Metalogix has recently released a new, fee content security tool called ‘Insider Threat Index’ or ITI for short. It is a free download from here, but be aware it is only for SharePoint Server 2013, not SharePoint Online or SharePoint 2010 (yet). The tool does a great job of assessing potential security threats across SharePoint:
Too Micro
• Avoid Direct Permissions
• Object Broken Inheritance
• Granular Permissions Overkill
Too Macro
• Using ‘Everyone’ the Wrong Way
Oversee the Overseers
• Managed Service Account Configuration
• Making Sure Farm Administrators Are Only Farm Administrators
• Check to See Who’s Monitoring
Check Your Blind Spots
• Active Directory Visibility
• Audit the Audit – How Is It Being Used
Now that Metalogix is produced this valuable information, what should you be doing with it?
Too Micro & Too Macro
Being too micro and too macro relates to the ability to manage permissions within a site. Who is responsible for these sites? Who are the biggest culprits? To find out, review the results of the ITI and see if patterns can be determined across the company. Is there a certain department that is more guilty than others? A specific team?
If you aren’t sure who is specifically managing these sites, use PowerShell to find people with ‘Full Control’ permissions for all sites within the farm and then cross-compare those results with the ITI results. Once patterns start emerging, and trust us they will, set up some SharePoint security best practice training with those users to review how to better manage their sites. Once the training has been complete, then point out the finding of the Insider Threat Index and have them go back to review and fix, as needed.
Oversee the Overseers
This can be a bit tricky since the people who are likely running the Metalogix ITI are the SharePoint overseers. A great governance best practice is to establish some checks and balances. For example, the CTO or COO of a company, or someone with the authority to take action on the metrics, should receive a monthly report from the SharePoint farm administrators that has metrics such as these. It should be understood who the administrators are, how the overall security for SharePoint is set up and if there are exceptions, why do they exist. If those metrics are not understood, they should be made aware of what they mean and how they can impact the integrity of the overall SharePoint environment.
Keep in mind SharePoint is not a ‘one size fits all’, even with security. For example, SharePoint may be used for 10 people in which case it is highly likely there is overlap of IT duties and roles. This isn’t really a cause for concern. However a SharePoint environment that contains 50,000 employees and is monitored by 100+ administrators, there is a strong need for segregation of security duties.
https://www.youtube.com/watch?v=rQCx15Z6U5I
Check Your Blind Spots
If you didn’t know, SharePoint can have very close integration with Active Directory and has the capabilities to monitor anything and everything.
See: Configuring SharePoint 2013 Audit Capabilities
There are many products that can help provide insights into Active Directory as well as even help with synchronizing information between the two, such as HarePoint Active Directory Activities. Overall though, the interactions and transparency into both SharePoint and Active Direcory boil down to IT policies. Who should be able to make edits? What happens to hardware performance and security as more transparency and management is granted to the business?
There are advantages and disadvantages to ‘self-service’ IT. Yes, the business has the capability to manage their own destiny which relieves IT burden, but at the same token the long term effects may create more of a burden if left unmanaged. The proper governance needs to be in place as well as proper hardware to ensure self-service is a success. When implemented properly though, the business impact is faster change turn-around, less IT burden and increases in overall productivity.