secure sharepoint migration step by step

1 Confidential and Proprietary © Metalogix Move, Manage, Protect

March 8, 2017

Secure Migration Part II:Step by Step

2 Confidential and Proprietary © Metalogix

Adam LevithanDirector Product Management, MetalogixMicrosoft [email protected]@collabadam

The team

Jai DarganSenior Director Product Management, [email protected]@jai_dargan

3 Confidential and Proprietary © Metalogix3 Confidential and Proprietary © Metalogix

Today’s discussion Why secure migration?The ideal secure migration approach

GovernanceClassificationEnvironmentMigrationManagement


Secure migrationThe proper transfer of content to the right place, with the right user roles, access rights, and permissions.


Why secure migration?

Regulatory finesCustomer and

shareholder lawsuits

Trade secrets, valuable IP are

exposed

Customers, employees and

partners are less willing to

trust you

What else could you be doing instead of remediating a data

breach?

Financial Competition Reputation Opportunity

cost


How complex is migration? That depends on your…

Database & list size

Information architecture

Network choices

Customizations

Security & compliance

requirements


Dark underbelly of the digital workplace

SharePoint versions, multiple farms

File shares/network drives

Dropbox and Box

Systems that have not been decommissioned


Common reasons migrations fail• Large content DBs/site collections don’t upgrade successfully• Old and irrelevant content is upgraded, impacting search and

usability• Large unusable lists and large files that shouldn’t be in SharePoint

are upgraded, and remain unusable

• No time within project scope to leverage Information Architecture and version features

• Complex customizations (javascript, custom code, web parts)• Not taking security and compliance into account• Failing to involve stakeholders throughout the process


The Secure

Migration Approach


1. Governanc

e

2. Classificatio

n

3. Location

4. Migration

5. Manageme

nt


StepGovernanceContent audit, discovery and risk mapping

1


12

SharePoint Governance – at the outset

SharePoint governanc

e:Embedded

technical layer control


Governance creates balance

Expanding Threat

Surface

Regulatory Crackdown

Class Action

Lawsuits

Data Breaches

RISKS BENEFITS

User Adoption

Operational Efficiency / Shadow IT

SharePoint ROI

Information Insight


14

SharePoint / Collaboration

IT Leadership

Legal / HR

ComplianceKnowledge

Management

CISO

CIO

Users

…and involves many stakeholders


15

SharePoint / Collaboration

IT Leadership

Legal / HR

Compliance

Knowledge Managemen

t

CISO

Users

Gain consensus on the big questions• What is SharePoint intended to achieve organizationally?

• What types of content does SharePoint need to support?

• What services are required to function under change control?

• In what ways should the SharePoint platform be restricted ?

• What security levels are to be applied to the platform and how?


Run a content audit

Questionsto ask

What type of data do you have in SharePoint?

Do you know all locations of sensitive data in SharePoint?

Who is responsible for maintaining an inventory of sensitive data? How do you track which users currently access sensitive data?

What are consequences of inadvertent data exposure?

What data is sensitive (PII, PHI, IP, etc.?)

Do you know who has access to it?

How often is sensitive data inventoried?

How often do you track such access?

Who has accountability for a breach?


Rank content by risk to determine which assets are most important to secure.


StepClassificationMetadata, tagging, findability

2


Two levels of classification

Ensures each content asset can be managed independently.

Ensures each site and customization (branding, javascript, custom code, features, web parts) can be managed effectively by a system.


Classification adds metadata to information assetsYou can identify by:

Content type

Owner, so you can validate and remediate

Age

Rules for sharing

Levels of sensitivity (high, medium, low)


Classification impacts migration success Chance to clean up

problems such as incorrect

permissions and nested groups

Allows you to remove

content that is out of date or

duplicate

Helps you determine whether to migrate assets and where to move them

Clarifies whether customizations can be moved or will need to be rebuilt

Impacts how long and difficult your migration will be

BONUS: Improves

findability (makes users

happy!)


StepLocationOn-premises, cloud, hybrid

3


Classification of EnvironmentAge

Rules for sharing

Levels of sensitivity (high, medium, low)


Choose the environment that is the best fit

On-premises

What this means:A specific, customized system you treat differently

What to house there:Your most sensitive contentSites with extensive customization

Cloud

What this means:Possibly Office 365Possibly a specific application

What to house there:Your least sensitive contentSites with little or no customization

Hybrid

What this means:Connecting on-premises and cloud with Office 365Giving users ability to access content from either environment

What to house there:Case by case decision


StepMigrationNow that we know what assets to move and where, how do we move them?

4


Potential migration approaches

Lift & Shift

Content and sites maintain the same structure and simply move to a new location.

No option to apply metadata or adjust security profiles.

Multi-prong

You have options to change organizational structure and security settings as you migrate.

But, you must manually apply classification and rules.

Distributed

Automation allows you to change structure and apply security rules as you migrate.

• Fewer people involved• Less risk• Faster migration• More time to validate


• 100-person U.S. company• 50% growth over past two years• Permissions will carry over to new

architecture• Groups will carry over• No nested Active Directory Groups

Company A – Low risk migrationLift & Shift or Multi-prong may be sufficient


• 1000+ organization• Virtual workforce• Collaboration with 3rd parties• High growth, M&A activity• Highly regulated industry

Company B – High risk migrationThe best option is Distributed approach


Distributed approach to secure migrationOffice 365Extranet/cloudLow sensitivity

SharePoint 2016Intranet/on-premiseHigh sensitivity

Hybrid

Medium sensitivity


Classification determines appropriate location

Office 365Extranet/cloudLow sensitivity

SharePoint 2016Intranet/on-premiseHigh sensitivity

Hybrid

Medium sensitivity

Highsensitivity


Regardless of which location files and sites start from

Office 365

SharePoint 2016

Hybrid

SharePoint 2007

SharePoint 2010

File shares


As a final check, people should validate the migration

Classifications worked the

way they were expected

Site owners see

customizations

in their sites

Findability is what was expected


StepManagementOngoing data loss prevention

5


The average SharePoint farm grows 50-75%each year


Offboarding

Onboarding

Internal Transfer

M&A Restructur

ing

Every stage of the employee lifecycle has content security risk


Compliance rules change over time

Financial Services Healthcare

US Government

IT-Related Everyone

PCI-DSS HIPAA NIST 80—30 COBIT V EUGDPRSOX HITECH OMB A-130 ITIL

GLBA HITRUST-CSF FISMA ISO 28000+


You must sustain content security even after migration

Always know

know where sensitive

data resides.

Automatically monitor and

alert for unorthodox

user behavior.

Empower employees to

manage content securely.

Automatically execute

downstream remediation

actions.

Report on how users interact

with data and

security controls.

Proactive approach to

content security.


How do you get all this done?


Manual processes!


ControlPointPermissions. Auditing. Governance. Administration.

Distribute security and governance capabilities

Govern and enforce from a central console

Audit and report on

configuration and

activity

Manage permissio

ns

Scan automaticall

y or on demand


Sensitive Content ManagerScanning. Detection. Classification. Prevention.

Pinpoint where PII resides

Assess your risk level

Prevent violations with real-

time content shield

Take downstream enforcement

action


Content MatrixThe industry’s most powerful SharePoint and Office 365 migration solution

Multiply SpeedCombine consoles and servers to simultaneously migrate content into SharePoint with Distributed Migration

Transform ContentNeed to update site templates or a column into managed metadata? We allow you to automate it easily

Ultimate ControlUse PowerShell to build repeatable and automated migration steps for all of your tasks

Re-Organize ContentBulk organize large numbers of documents while applying new metadata during or after migration


Questions?


Move, Manage, Protect

metalogix.com | 202.609.9100

secure sharepoint migration step by step

Technology