File Share Entitlement Review: Finding the Owner

One thing top of mind for information security professionals in 2012 is understanding who has access to what and being able to provide clear, concise reporting around it. We call it Access Governance or Data Governance and it consists of entitlement reviews, access reviews, or audit reporting. The terms overlap and the complete superset of product features around this challenge can seem overwhelming and difficult to comprehend. At STEALTHbits, we simplify things. We’ve developed quick-win solutions that get you from where you are today to the next step with a proven and pragmatic methodology.

Data Owners

One small example is how we’re able to identify owners of file shares and other resources. First, we have an algorithm that provides a list of probable owners based on a number of factors – who has rights, who is doing what, etc. The algorithm is adjustable to meet specific requirements, but we know that there isn’t an algorithm on earth that could determine ownership with 100% accuracy across large scale environments. So, we leverage the STEALTHAudit Platform survey modules to reach out to probable data owners to ask them if we’re right.

If we are, we provide a set of instructions on what we need them to do. If they’re not, we move on to the next probable owner to see if we can track down the right people. Each step of the way, we report on where things stand: which shares are high-risk, which have owners, which are still awaiting response, etc.

In large scale environments, there is no easy button. But there is experience and expertise. Experience counts. If you’re trying to figure out who owns your content, let’s chat and we’ll let you know what we’ve learned about this challenge as we’ve helped a number of the world’s largest organizations solve it.

Open File Shares: A Pragmatic Approach

A number of STEALTHbits’ customers have reported that their #1 audit challenge boils down to open file shares. Auditors are clearly concerned with access and while it’s difficult to understand access rights across millions of individual files, it’s immediately apparent when there are file shares that are open to anyone.

But, how do you approach a problem that spans across thousands of servers? Do you implement a monitoring solution for three months? Manually sift through each one? Well, you could do either of those things. And if you’re interested in activity monitoring, we’ve got the best solution on the market. But, I’d argue that the best way to deal with open shares is to move through a quick, pragmatic process that scopes resources, identifies high-risk, and automates cleanup without significant infrastructure or investment.

STEALTHbits has developed a step-by-step approach to closing down open file shares and has proven it out at a number of the world’s largest organizations. It’s simple to deploy, uses a just single server, can scan remotely, and it works. We’re able to provide real results in about one week. Give us 5 days, and we’ll have your arms comfortably around the problem and your mind at rest.

If there were an award for Supersleuth Marketing Team of the year, STEALTHbits' would be on the short list. We've crept around corridors and hid out in conference rooms to bring you the latest buzz on groundbreaking products that'll be out soon. Earlier this year, we brought you a first look at StealthINTERCEPT, a game-changing real-time Active Directory solution. Now, we've cornered Dave Bullas, Product Manager for Active Directory, and convinced him to answer just a few questions about the latest thing to be coming through STEALTHbits' doors in the near future.

Daria: We saw "StealthMAINTAIN for Active Directory" written on a whiteboard in Conference Room B the other day. What can you tell us about it?

Dave: Absolutely nothing. It's classified, eh?

Daria: But the blogosphere wants to know! Is it a new product?

Dave: I can't give you a lot of details, but if you think about the name, StealthMAINTAIN, maybe it'll become a little clearer.

Daria: Maintain – like maintenance? Maintenance and clean-up?

Dave: Exactly – this product will be an extension to our existing SMP for Active Directory solution, and will allow users to perform remediation and provide them with insight into AD groups, users, and computers.

Daria: How is that different from what we have today?

Dave: It will give admins information from across their environments, allowing them to make decisions about changes much quicker. Since AD is a critical part of the File System, Exchange, SharePoint, and more, this solution will really provide visibility beyond what they can currently see, like effective rights and circular nesting across various data repositories.

Daria: Sounds cool!

Dave: We think so. But I have to head to meeting now.

Daria: But we have more questions!

Dave: This conversation never happened.

Managing user access within SharePoint is a chore, but reducing permissions sprawl (way too many people having access) and keeping access organized and up-to-date is critical if you want to really understand what SharePoint resources are being used, and who is using them.

Unfortunately, due to a variety of reasons, SharePoint is often out-of-date when it comes to permissions.

Factors like:

1. Lots of users with management permissions having the rights to change permissions and assign permissions to other users

2. No native reporting tools within SharePoint that allow admins to detect effective rights to head off problems

both contribute to the SharePoint "zoo."

At the very least, admins need a tool that allows them to baseline permissions, certify ownership, evaluate effective rights, and take immediate action to fix security holes. But wouldn't it be nice if SharePoint admins / users had a "self-service" model for SharePoint clean-up?

SMP for SharePoint, STEALTHbits' solution, features a comprehensive, 4-step workflow to do just that:

1. We baseline the permissions.

2. We identify the probable owners of sites.

3. We talk to the probable owners to get answers to permissions questions.

4. We analyze the results and recommend next steps based on them.

And it's all done from within a single tool.

If you want to learn more about the SharePoint governance challenge, as well as our Self-Service features, check out our STEALTHsession on SharePoint Self-Service. (Please note - you must be logged in to view extended videos).

GLEN ROCK, NJ--(November 10, 2010) - STEALTHbits Technologies today announced that its StealthAUDIT Management Platform (SMP) was chosen as a winner in the Best of Connections 2010 awards program in the "Best Windows Product" category by Penton Media's DevConnections. SMP is a comprehensive framework featuring audit, reporting, compliance, and remediation capabilities across the Microsoft computing platform, including solutions for Exchange, ActiveSync, BlackBerry Enterprise Server, Active Directory, SharePoint, Windows Desktop and Server Operating Systems, Windows File Systems, and beyond.

"We are thrilled to have received the 'Best Windows Product' award recognizing StealthAUDIT's ability to answer the toughest IT questions across the Microsoft landscape," said Adam Laub, VP of Marketing and Technical Operations at STEALTHbits. "We're excited to have had the opportunity to showcase our unique approach to Microsoft infrastructure and application management which our customers have found so valuable, and are grateful to the Penton Media team for their acknowledgement of our achievement in this field."

The Best of Connections awards recognize companies based on their innovation, strategic importance to the market, competitive advantage and exceptional value to customers. The winners were chosen from more than 80 nominated products in six (6) categories. The field was narrowed to three finalists in each category. Finalists were interviewed at the DevConnections 2010 conference in Las Vegas, Nevada, November 2-3 to determine the winners in each category. Winners were announced live from the DevConnections 2010 exhibitor's floor at 2 pm on Thursday, November 4.

"Narrowing down the list of nominees to 18 finalists in the six Connections categories was a challenge, considering that we were faced with so many top-tier products and services," said Amy Eisenberg, Executive Editor for Windows IT Pro, "but in the end, we came up with six very deserving winners. We're proud of our selections, and we believe all our finalists and winners represent the best of the best in their categories."

---

About STEALTHbits Technologies, Inc.
STEALTHbits Technologies, Inc. is an innovative technology leader in the Microsoft Infrastructure and Application Management space. STEALTHbits' StealthAUDIT Management Platform bridges the gap between IT Management and Compliance, providing a unified framework by which to measure, manage, and maintain. STEALTHbits Technologies can be found online at stealthbits.com.

---

Editorial Contact
Adam Laub
VP, Marketing
+1.201.447.9308

---

Related Articles
Congratulations to the Best of Connections 2010 Winners! by Jason Bovberg, Windows IT Pro Magazine

GLEN ROCK, NJ (07/15/09) - STEALTHbits Technologies' software solution, SMP for Public Folders, makes short work of preparing organizations of any size for their Public Folder to SharePoint migration. STEALTHbits Technologies, Inc., an innovative leader in the Microsoft infrastructure and application management space, is changing the way organizations tackle this daunting task through programmatic workflow involving the assessment, analysis, and remediation of Public Folders, all within a single product.

Over the past decade, many organizations have allowed their Public Folder environments to grow out of control, migrating unneeded, out-of-date content from one version of Exchange to the next. While cheap disk space proved to be an effective short term solution for minimizing Public Folder clean-up efforts, the long term costs of hurling hardware at a software problem now far outweigh the benefits realized by delaying the inevitable.

In 2006, Microsoft announced they would be "de-emphasizing" Public Folders in future versions of Exchange, causing widespread panic among Exchange Administrators, Compliance Auditors, and CIO's alike, as cleaning up this massive repository of unchartered data would surely present an overwhelming burden on IT resources. While Microsoft has since extended their deadline for supporting Public Folders, the need to understand what is in the environment, who actually owns the content, and what can be done with each and every Public Folder remains a ticking time bomb for any organization still supporting Public Folders.

STEALTHbits has incorporated cutting-edge techniques into their offering to hurdle some of the most difficult challenges in assessing and analyzing Public Folder data, such as identifying the "Most Probable Owner" of a Public Folder and soliciting end-user feedback as part of the decision-making process through integrated SendMail and Survey Modules. STEALTHbits' Public Folder Action Module rounds out the workflow with a myriad of options for remediating Public Folder content in just a few clicks.

STEALTHbits' customers have realized incredible results in only days and weeks (compared to months and years) by using over 30 out-of-the-box reports specifically designed to dissect the Public Folder environment into manageable data subsets, as well as the native ability to create customized data collection routines, reports, and views answering the toughest business questions. One large financial customer was able to retire over 5,000 folders and reclaim over 50GB of storage within 3 weeks of implementing the solution, in addition to recertifying Public Folder permissions for all 300,000+ folders.

STEALTHbits offers project, subscription, and perpetual based licensing models for SMP for Public Folders or can be purchased as an integrated component of STEALTHbits' SMP for Exchange Solution Suite.

For additional information and free trial opportunities for SMP for Public Folders and the StealthAUDIT Management Platform, visit www.stealthbits.com.

---

ABOUT STEALTHbits Technologies, Inc.
STEALTHbits Technologies, Inc. is an innovative technology leader in the Microsoft infrastructure and application management space.

Unlike traditional frameworks that are a mile wide and an inch deep, STEALTHbits has taken a unique approach. Built upon a common platform and shared services, the StealthAUDIT Management Platform (SMP) is as broad as it is deep across multiple areas of OS and application Management, Auditing, Reporting, Compliance, and Remediation. With concentrated focus around Microsoft Exchange, Active Directory, BlackBerry, and Windows Systems, STEALTHbits provides organizations of all sizes the visibility needed to manage systems and applications effectively and efficiently through a single interface, a common platform, and light-weight architecture.

---

Editorial Contact
Adam Laub
STEALTHbits Technologies, Inc.
+1.201.447.9300

Glen Rock, NJ (Feb. 1, 2011) STEALTHbits Technologies today announced the release of a new SharePoint management and reporting solution available within the StealthAUDIT Management Platform (SMP). The newest addition to STEALTHbits' Data Governance offering bridges the gap between IT Management and Compliance, helping to address critical security risks such as open sites, broken inheritance, and ethical wall violations. Deep visibility into SharePoint permissions, infrastructure, content, and activity combine with SMP's feature-rich framework to provide organizations with the advanced auditing, reporting, and workflow facilities they expect from DevConnections 2010's "Best Windows Product."

The new solution set gives administrators the ability to answer some of the most difficult administrative and compliance questions around SharePoint today, such as who effectively has access to SharePoint sites and content, what's being used, which sites have gone stale, how servers have been configured, what's been changing, and more. Uniquely, SMP for SharePoint allows administrators and auditors to see user activity across sites, a critical requirement for many governance campaigns.

Beyond just data collection, the SharePoint solution features a comprehensive reporting and analysis engine that gives users instant business intelligence rather than pages of raw data. Additionally, users have the ability to create their own solutions by leveraging the data collection, analysis, and reporting facilities native to SMP.

"SharePoint is already a business-critical application, and its value will only continue to increase with time. That being said, just like we've seen with the distributed file system, SharePoint sites can quickly grow out of control. We see it daily in customer environments -- the need for an extensible, out-of-the-box solution is huge. SMP provides users with insight and features not available anywhere else, along with visibility across the entire SharePoint ecosystem and the vast majority of the Microsoft environment," said Jeff Warren, Technical Product Manager at STEALTHbits.

The SharePoint solution is the newest component of the StealthAUDIT Management Platform, an extensible engine that allows users to measure, manage, and maintain their critical infrastructure and applications across the Microsoft framework and beyond. Other solutions available within SMP include Exchange, Public Folders, Active Directory, BlackBerry and ActiveSync, Systems Governance, and Data Governance and Compliance.

---

About STEALTHbits Technologies, Inc.
STEALTHbits Technologies, Inc. is an innovative technology leader in the Microsoft Infrastructure and Application Management space. STEALTHbits Technologies can be found online at stealthbits.com.

---

Editorial Contact
Adam Laub
STEALTHbits Technologies, Inc.
+1.201.783.2243
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

SharePoint is growing more and more prevalent in organizations, and offers a great way for users to interact and share content remotely for collaboration on projects. With the increasing use of SharePoint, however, SharePoint admins are facing the same issues that plagued (and, in many cases, continue to plague) administrators of the distributed file system. Increasingly, sites are growing stale, violating ethical wall regulations, and being deemed "high risk" in terms of access and permissions settings.

Each of these issues have their own steps for mitigating the risk associated with them, which we'll discuss in more detail below, but it's worth noting that what they all have in common is the need for data that will help identify the problem. After all, you can't fix it if you don't know that it's broken.

High Risk Repositories
Sites classified as being at high risk are those that are effectively open to your entire organization. This happens because site managers can assign trustees, who can, in turn, assign permission that expose content to too many people. Some examples of these kinds of permissions are Authenticated Users, Domain Users, and Anonymous Logons. When identifying high risk repositories, it's important to examine effective rights; just because a user does not have access through one set of permissions does not mean that all of their assigned permissions will keep them from being able to read, write, modify, or even delete content. Explore how users have access to identify what, exactly, is at risk, and then work to lock down permissions.

Controlling Stale Content
Stale content in SharePoint is similar to stale content within Active Directory and the File System: it hasn't been modified in a long time. Continuous monitoring is required to determine the last time a site was used, and working together with the data custodians who created the sites that you have identified as stale is important to ensure that it's okay to remove them. Keeping stale sites out of your SharePoint farms will help with simpler management. It's important to note here that, if a SharePoint site has child sites, SharePoint won't let you delete the parent site. This is why it's especially important to reach out to probable owners of sites to gather more information before proceeding.

Ethical Walls
Ethical walls differ by organizations, and apply to most collaborative file systems, including SharePoint. The need for ethical walls stems from the requirement to separate the data that discrete groups within the organization can see. Maybe your organization wants to keep the engineering department's plans for product upgrades out of the hands of the sales team, or your finance team shouldn't have access to the investment team's quarterly assessments. Whatever the reason, one way to identify if ethical wall violations occur is to see where SharePoint group have common access, then corroborate that access within Active Directory to ensure that trustees can only see what they are supposed to.

To learn more about how SMP makes managing SharePoint easy, please view our Controlling SharePoint Sites STEALTHsession, or request a fully-functional product trial.

Microsoft SharePoint has become a leading solution for enterprise collaboration and document management. SharePoint supports a decentralized approach to administration, allowing organizations to assign Site Collection Administrators and Site Owners responsibilities for managing subsets of SharePoint content. While this delegation of responsibility may streamline the collaborative process in ways, it comes at a cost. Without proper governance plans in place within your SharePoint environment, SharePoint sites can begin to sprout up uncontrollably and may only be used for a matter of weeks, if at all. Eventually, you can end up with a chaotic SharePoint farm with content and permissions completely out of control and almost impossible to remediate.

Being able to take back control of your SharePoint environment can be a daunting task, but it must be done to have an efficiently managed SharePoint farm with proper governance in place. This is important to do before performing a SharePoint migration from SharePoint 2007 to SharePoint 2010. You wouldn't move every piece of junk from your garage and attic into a new house without first sorting through them and only boxing up what you needed to bring with you. The same can be said for SharePoint. If your SharePoint farm is out of control with site, content and permission sprawl, you must go through and decide what you need to bring with you to your new SharePoint farm, and ensure it is neatly packaged with the proper permissions wrapped around it before moving it over. Even if you are not migrating to a new farm, if you are going to implement a governance plan (which is highly recommended) you need to get your farm in order before doing so.

The StealthAUDIT Management Platform is a great tool that provides the means to gain complete insight into your SharePoint environment in order to effectively take control and enforce your governance plan. Even the best SharePoint governance plan can only help you control your SharePoint environment after it has been enforced. SMP for SharePoint provides invaluable information about your SharePoint content, activity, permissions and infrastructure that is not only necessary BEFORE implementing a governance plan or performing a migration, it is vital for continuous monitoring of your environments to ensure the governance plan is being effective.

WikiLeaks has spotlighted the susceptibility of public and private sector entities to fall victim to disclosures of confidential information. The fact of the matter is, if WikiLeaks gets shut down tomorrow, there are thousands of others like them.

The only way to address risks of this nature is to understand and lock down the permissions on the file system and other shared data repositories within companies and agencies. However, a typical file system at a Fortune 100 financial institution can contain trillions of permissions. As a result, the "Who? What? Where? and When?" are particularly difficult questions to answer due to 20+ years of file system management, migrations, natural organizational turnover, mergers and acquisitions, domain consolidations, and the sheer volume of data.

All of these situations cause massive permission sprawl in the file system, leaving organizations exposed to unauthorized access and disclosure.

Yesterday, in response to WikiLeaks, President Obama mandated that all agencies ensure that workers have access exclusively to what is necessary for their jobs. OMB Director Jack Lew said there is a zero tolerance policy under the new directive. There are ways to mitigate the associated risks of leakage of sensitive, confidential, or proprietary data; an essential first step is to understand who has access to the data, who is accessing the data, and who no longer needs privileges to specific data repositories.

Enforcing least privilege access is a daunting task at any sized organization, but taking a few initial steps to clean up and enforce permission standardization across all data repositories goes a long way towards reducing exposure of data to internal threats. Simple steps towards securing the infrastructure include controlling high risk or open repositories, removing individualized access in favor of alignment with group / role-based access, reducing permissions sprawl, and enforcing ethical walls.