Sharepoint Security Policies and Procedures

Best Practices for Server Safety

• As with any server-based information service, users are usually advised to reduce the "attack-surface" of information on a single server. For practical reasons, Sharepoint organizes all libraries on a single server to reduce traffic and better organize the files into libraries, yet Sharepoint users should delete any components of the application they do not use in order to reduce the volume of vulnerable information. If, for example, an organization only uses Sharepoint to collaboratively edit documents, the organization should erase other features like report-sending and group memberships saved on the same server. Sharepoint works on an Structured Query Language platform and users will have to install associated SQL software on a server in order to run the application, preferably on a separate server to reduce the amount of information associated with a single account on each server.

Service Accounts

• As users set-up Sharepoint on a server, the program automatically establishes service or administrator accounts that are responsible for managing permissions and organizing libraries. These users are the only ones granted permission to alter the structure of the information, invite new users, remove users or change the account privileges of users. While small organizations are often tempted to only have a few administrators with a large number of privileges to manage the whole system, users would be better advised to separate administrator functions among many service accounts. Even if the same person in the organization uses all of these accounts and has to log in with a different user in order to perform different tasks, separating administrator functions between accounts reduces the risk to the information in the case of any single account being compromised.

Authentication and Users

• Every user on a Sharepoint account has a separate authenticated login – username and password – and a set of security privileges. These privileges, sometimes manages by group memberships where all members of a group have access to certain areas – determine what types of files or specific documents a user can see. Internally, this user system keeps information from falling into the hands of users that do not have appropriate clearances. To ward off external threats to the organization, Sharepoint administrators should manage user accounts carefully, removing the accounts of users who have left the organization, confirming that all users have strong passwords and monitoring privileges to make sure every user only has access to the areas he or she needs to use.

Encryption

• Information is not only vulnerable inside the organization and on the server, but in transit between users and servers. In order to keep information traffic safe from hackers, Sharepoint offers complete encryption protection for data, scrambling data in transit so that it is unreadable for malicious, unregistered users. In order to operate these encryption applications properly, Sharepoint users should install Public Key Infrastructure on their servers, the necessary platform for installing Secure Socket Layer encryption to protect messages between users and Internet Portal Security to secure messages between servers.