Myths about SharePoint Security
Data security is not nearly as exciting as Hollywood or the media at large would have you believe. Most of the threats to your organization’s data aren’t going to come from malicious bespectacled hackers using cleverly-written applications to bypass your organization’s firewalls and hardware security measures. In fact, a recent survey found that over half of the threats to your organization’s security are coming from inside your own walls! Intrusions from outside accounted for only 14% of security threats, according to that same study.
Secure Information with SharePoint 2010
Fortunately, securing your company’s digital assets is simple with the right tools and mindset. Microsoft SharePoint 2010 not only makes it easy to collaborate and share information within an organization, but also to secure that information and protect it from individuals who should not have access. The trick is to understand SP’s security features—of which there are many—and leverage the appropriate capabilities depending on your organization’s needs.
First, it’s important to understand how Share Point works with your existing security infrastructure to make managing security easier. Most small and medium-sized businesses already utilize Active Directory internally to manage user identities and credentials across a domain. Out-of-the-box, SP recognizes your internal Active Directory-enabled domain and authenticates users accordingly. SP software can also be tied to other authentication providers if your organization uses a non-Microsoft user management system or forms-based authentication if you would like to provide users with a separate login and password.
Authentication providers are tied to zones (with example zones being Internet, Intranet, Extranet, and Custom zones). Users from each zone are challenged and routed (through your Alternate Access Mappings) according to the zone they’re arriving from. In SP 2010, you can tie multiple authentication providers to each zone, allowing users multiple ways to log in.
SharePoint User Permissions
Once users are authenticated, how do you manage what they can and can’t see? By assigning permissions, of course! There are two popular schools of thought on how to set this up:
- Assign permissions to existing user groups from your authentication provider. For example, use your existing Active Directory groups to assign permission levels to each group.
- Manage user permissions using Share Point user groups containing individuals.
There are benefits and drawbacks to both. For medium-sized organizations with a relatively static organizational structure and rigid divisions between organizational units, tying permissions directly to AD groups can be beneficial and save a lot of management time. SP software user groups are the way to go if you’re planning to share documents between departments and manage permissions more granularly.
After setting up the appropriate permission groups for your organization, you can then manage the permissions for every item in your SP farm’s hierarchy. Share Point 2010 makes it easy to customize permissions from the site collection level all the way down to specific documents in specific libraries. By default, items are configured to inherit permission levels from their parent—sites inherit the permissions of their top-level site, libraries inherit the permissions of their parent site, and documents inherit the permissions of the library in which they’re contained. At any point along this hierarchy you can break permissions to establish custom rules that propagate to the lower levels.
I’ve only scratched the surface of SP software’s security capabilities. Using custom code in combination with SharePoint’s out-of-the-box workflow engine, powerful solutions can be sculpted to manage the fine-grained permissions of an approval process, a business intelligence dashboard, or any other complex application your business may want to implement.