Evaluating how well SharePoint's security model performs against a real-world business scenario.
In my last post, we established 4 core requirements for a new hypothetical security model for SharePoint. They were:
1) Accommodate business change,
2) Accurate,
3) Quick and Simple, and
4) Robust and Reliable
Let's now use these requirements as a lens to examine how SharePoint's current security model stands up to a real-world business scenario.
The Scenario
A highly confidential idea for a new product is to be developed and brought to market.
A SharePoint site was used by the 7 engineers involved so far. The documents and diagrams they shared in the site helped validate the idea. The CEO, CFO and their assistants were given access also.
Once the project got the green light, the team scaled up quickly. Three project streams were established, with a common program across them:
- Product Development stream (31 people): designers, engineers, marketers
- Customer stream (19 people): commercial and sales development
- Legal / Financial stream (8 people): patents, revenue projections, project funding
To minimize confidentiality risk, it is imperative that people only have access to precisely the information they need, and no more.
The plan was to isolate each stream, to keep information circles small. The original SharePoint site was designated for use by the program, and a sub-site (non-inherited permissions) created for each of the three streams.
Over the 9 months since, boundaries blurred a little. Legal weighed in on product decisions. Product Development needed commercial visibility. Outsiders needed to contribute or review certain details.
The project team grew and shrank over time. The Product Development stream is dividing in two. Everyone is under time pressure. The project has at least a year to go.
How Will SharePoint's Security Model Hold Up?
Accommodating Constant Change
The project has already seen a lot of change: people joining and leaving the team, temporary access across stream boundaries, temporary access outside the project, a stream dividing in two.
Administrators would have had to carry out hundreds of manual permissions changes over the course of the project so far. Everywhere permissions inheritance was broken (such as every time Legal accessed a Product Development document), the number of changes increases.
All these changes are in no way automatic.
Accurate
To update every necessary permissions configuration every time something in the business changes, administrators must be aware of every single change. Even though they may work somewhat at arms-length from the rest of the business.
A single business change, such as someone transferring from marketing to sales, could give rise to dozens of permissions changes. Administrators must somehow work them all out.
The chances of a mistake being made, or something being missed - are high.
Quick and Simple
Every time something in the business changes, one or more people may need to be granted or revoked access to several collections of information. Many permissions changes will likely result from every business change. Identifying each change may not be immediately obvious. This is neither quick, nor simple.
SharePoint can allow business users to grant permissions for sites or documents themselves. But what about revoking access when it is no longer appropriate? Usually busy, business users will often forget.
Robust and Reliable
A business user needs to share a new sensitive document with their project stream. To what extent can they honestly trust that only the correct people will have access? How likely is it that site permissions aren’t aligned with the business circumstances? How can they know who will have access to the document once it is uploaded, and how can they evaluate the accuracy of that?
If people don't trust system security, they may choose to share information some other way.
The Bottom Line
So how did SharePoint's security model hold up? Probably not so well. Keeping permissions accurate for thousands of documents and dozens of users, in the face of constant business change - is a large and complex task which is highly vulnerable to error.
All it takes is one mistake, one change overlooked, one accidental inaccuracy. One administrator away on leave. One information owner frustrated under time pressure. It doesn't take much for inaccurate security to materialize into a serious breach.
I'll sign off with this fact: in a recent survey, 71% of business users thought they had access to more information than they probably should. This is not a small problem!
In my next post, I'll share some thoughts on designing Security-Centric Governance Plans for SharePoint. Trying to balance the needs of users, administrators and the business - while maximizing the security of our information.
Thanks for reading!
Peter
by Peter Bradley via Everyone's Blog Posts - SharePoint Community
No comments:
Post a Comment