Keystone for SharePoint: Security Management for MOSS
"Everything would be fine if you were not trying to hook up SharePoint with your identity management tools. SharePoint is going to be a critical application, granular access controls will be a necessity and Microsoft's tools are insufficient for all usage scenarios."
Gerry Gebel
VP and Services Director
Burton Group
Identity and Privacy Group
As SharePoint moves from the tactical to become a strategic enterprise solution, organizations are demanding more security and control than SharePoint’s security model offers. With more and more confidential company information residing in SharePoint, access control becomes critical. On its own, SharePoint offers no support for enterprise entitlements that exist outside of Active Directory and lacks the ability to manage authorization across multiple sites. In addition, SharePoint does not provide an audit trail of access and authorization activities. Without the ability to report who has access to what, with no delegation of administration, and without enforcement of segregation of duties, in order for SharePoint to become an enterprise-ready solution, it needs help.
Common SharePoint Challenges
- Only allows for authentication and attributes against AD
- SSO is difficult to achieve
- Difficult to add/change auth sources
- Opening collaboration for outside users
- Authorization tends to be all or nothing
- No ability to manage authorization across sites
- No ability to build authorization on existing roles and policy
- No consistency enforcing security policy
- No active enforcement of who has access to what – “Information Barriers”
- No consistency in how security is administered
- No support for delegated administration
- No fine-grained administrative control
- No Enterprise CAL consumption control
- No visibility into policy and permissions
- No audit trail of who gave who access
- No active SOD enforcement
- No ability to leverage IAM principles
- No snapshot in time to determine who had what access on a given date/time