sharepoint and office 365 secure migration approach
TRANSCRIPT
1 Confidential and Proprietary © Metalogix Move, Manage, Protect
Can your SharePoint migration lead to a data breach?Learn the Step-by-Step Process to Secure Migration
2 Confidential and Proprietary © Metalogix
What’s your starting point?
What business goals do you want to achieve?
How can technology help you achieve those
goals?
2 Confidential and Proprietary © Metalogix
Every organization manages content differently
3 Confidential and Proprietary © Metalogix
What’s the point of all this content?
85%are never retrieved.
60%are out of date.
50%are duplicates.
4 Confidential and Proprietary © Metalogix
SharePoint houses thousands of unstructured content assetsBuried within folders—within folders—within folders
Most SharePoint customers have1+TBof content stored on the platform.
The average SharePoint farm grows 50-75%each year.
5 Confidential and Proprietary © Metalogix
Including sensitive data
79%of companies store sensitive or confidential information on SharePoint. – CMS Wire
• Employee info – Social security numbers, salary info• Customer info – Personal and financial information• Patient info – ePHI, medical records, insurance• Intellectual property – Product plans, company strategy,
research
Even if you have a “secure zone” in your SharePoint farm, users can find ways around it.
6 Confidential and Proprietary © Metalogix
Migration is a chance to get healthy
Make sensitive content more
secure
Reduce costs by moving to cloud
Clean out old, duplicate or unused content
Make content easier to manage
Make content easier to discover – for admins and users
7 Confidential and Proprietary © Metalogix
How complex is migration? That depends on your…
Database & list size
Information architecture
Network choices
Customizations
Security & compliance
requirements
8 Confidential and Proprietary © Metalogix
Common reasons migrations fail• Large content DBs/site collections don’t upgrade successfully• Old and irrelevant content is upgraded, impacting search and
usability• Large unusable lists and large files that shouldn’t be in SharePoint
are upgraded, and remain unusable
• No time within project scope to leverage Information Architecture and version features
• Complex customizations (javascript, custom code, web parts)• Not taking security and compliance into account• Failing to involve stakeholders throughout the process
9 Confidential and Proprietary © Metalogix9 Confidential and Proprietary © Metalogix
What do SharePoint migrations, spaghetti and a nice chianti have in common?
10 Confidential and Proprietary © Metalogix
Dark underbelly of the digital workplace
SharePoint versions, multiple farms
File shares/network drives
Dropbox and Box
Systems that have not been decommissioned
11 Confidential and Proprietary © Metalogix11 Confidential and Proprietary © Metalogix
Secure migrationThe proper transfer of content to the right place, with the right user roles, access rights, and permissions.
12 Confidential and Proprietary © Metalogix
Why secure migration?
Regulatory finesCustomer and
shareholder lawsuits
Trade secrets, valuable IP are
exposed
Customers, employees and
partners are less willing to
trust you
What else could you be doing instead of remediating a data
breach?
Financial Competition Reputation Opportunity
cost
13 Confidential and Proprietary © Metalogix
0 10 20 30 40 50 60 70 80 90 100
23%
25%
44%
51%
74%
78%
86%Emailing confidential documents from the workplace to a home computer or mobile devices using a Web-based email account Retaining confidential documents or files that are no longer required Moving large files containing business confidential information to a Web-based file-sharing application
Sharing files and documents not intended for them
Forwarding confidential files or documents to individuals not authorized to receive themSending confidential files to unauthorized individuals outside the organization Copying documents and files to a USB memory stick
after being downsized from an organization
(Percentage of IT and IT security pros who believe employees are likely or very likely to take action. Ponemon Institute.)
Negligent employee behaviorPeople are willing to bypass security policies to get their jobs done
14 Confidential and Proprietary © Metalogix
Misaligned investment vs. risk
External threats
Insiders
0% 10% 20% 30% 40% 50% 60% 70% 80%
75%
25%
41%
65%Percentage of organizations concerned about threat types.
Percentage of security spending dedicated to ad-dressing threats.
overspend
underspend
15 Confidential and Proprietary © Metalogix
Impact of data breachesGlobal Impact Corporate Impact Personal ImpactBy 2020 global cost of data breaches to reach $2.1 trillion
$52,000 - $87,000 is the average loss for every 1,000 records breached
Resignations and Job losses
$114 billion – the global market for stolen credit card data+
By 2020 the average cost will exceed $150 million
Nearly 70% of breaches impact a secondary victim
16 Confidential and Proprietary © Metalogix16 Confidential and Proprietary © Metalogix
The ideal “secure migration” approach
17 Confidential and Proprietary © Metalogix
1. Governanc
e
2. Classificatio
n
3. Location
4. Migration
5. Manageme
nt
18 Confidential and Proprietary © Metalogix18 Confidential and Proprietary © Metalogix
StepGovernanceContent audit, discovery and risk mapping
1
19 Confidential and Proprietary © Metalogix
19
SharePoint governance - part of information governance
SharePoint governanc
e:Embedded
technical layer control
20 Confidential and Proprietary © Metalogix
Governance helps you create balance
Expanding Threat
Surface
Regulatory Crackdown
Class Action
Lawsuits
Data Breaches
RISKS BENEFITS
User Adoption
Operational Efficiency / Shadow IT
SharePoint ROI
Information Insight
21 Confidential and Proprietary © Metalogix
21
SharePoint / Collaboration
IT Leadership
Legal / HR
ComplianceKnowledge
Management
CISO
CIO
Users
Determine your stakeholders
22 Confidential and Proprietary © Metalogix
22
SharePoint / Collaboration
IT Leadership
Legal / HR
Compliance
Knowledge Managemen
t
CISO
Users
Gain consensus on the big questions• What is SharePoint intended to achieve organizationally?
• What types of content does SharePoint need to support?
• What services are required to function under change control?
• In what ways should the SharePoint platform be restricted ?
• What security levels are to be applied to the platform and how?
23 Confidential and Proprietary © Metalogix
Run a content audit
Questionsto ask
What type of data do you have in SharePoint?
Do you know all locations of sensitive data in SharePoint?
Who is responsible for maintaining an inventory of sensitive data? How do you track which users currently access sensitive data?
What are consequences of inadvertent data exposure?
What data is sensitive (PII, PHI, IP, etc.?)
Do you know who has access to it?
How often is sensitive data inventoried?
How often do you track such access?
Who has accountability for a breach?
24 Confidential and Proprietary © Metalogix24 Confidential and Proprietary © Metalogix
Once you know, you can rank content by risk to determine which assets are most important to secure.
25 Confidential and Proprietary © Metalogix25 Confidential and Proprietary © Metalogix
StepClassificationMetadata, tagging, findability
2
26 Confidential and Proprietary © Metalogix
Two levels of classification
Ensures each content asset can be managed independently.
Ensures each site and customization (branding, javascript, custom code, features, web parts) can be managed effectively by a system.
27 Confidential and Proprietary © Metalogix
Classification adds metadata to assetsYou can identify by:
Content type
Owner, so you can validate and remediate
Age
Rules for sharing
Levels of sensitivity (high, medium, low)
28 Confidential and Proprietary © Metalogix
Classification impacts success of your migration
Chance to clean up problems such as
incorrect permissions and
nested groups
Allows you to remove
content that is out of date or
duplicate
Helps you determine whether to migrate assets and where to move them
Clarifies whether customizations can be moved or will need to be rebuilt
Impacts how long and difficult your migration will be
BONUS: Improves
findability, making users
happy!
29 Confidential and Proprietary © Metalogix29 Confidential and Proprietary © Metalogix
What if only 1 highly sensitive document resides within an otherwise low sensitivity site?
30 Confidential and Proprietary © Metalogix30 Confidential and Proprietary © Metalogix
StepLocationOn-premises, cloud, hybrid
3
31 Confidential and Proprietary © Metalogix
Choose the environment that is the best fit
On-premises
What this means:A specific, customized system you treat differently
What to house there:Your most sensitive contentSites with extensive customization
Cloud
What this means:Possibly Office 365Possibly a specific application
What to house there:Your least sensitive contentSites with little or no customization
Hybrid
What this means:Connecting on-premises and cloud with Office 365Giving users ability to access content from either environment
What to house there:Case by case decision
32 Confidential and Proprietary © Metalogix32 Confidential and Proprietary © Metalogix
StepMigrationNow that we know what assets to move and where, how do we move them?
4
33 Confidential and Proprietary © Metalogix
Potential migration approaches
Lift & Shift
Content and sites maintain the same structure and simply move to a new location.
No option to apply metadata or adjust security profiles.
Multi-prong
You have options to change organizational structure and security settings as you migrate.
But, you must manually apply classification and rules.
Distributed
Automation allows you to change structure and apply security rules as you migrate.
• Fewer people involved• Less risk• Faster migration• More time to validate
34 Confidential and Proprietary © Metalogix
• 100-person U.S. company• 50% growth over past two years• Permissions will carry over to new
architecture• Groups will carry over• No nested Active Directory Groups
Company A – Low risk migrationLift & Shift or Multi-prong may be sufficient
35 Confidential and Proprietary © Metalogix
• 1000+ organization• Virtual workforce• Collaboration with 3rd parties• High growth, M&A activity• Highly regulated industry
Company B – High risk migrationThe best option is Distributed approach
36 Confidential and Proprietary © Metalogix
Distributed approach to secure migrationOffice 365Extranet/cloudLow sensitivity
SharePoint 2016Intranet/on-premiseHigh sensitivity
Hybrid
Medium sensitivity
37 Confidential and Proprietary © Metalogix
Classification determines appropriate location
Office 365Extranet/cloudLow sensitivity
SharePoint 2016Intranet/on-premiseHigh sensitivity
Hybrid
Medium sensitivity
Highsensitivity
38 Confidential and Proprietary © Metalogix
Regardless of which location files and sites start from
Office 365
SharePoint 2016
Hybrid
SharePoint 2007
SharePoint 2010
File shares
39 Confidential and Proprietary © Metalogix
As a final check, people should validate the migration
Classifications worked the
way they were expected
Site owners see
customizations
in their sites
Findability is what was expected
40 Confidential and Proprietary © Metalogix40 Confidential and Proprietary © Metalogix
StepManagementOngoing data loss prevention
5
41 Confidential and Proprietary © Metalogix
The average SharePoint farm grows 50-75%each year
42 Confidential and Proprietary © Metalogix
Old employees leave
New employees join
Roles and responsibilities change
M&A changes organizational structure
Every stage of the employee lifecycle has content security risk
43 Confidential and Proprietary © Metalogix
Compliance rules change over time
Financial Services Healthcare
US Government
IT-Related Everyone
PCI-DSS HIPAA NIST 80—30 COBIT V EUGDPR
SOX HITECH OMB A-130 ITIL
GLBA HITRUST-CSF FISMA ISO 28000+
44 Confidential and Proprietary © Metalogix
You must sustain content security even after migration
Always know
know where sensitive
data resides.
Automatically monitor and
alert for unorthodox
user behavior.
Empower employees to
manage content securely.
Automatically execute
downstream remediation
actions.
Report on how users interact
with data and
security controls.
Proactive approach to
content security.
45 Confidential and Proprietary © Metalogix45 Confidential and Proprietary © Metalogix
How do you get all this done?
46 Confidential and Proprietary © Metalogix46 Confidential and Proprietary © Metalogix
By hand?
That’s going to take forever!
47 Confidential and Proprietary © Metalogix
ControlPointPermissions. Auditing. Governance. Administration.
Distribute security and governance capabilities
Govern and enforce from a central console
Audit and report on
configuration and
activity
Manage permissio
ns
Scan automaticall
y or on demand
48 Confidential and Proprietary © Metalogix
Sensitive Content ManagerScanning. Detection. Classification. Prevention.
Pinpoint where PII resides
Assess your risk level
Prevent violations with real-
time content shield
Take downstream enforcement
action
49 Confidential and Proprietary © Metalogix
Content MatrixThe industry’s most powerful SharePoint and Office 365 migration solution
Multiply SpeedCombine consoles and servers to simultaneously migrate content into SharePoint with Distributed Migration
Transform ContentNeed to update site templates or a column into managed metadata? We allow you to automate it easily
Ultimate ControlUse PowerShell to build repeatable and automated migration steps for all of your tasks
Re-Organize ContentBulk organize large numbers of documents while applying new metadata during or after migration
50 Confidential and Proprietary © Metalogix
Move, Manage, Protect
metalogix.com | 202.609.9100