can your sharepoint migration lead to a data breach?
TRANSCRIPT
1 Confidential and Proprietary © Metalogix Move, Manage, Protect
February 22, 2017
Can Your SharePoint Migration Lead to a Data Breach?
2 Confidential and Proprietary © Metalogix
Adam LevithanDirector Product Management, MetalogixMicrosoft [email protected]@collabadam
The team
Jai DarganSenior Director Product Management, [email protected]@jai_dargan
3 Confidential and Proprietary © Metalogix3 Confidential and Proprietary © Metalogix
Today’s discussion What’s in your SharePoint? (and file shares and Dropbox?)Secure migration is more important now than everA tale of two companies – low risk and high riskThe ideal secure migration process
4 Confidential and Proprietary © Metalogix
What’s your starting point?
What business goals do you want to achieve?
How can technology help you achieve those
goals?
4 Confidential and Proprietary © Metalogix
Every organization manages content differently
5 Confidential and Proprietary © Metalogix
Migration is a chance to get healthy
Make sensitive content more
secure
Clean out old, duplicate or unused content
Reduce costs by moving to cloud
Make content easier to manage
Make content easier to discover – for admins and users
6 Confidential and Proprietary © Metalogix
How complex is migration? That depends on your…
Database & list size
Information architecture
Network choices
Customizations
Security & compliance
requirements
7 Confidential and Proprietary © Metalogix7 Confidential and Proprietary © Metalogix
What do SharePoint migrations, spaghetti and a nice chianti have in common?
8 Confidential and Proprietary © Metalogix
SharePoint versions, multiple farms
File shares/network drives
Dropbox and Box
Systems that have not been decommissioned
9 Confidential and Proprietary © Metalogix
Content: The Underbelly of the Digital Workplace
85%are never retrieved.
60%are out of date.
50%are duplicates.
10 Confidential and Proprietary © Metalogix
SharePoint houses thousands of unstructured content assetsBuried within folders—within folders—within folders
Most SharePoint customers have1+TBof content stored on the platform.
The average SharePoint farm grows 50-75%each year.
11 Confidential and Proprietary © Metalogix
Including sensitive data
79%of companies store sensitive or confidential information on SharePoint. – CMS Wire
• Employee info – Social security numbers, salary info• Customer info – Personal and financial information• Patient info – ePHI, medical records, insurance• Intellectual property – Product plans, company strategy,
research
Even if you have a “secure zone” in your SharePoint farm, users can find ways around it.
12 Confidential and Proprietary © Metalogix12 Confidential and Proprietary © Metalogix
Secure migrationThe proper transfer of content to the right place, with the right user roles, access rights, and permissions.
13 Confidential and Proprietary © Metalogix
Why secure migration?
Trade secrets, valuable IP are
exposed
Competition
Customers, employees and
partners are less willing to
trust you
Reputation
What else could you be doing instead of remediating a data
breach?
Opportunity cost
Regulatory finesCustomer and
shareholder lawsuits
Financial
14 Confidential and Proprietary © Metalogix
0 10 20 30 40 50 60 70 80 90 100
23%
25%
44%
51%
74%
78%
86%Emailing confidential documents from the workplace to a home computer or mobile devices using a Web-based email account Retaining confidential documents or files that are no longer required Moving large files containing business confidential information to a Web-based file-sharing application
Sharing files and documents not intended for them
Forwarding confidential files or documents to individuals not authorized to receive themSending confidential files to unauthorized individuals outside the organization Copying documents and files to a USB memory stick
after being downsized from an organization
(Percentage of IT and IT security pros who believe employees are likely or very likely to take action. Ponemon Institute.)
Negligent employee behaviorPeople are willing to bypass security policies to get their jobs done
15 Confidential and Proprietary © Metalogix
Misaligned investment vs. risk
External threats
Insiders
0% 10% 20% 30% 40% 50% 60% 70% 80%
75%
25%
41%
65%Percentage of organizations concerned about threat types.
Percentage of security spending dedicated to ad-dressing threats.
overspend
underspend
16 Confidential and Proprietary © Metalogix
Impact of data breachesGlobal Impact Corporate Impact Personal ImpactBy 2020 global cost of data breaches to reach $2.1 trillion
$52,000 - $87,000 is the average loss for every 1,000 records breached
Resignations and Job losses
$114 billion – the global market for stolen credit card data+
By 2020 the average cost will exceed $150 million
Nearly 70% of breaches impact a secondary victim
17 Confidential and Proprietary © Metalogix
Compliance, compliance, compliance
Financial Services Healthcare
US Government
IT-Related Everyone
PCI-DSS HIPAA NIST 80—30 COBIT V
EUGDPRSOX HITECH OMB A-130 ITIL
GLBA HITRUST-CSF FISMA ISO 28000+
18 Confidential and Proprietary © Metalogix18 Confidential and Proprietary © Metalogix
A tale of two companies
19 Confidential and Proprietary © Metalogix
• 100-person U.S. company• 50% growth over past two years• Permissions will carry over to new
architecture• Groups will carry over• No nested Active Directory Groups
Company A – Low risk migration
20 Confidential and Proprietary © Metalogix
Sites move to a different site collection structure Break security dependencies while allowing sharing across sites
Human Resources
Benefits
Payroll
SharePoint 2010 Office 365
Human Resources Benefits Payroll
21 Confidential and Proprietary © Metalogix
• 10,000 person global organization• Virtual workforce• Collaboration with 3rd parties• High growth, M&A activity• Highly regulated industry
Company B – High risk migration
22 Confidential and Proprietary © Metalogix
Destination for each file is assessed based on risk Admins can manage risk across locations with a consolidated view
BoxLow sensitivity
Office 365Extranet/cloudMedium sensitivity
SharePoint 2016Intranet/on-premiseHigh sensitivity
23 Confidential and Proprietary © Metalogix23 Confidential and Proprietary © Metalogix23 Confidential and Proprietary © Metalogix
And we aren’t even talking about
legal hold documents
24 Confidential and Proprietary © Metalogix24 Confidential and Proprietary © Metalogix
The ideal “secure migration” approach
25 Confidential and Proprietary © Metalogix
Ongoing security &informationmanagement
5
Agree on what content is sensitive
1
Governance
Classify content according to rules
2
Humans or automation
Decide where content should reside
3
On-premises, cloud or hybrid
Migrate content based on rules
4
Moving Day
Technology and People
26 Confidential and Proprietary © Metalogix
26
SharePoint governance is part of information governance
SharePoint governanc
e:Application
layer controls and policies
27 Confidential and Proprietary © Metalogix27 Confidential and Proprietary © Metalogix
Join us March 8 for Part II: Secure Migration Step-by-Step
MAR8
28 Confidential and Proprietary © Metalogix28 Confidential and Proprietary © Metalogix28 Confidential and Proprietary © Metalogix
Other webinars to check out:
SharePoint Migration Series: Structuring Your Migration for Success
SharePoint Migration Series: Planning
29 Confidential and Proprietary © Metalogix
Move, Manage, Protect
metalogix.com | 202.609.9100
Thank you!