The Evolution of Security in Microsoft SharePoint
9
www.torsionis.com www.torsionis.com The Evolution of Security in Microsoft SharePoint With so much change, so much growth, so many new threats - perhaps SharePoint's security model could use a rethink
-
Upload
torsion-information-security -
Category
Software
-
view
171 -
download
0
Transcript of The Evolution of Security in Microsoft SharePoint
www.torsionis.comwww.torsionis.com
The Evolution of Security in Microsoft SharePoint
With so much change, so much growth, so many new threats - perhaps SharePoint's security model
could use a rethink
2|
Microsoft Tahoe - Where it all began
The Evolution of Security in SharePoint
Back in 2000, internal project enabling small work teams to perform simple document sharing, collaboration and content
searching through web browser
3|
Microsoft Tahoe - Where it all began
The market did not receive the new product particularly positively!
Released as ‘SharePoint Portal Server‘
‘too lightweight’, ‘too basic’, ‘will soon be redundant’
‘lightweight document management for the
masses’
‘SharePoint Portal is just document management based around one
Exchange server’
4|
SharePoint Portal Server 2001 Security
The Evolution of Security in SharePoint
Small scale, browser-based extension for Windows Server and Exchange that let people share and search across a few
documents
5|
SharePoint Portal Server 2001 Security
Users could be granted one of three 'roles' to content in SharePoint Workspaces:
'Coordinator' was for administrators and information owners,
'Author' allowed the user to add and update documents, and
'Reader' allowed read-only access through navigation or search
Permissions were granted either to groups of people in Windows or Exchange, or to individual users. Very manual and unsophisticated,
but it worked!
6|
Permissions in SharePoint Today
The Evolution of Security in SharePoint
7|
SharePoint 2013 / Office 365 Equivalent
Terminology
‘Site’/ ‘Team Site’‘Group’‘Site Owners Group’‘Site Contributors Group’‘Site Visitors Group’
SharePoint 2001 Terminology
‘Workspace’‘Role’‘Coordinator Role’‘Author Role’‘Reader Role’
In 15 years, the model has not changed! Security in SharePoint still managed in the same basic way:
we manually compile lists of people, and grant them permissions to stuff
Permissions in SharePoint Today
8|
Permissions in SharePoint Today SharePoint systems involved in some of the most notorious information security breaches, Content simply downloaded by disenfranchised trusted staff with access to far more information
than they needed!
SharePoint offers the exact same ideas for securing content as it always has! Even though: Millions of users and terabytes of sensitive documents SharePoint being central to the operations of millions of organisations around the world The intensity, relentlessness and consequences of the security threat have gone from fairly
minimal to extreme
In light of all this growth, all these new threats - perhaps, the security model in SharePoint could use a bit of a rethink.
We've outgrown it.
Thank you!
Read the full version on: www.torsionis.com/blog
