm, and ensure it is neatly packaged with the proper permissions wrapped around it before moving it over. Even if you are not migrating to a new farm, if you are going to implement a governance plan (which is highly recommended) you need to get your farm in order before doing so.
The StealthAUDIT Management Platform is a great tool that provides the means to gain complete insight into your SharePoint environment in order to effectively take control and enforce your governance plan. Even the best SharePoint governance plan can only help you control your SharePoint environment after it has been enforced. SA provides invaluable information about your SharePoint content, activity, permissions and infrastructure that is not only necessary BEFORE implementing a governance plan or performing a migration, it is vital for continuous monitoring of your environments to ensure the governance plan is being effective.
Being able to take back control of your SharePoint environment can be a daunting task, but it must be done to have an efficiently managed SharePoint farm with proper governance in place. This is important to do before performing a SharePoint migration from SharePoint 2007 to SharePoint 2010. You wouldn’t move every piece of junk from your garage and attic into a new house without first sorting through them and only boxing up what you needed to bring with you. The same can be said for SharePoint. If your SharePoint farm is out of control with site, content and permission sprawl, you must go through and decide what you need to bring with you to your new SharePoint farm, and ensure it is neatly packaged with the proper permissions wrapped around it before moving it over. Even if you are not migrating to a new farm, if you are going to implement a governance plan (which is highly recommended) you need to get your farm in order before doing so.
The StealthAUDIT Management Platform is a great tool that provides the means to gain complete insight into your SharePoint environment in order to effectively take control and enforce your governance plan. Even the best SharePoint governance plan can only help you control your SharePoint environment after it has been enforced. SA provides invaluable information about your SharePoint content, activity, permissions and infrastructure that is not only necessary BEFORE implementing a governance plan or performing a migration, it is vital for continuous monitoring of your environments to ensure the governance plan is being effective.
Subscribe to:
Posts (Atom)
