Gartner Research

Securing SharePoint in Extranet Scenarios

Published: 27 December 2012

ID: G00229664

Analyst(s): Neil MacDonald

Summary

Most enterprise deployments of SharePoint are now opening up for outside collaboration, changing the risk profile. However, the overall security profile of these deployments will be weakened if the corresponding improvement security protection strategy isn't updated to reflect the change in risk.

Table Of Contents
  • Key Challenges

Introduction

Analysis

  • Access and Access Governance Best Practices
  • Define a Process for Access Governance
  • Use Existing Extranet User Management Systems
  • Don't Forget About Internal Users Needing Access When They Are Outside of Your Enterprise Network
  • Don't Force Users to Use a VPN to Access SharePoint
  • Core Security Best Practices
  • Secure the SharePoint Application as a Critical Three-Tier Application
  • Place the Shared SharePoint Database in a Protected Section of the DMZ
  • Use SharePoint 2010 or Higher
  • Plan on the Use of Supplemental Third-Party Reporting Tools for Complex Deployments
  • Sensitive Data Best Practices
  • Periodically Crawl the SharePoint Site to Monitor for the Inappropriate Sharing of Sensitive Data
  • Consider Data Redaction Technologies to Mask Sensitive Data
  • Confirm SharePoint Is the Right Approach
  • Protect Sensitive Data Once It Leaves the SharePoint Environment
  • Treat All Content Uploaded as Untrusted, Requiring Malware Scanning

Recommended Reading

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Purchase this Document

To purchase this document, you will need to register or sign in above

Become a client

Learn how to access this content as a Gartner client.