secure sharepoint migration step by step
TRANSCRIPT
1 Confidential and Proprietary © Metalogix Move, Manage, Protect
March 8, 2017
Secure Migration Part II:Step by Step
2 Confidential and Proprietary © Metalogix
Adam LevithanDirector Product Management, MetalogixMicrosoft [email protected]@collabadam
The team
Jai DarganSenior Director Product Management, [email protected]@jai_dargan
3 Confidential and Proprietary © Metalogix3 Confidential and Proprietary © Metalogix
Today’s discussion Why secure migration?The ideal secure migration approach
GovernanceClassificationEnvironmentMigrationManagement
4 Confidential and Proprietary © Metalogix4 Confidential and Proprietary © Metalogix
Secure migrationThe proper transfer of content to the right place, with the right user roles, access rights, and permissions.
5 Confidential and Proprietary © Metalogix
Why secure migration?
Regulatory finesCustomer and
shareholder lawsuits
Trade secrets, valuable IP are
exposed
Customers, employees and
partners are less willing to
trust you
What else could you be doing instead of remediating a data
breach?
Financial Competition Reputation Opportunity
cost
6 Confidential and Proprietary © Metalogix
How complex is migration? That depends on your…
Database & list size
Information architecture
Network choices
Customizations
Security & compliance
requirements
7 Confidential and Proprietary © Metalogix
Dark underbelly of the digital workplace
SharePoint versions, multiple farms
File shares/network drives
Dropbox and Box
Systems that have not been decommissioned
8 Confidential and Proprietary © Metalogix
Common reasons migrations fail• Large content DBs/site collections don’t upgrade successfully• Old and irrelevant content is upgraded, impacting search and
usability• Large unusable lists and large files that shouldn’t be in SharePoint
are upgraded, and remain unusable
• No time within project scope to leverage Information Architecture and version features
• Complex customizations (javascript, custom code, web parts)• Not taking security and compliance into account• Failing to involve stakeholders throughout the process
9 Confidential and Proprietary © Metalogix9 Confidential and Proprietary © Metalogix
The Secure
Migration Approach
10 Confidential and Proprietary © Metalogix
1. Governanc
e
2. Classificatio
n
3. Location
4. Migration
5. Manageme
nt
11 Confidential and Proprietary © Metalogix11 Confidential and Proprietary © Metalogix
StepGovernanceContent audit, discovery and risk mapping
1
12 Confidential and Proprietary © Metalogix
12
SharePoint Governance – at the outset
SharePoint governanc
e:Embedded
technical layer control
13 Confidential and Proprietary © Metalogix
Governance creates balance
Expanding Threat
Surface
Regulatory Crackdown
Class Action
Lawsuits
Data Breaches
RISKS BENEFITS
User Adoption
Operational Efficiency / Shadow IT
SharePoint ROI
Information Insight
14 Confidential and Proprietary © Metalogix
14
SharePoint / Collaboration
IT Leadership
Legal / HR
ComplianceKnowledge
Management
CISO
CIO
Users
…and involves many stakeholders
15 Confidential and Proprietary © Metalogix
15
SharePoint / Collaboration
IT Leadership
Legal / HR
Compliance
Knowledge Managemen
t
CISO
Users
Gain consensus on the big questions• What is SharePoint intended to achieve organizationally?
• What types of content does SharePoint need to support?
• What services are required to function under change control?
• In what ways should the SharePoint platform be restricted ?
• What security levels are to be applied to the platform and how?
16 Confidential and Proprietary © Metalogix
Run a content audit
Questionsto ask
What type of data do you have in SharePoint?
Do you know all locations of sensitive data in SharePoint?
Who is responsible for maintaining an inventory of sensitive data? How do you track which users currently access sensitive data?
What are consequences of inadvertent data exposure?
What data is sensitive (PII, PHI, IP, etc.?)
Do you know who has access to it?
How often is sensitive data inventoried?
How often do you track such access?
Who has accountability for a breach?
17 Confidential and Proprietary © Metalogix17 Confidential and Proprietary © Metalogix
Rank content by risk to determine which assets are most important to secure.
18 Confidential and Proprietary © Metalogix18 Confidential and Proprietary © Metalogix
StepClassificationMetadata, tagging, findability
2
19 Confidential and Proprietary © Metalogix
Two levels of classification
Ensures each content asset can be managed independently.
Ensures each site and customization (branding, javascript, custom code, features, web parts) can be managed effectively by a system.
20 Confidential and Proprietary © Metalogix
Classification adds metadata to information assetsYou can identify by:
Content type
Owner, so you can validate and remediate
Age
Rules for sharing
Levels of sensitivity (high, medium, low)
21 Confidential and Proprietary © Metalogix
Classification impacts migration success Chance to clean up
problems such as incorrect
permissions and nested groups
Allows you to remove
content that is out of date or
duplicate
Helps you determine whether to migrate assets and where to move them
Clarifies whether customizations can be moved or will need to be rebuilt
Impacts how long and difficult your migration will be
BONUS: Improves
findability (makes users
happy!)
23 Confidential and Proprietary © Metalogix23 Confidential and Proprietary © Metalogix
StepLocationOn-premises, cloud, hybrid
3
24 Confidential and Proprietary © Metalogix
Classification of EnvironmentAge
Rules for sharing
Levels of sensitivity (high, medium, low)
25 Confidential and Proprietary © Metalogix
Choose the environment that is the best fit
On-premises
What this means:A specific, customized system you treat differently
What to house there:Your most sensitive contentSites with extensive customization
Cloud
What this means:Possibly Office 365Possibly a specific application
What to house there:Your least sensitive contentSites with little or no customization
Hybrid
What this means:Connecting on-premises and cloud with Office 365Giving users ability to access content from either environment
What to house there:Case by case decision
26 Confidential and Proprietary © Metalogix26 Confidential and Proprietary © Metalogix
StepMigrationNow that we know what assets to move and where, how do we move them?
4
27 Confidential and Proprietary © Metalogix
Potential migration approaches
Lift & Shift
Content and sites maintain the same structure and simply move to a new location.
No option to apply metadata or adjust security profiles.
Multi-prong
You have options to change organizational structure and security settings as you migrate.
But, you must manually apply classification and rules.
Distributed
Automation allows you to change structure and apply security rules as you migrate.
• Fewer people involved• Less risk• Faster migration• More time to validate
28 Confidential and Proprietary © Metalogix
• 100-person U.S. company• 50% growth over past two years• Permissions will carry over to new
architecture• Groups will carry over• No nested Active Directory Groups
Company A – Low risk migrationLift & Shift or Multi-prong may be sufficient
29 Confidential and Proprietary © Metalogix
• 1000+ organization• Virtual workforce• Collaboration with 3rd parties• High growth, M&A activity• Highly regulated industry
Company B – High risk migrationThe best option is Distributed approach
30 Confidential and Proprietary © Metalogix
Distributed approach to secure migrationOffice 365Extranet/cloudLow sensitivity
SharePoint 2016Intranet/on-premiseHigh sensitivity
Hybrid
Medium sensitivity
31 Confidential and Proprietary © Metalogix
Classification determines appropriate location
Office 365Extranet/cloudLow sensitivity
SharePoint 2016Intranet/on-premiseHigh sensitivity
Hybrid
Medium sensitivity
Highsensitivity
32 Confidential and Proprietary © Metalogix
Regardless of which location files and sites start from
Office 365
SharePoint 2016
Hybrid
SharePoint 2007
SharePoint 2010
File shares
33 Confidential and Proprietary © Metalogix
As a final check, people should validate the migration
Classifications worked the
way they were expected
Site owners see
customizations
in their sites
Findability is what was expected
34 Confidential and Proprietary © Metalogix34 Confidential and Proprietary © Metalogix
StepManagementOngoing data loss prevention
5
35 Confidential and Proprietary © Metalogix
The average SharePoint farm grows 50-75%each year
36 Confidential and Proprietary © Metalogix
Offboarding
Onboarding
Internal Transfer
M&A Restructur
ing
Every stage of the employee lifecycle has content security risk
37 Confidential and Proprietary © Metalogix
Compliance rules change over time
Financial Services Healthcare
US Government
IT-Related Everyone
PCI-DSS HIPAA NIST 80—30 COBIT V EUGDPRSOX HITECH OMB A-130 ITIL
GLBA HITRUST-CSF FISMA ISO 28000+
38 Confidential and Proprietary © Metalogix
You must sustain content security even after migration
Always know
know where sensitive
data resides.
Automatically monitor and
alert for unorthodox
user behavior.
Empower employees to
manage content securely.
Automatically execute
downstream remediation
actions.
Report on how users interact
with data and
security controls.
Proactive approach to
content security.
39 Confidential and Proprietary © Metalogix39 Confidential and Proprietary © Metalogix
How do you get all this done?
40 Confidential and Proprietary © Metalogix40 Confidential and Proprietary © Metalogix
Manual processes!
41 Confidential and Proprietary © Metalogix
ControlPointPermissions. Auditing. Governance. Administration.
Distribute security and governance capabilities
Govern and enforce from a central console
Audit and report on
configuration and
activity
Manage permissio
ns
Scan automaticall
y or on demand
42 Confidential and Proprietary © Metalogix
Sensitive Content ManagerScanning. Detection. Classification. Prevention.
Pinpoint where PII resides
Assess your risk level
Prevent violations with real-
time content shield
Take downstream enforcement
action
43 Confidential and Proprietary © Metalogix
Content MatrixThe industry’s most powerful SharePoint and Office 365 migration solution
Multiply SpeedCombine consoles and servers to simultaneously migrate content into SharePoint with Distributed Migration
Transform ContentNeed to update site templates or a column into managed metadata? We allow you to automate it easily
Ultimate ControlUse PowerShell to build repeatable and automated migration steps for all of your tasks
Re-Organize ContentBulk organize large numbers of documents while applying new metadata during or after migration
44 Confidential and Proprietary © Metalogix44 Confidential and Proprietary © Metalogix
Questions?
45 Confidential and Proprietary © Metalogix
Move, Manage, Protect
metalogix.com | 202.609.9100