sharepoint and office 365 secure migration approach

1 Confidential and Proprietary © Metalogix Move, Manage, Protect

Can your SharePoint migration lead to a data breach?Learn the Step-by-Step Process to Secure Migration

2 Confidential and Proprietary © Metalogix

What’s your starting point?

What business goals do you want to achieve?

How can technology help you achieve those

goals?


Every organization manages content differently


What’s the point of all this content?

85%are never retrieved.

60%are out of date.

50%are duplicates.


SharePoint houses thousands of unstructured content assetsBuried within folders—within folders—within folders

Most SharePoint customers have1+TBof content stored on the platform.

The average SharePoint farm grows 50-75%each year.


Including sensitive data

79%of companies store sensitive or confidential information on SharePoint. – CMS Wire

• Employee info – Social security numbers, salary info• Customer info – Personal and financial information• Patient info – ePHI, medical records, insurance• Intellectual property – Product plans, company strategy,

research

Even if you have a “secure zone” in your SharePoint farm, users can find ways around it.


Migration is a chance to get healthy

Make sensitive content more

secure

Reduce costs by moving to cloud

Clean out old, duplicate or unused content

Make content easier to manage

Make content easier to discover – for admins and users


How complex is migration? That depends on your…

Database & list size

Information architecture

Network choices

Customizations

Security & compliance

requirements


Common reasons migrations fail• Large content DBs/site collections don’t upgrade successfully• Old and irrelevant content is upgraded, impacting search and

usability• Large unusable lists and large files that shouldn’t be in SharePoint

are upgraded, and remain unusable

• No time within project scope to leverage Information Architecture and version features

• Complex customizations (javascript, custom code, web parts)• Not taking security and compliance into account• Failing to involve stakeholders throughout the process

9 Confidential and Proprietary © Metalogix9 Confidential and Proprietary © Metalogix

What do SharePoint migrations, spaghetti and a nice chianti have in common?


Dark underbelly of the digital workplace

SharePoint versions, multiple farms

File shares/network drives

Dropbox and Box

Systems that have not been decommissioned


Secure migrationThe proper transfer of content to the right place, with the right user roles, access rights, and permissions.


Why secure migration?

Regulatory finesCustomer and

shareholder lawsuits

Trade secrets, valuable IP are

exposed

Customers, employees and

partners are less willing to

trust you

What else could you be doing instead of remediating a data

breach?

Financial Competition Reputation Opportunity

cost


0 10 20 30 40 50 60 70 80 90 100

23%

25%

44%

51%

74%

78%

86%Emailing confidential documents from the workplace to a home computer or mobile devices using a Web-based email account Retaining confidential documents or files that are no longer required Moving large files containing business confidential information to a Web-based file-sharing application

Sharing files and documents not intended for them

Forwarding confidential files or documents to individuals not authorized to receive themSending confidential files to unauthorized individuals outside the organization Copying documents and files to a USB memory stick

after being downsized from an organization

(Percentage of IT and IT security pros who believe employees are likely or very likely to take action. Ponemon Institute.)

Negligent employee behaviorPeople are willing to bypass security policies to get their jobs done


Misaligned investment vs. risk

External threats

Insiders

0% 10% 20% 30% 40% 50% 60% 70% 80%

75%

25%

41%

65%Percentage of organizations concerned about threat types.

Percentage of security spending dedicated to ad-dressing threats.

overspend

underspend


Impact of data breachesGlobal Impact Corporate Impact Personal ImpactBy 2020 global cost of data breaches to reach $2.1 trillion

$52,000 - $87,000 is the average loss for every 1,000 records breached

Resignations and Job losses

$114 billion – the global market for stolen credit card data+

By 2020 the average cost will exceed $150 million

Nearly 70% of breaches impact a secondary victim


The ideal “secure migration” approach


1. Governanc

e

2. Classificatio

n

3. Location

4. Migration

5. Manageme

nt


StepGovernanceContent audit, discovery and risk mapping

1


19

SharePoint governance - part of information governance

SharePoint governanc

e:Embedded

technical layer control


Governance helps you create balance

Expanding Threat

Surface

Regulatory Crackdown

Class Action

Lawsuits

Data Breaches

RISKS BENEFITS

User Adoption

Operational Efficiency / Shadow IT

SharePoint ROI

Information Insight


21

SharePoint / Collaboration

IT Leadership

Legal / HR

ComplianceKnowledge

Management

CISO

CIO

Users

Determine your stakeholders


22

SharePoint / Collaboration

IT Leadership

Legal / HR

Compliance

Knowledge Managemen

t

CISO

Users

Gain consensus on the big questions• What is SharePoint intended to achieve organizationally?

• What types of content does SharePoint need to support?

• What services are required to function under change control?

• In what ways should the SharePoint platform be restricted ?

• What security levels are to be applied to the platform and how?


Run a content audit

Questionsto ask

What type of data do you have in SharePoint?

Do you know all locations of sensitive data in SharePoint?

Who is responsible for maintaining an inventory of sensitive data? How do you track which users currently access sensitive data?

What are consequences of inadvertent data exposure?

What data is sensitive (PII, PHI, IP, etc.?)

Do you know who has access to it?

How often is sensitive data inventoried?

How often do you track such access?

Who has accountability for a breach?


Once you know, you can rank content by risk to determine which assets are most important to secure.


StepClassificationMetadata, tagging, findability

2


Two levels of classification

Ensures each content asset can be managed independently.

Ensures each site and customization (branding, javascript, custom code, features, web parts) can be managed effectively by a system.


Classification adds metadata to assetsYou can identify by:

Content type

Owner, so you can validate and remediate

Age

Rules for sharing

Levels of sensitivity (high, medium, low)


Classification impacts success of your migration

Chance to clean up problems such as

incorrect permissions and

nested groups

Allows you to remove

content that is out of date or

duplicate

Helps you determine whether to migrate assets and where to move them

Clarifies whether customizations can be moved or will need to be rebuilt

Impacts how long and difficult your migration will be

BONUS: Improves

findability, making users

happy!


What if only 1 highly sensitive document resides within an otherwise low sensitivity site?


StepLocationOn-premises, cloud, hybrid

3


Choose the environment that is the best fit

On-premises

What this means:A specific, customized system you treat differently

What to house there:Your most sensitive contentSites with extensive customization

Cloud

What this means:Possibly Office 365Possibly a specific application

What to house there:Your least sensitive contentSites with little or no customization

Hybrid

What this means:Connecting on-premises and cloud with Office 365Giving users ability to access content from either environment

What to house there:Case by case decision


StepMigrationNow that we know what assets to move and where, how do we move them?

4


Potential migration approaches

Lift & Shift

Content and sites maintain the same structure and simply move to a new location.

No option to apply metadata or adjust security profiles.

Multi-prong

You have options to change organizational structure and security settings as you migrate.

But, you must manually apply classification and rules.

Distributed

Automation allows you to change structure and apply security rules as you migrate.

• Fewer people involved• Less risk• Faster migration• More time to validate


• 100-person U.S. company• 50% growth over past two years• Permissions will carry over to new

architecture• Groups will carry over• No nested Active Directory Groups

Company A – Low risk migrationLift & Shift or Multi-prong may be sufficient


• 1000+ organization• Virtual workforce• Collaboration with 3rd parties• High growth, M&A activity• Highly regulated industry

Company B – High risk migrationThe best option is Distributed approach


Distributed approach to secure migrationOffice 365Extranet/cloudLow sensitivity

SharePoint 2016Intranet/on-premiseHigh sensitivity

Hybrid

Medium sensitivity


Classification determines appropriate location

Office 365Extranet/cloudLow sensitivity

SharePoint 2016Intranet/on-premiseHigh sensitivity

Hybrid

Medium sensitivity

Highsensitivity


Regardless of which location files and sites start from

Office 365

SharePoint 2016

Hybrid

SharePoint 2007

SharePoint 2010

File shares


As a final check, people should validate the migration

Classifications worked the

way they were expected

Site owners see

customizations

in their sites

Findability is what was expected


StepManagementOngoing data loss prevention

5


The average SharePoint farm grows 50-75%each year


Old employees leave

New employees join

Roles and responsibilities change

M&A changes organizational structure

Every stage of the employee lifecycle has content security risk


Compliance rules change over time

Financial Services Healthcare

US Government

IT-Related Everyone

PCI-DSS HIPAA NIST 80—30 COBIT V EUGDPR

SOX HITECH OMB A-130 ITIL

GLBA HITRUST-CSF FISMA ISO 28000+


You must sustain content security even after migration

Always know

know where sensitive

data resides.

Automatically monitor and

alert for unorthodox

user behavior.

Empower employees to

manage content securely.

Automatically execute

downstream remediation

actions.

Report on how users interact

with data and

security controls.

Proactive approach to

content security.


How do you get all this done?


By hand?

That’s going to take forever!


ControlPointPermissions. Auditing. Governance. Administration.

Distribute security and governance capabilities

Govern and enforce from a central console

Audit and report on

configuration and

activity

Manage permissio

ns

Scan automaticall

y or on demand


Sensitive Content ManagerScanning. Detection. Classification. Prevention.

Pinpoint where PII resides

Assess your risk level

Prevent violations with real-

time content shield

Take downstream enforcement

action


Content MatrixThe industry’s most powerful SharePoint and Office 365 migration solution

Multiply SpeedCombine consoles and servers to simultaneously migrate content into SharePoint with Distributed Migration

Transform ContentNeed to update site templates or a column into managed metadata? We allow you to automate it easily

Ultimate ControlUse PowerShell to build repeatable and automated migration steps for all of your tasks

Re-Organize ContentBulk organize large numbers of documents while applying new metadata during or after migration


Move, Manage, Protect

metalogix.com | 202.609.9100

sharepoint and office 365 secure migration approach

Software