SharePoint security is complex because it does so many things (Collaboration, search, composite applications, forms, workflows etc.). Yes there is a lot to SharePoint security, because there is a lot to SharePoint. A multi-faceted approach is best to protect the SharePoint (and the data) itself and your organization’s from attack. As you deploy security policy it’s important to test new access, authentication, automation and authorization controls (people, process, policy and tools) before going live with them.
So where do you get started?
- Data Center – physical access to the area must be controlled. Controls such as physical access to the facility, virtual access to the servers (Storage and network gear), staff background checks and asset security are key.
- Network – having a secure network with a DMZ, aggressive monitoring, alerting and reporting.
- Windows Security – Windows hardening is the basis for a secure foundation for SharePoint.
- Antivirus – having another layer of AV cant hurt even If you have AV for the Firewalls, Exchange and Windows your ahead of the game.
- User and administrator training – training the users and admins ongoing to make sure they know how to use SharePoint proporly and secure it effectively.
- SharePoint – SharePoint security model consist of farm admins, web applications, site collections, sites, lists and libraries, groups and more.
- Overview of security features – http://technet.microsoft.com/en-us/library/hh328925(v=office.14).aspx
- Security and permissions – http://technet.microsoft.com/en-us/library/cc261869(v=office.14).aspx
- Security and protection for SharePoint – http://technet.microsoft.com/en-us/library/cc263215(v=office.14).aspx
- SharePoint Security 101 – http://sharepointpromag.com/sharepoint-2010/sharepoint-security-101-what-you-need-know-secure-sharepoint
- CIO – http://www.cioupdate.com/trends/article.php/3912521/6-Sharepoint-Security-Dos-and-Donts–or.htm\
- Best Practices – http://www.slideshare.net/AntonioMaio2/best-practices-for-security-in-microsoft-sharepoint-2013
- SharePoint Permissions best Practices – http://prezi.com/zeyjxmcnw09u/sharepoint-2010-permissions-best-practices/
- Using the new SharePoint Security Model part 1 – http://technet.microsoft.com/en-us/library/hh328925(v=office.14).aspx
- Using the new SharePoint Security Model part 2 – http://www.bing.com/videos/watch/video/using-the-new-sharepoint-2010-security-model-part-2/10ttmjqxf?from=us
- Management tools – to be successful especially when being audited you’ll require automation tools:
- Metalogix ControlPoint – http://www.metalogix.com/Products/ControlPoint.aspx
- Quest – www.quest.com
For more information visit the Microsoft Security Center http://www.microsoft.com/security/default.aspx