Overview

A research university in the U.S. sought a security solution to keep their SharePoint system protected from internal and external threats. Like other higher education institutions, the university focuses on maintaining compliance with regulations such as FERPA, PCI and HIPAA, and ensuring that the campus’ online presence is protected from web-based threats that could jeopardize regulated or sensitive data.

The Information Technology group is in charge of securing the websites for the revenue generating departments on campus. Similar to many universities, it leverages Microsoft SharePoint for its intranet portals and also hosts public-facing websites for student housing, campus parking, the university bookstore, dining programs and more in SharePoint. Because a number of these sites serve as self-service commerce portals for its 30,000 undergraduate and graduate students, the Information Technology group sought deeper security assurance and greater visibility into its SharePoint environment.

“SecureSphere provided us with Web Application Firewall technology to protect our system from online attacks. It also gave us the toolset we needed to manage the overall security of the SharePoint environment, including broad insight into site activity,” said the lead security engineer.

Business Problem

The university was determined to have a better understanding of the SharePoint security posture of both its external and internal deployments. Because its SharePoint environment hosts student-facing web applications that leverage Microsoft InfoPath forms, the team wanted greater insight and control over how the SharePoint lists were being accessed. The team found that native SharePoint lacked fundamental security capabilities to protect a Web-facing deployment that housed financial information, personal health information (PHI) and personally identifiable information (PII). With this open access, it was important to have protection in place to prevent a security risk, yet allow good traffic in to conduct business seamlessly.

“Traditional security layers such as firewalls and intrusion protection systems were in place to protect our network and users,” said the senior director of the Information Technology group. “These tools, however, were not giving us a full picture of the activity happening at the application layer.”

On the internal side, the environment includes a top-level web application used for the faculty and staff intranet sites. The team assigns access rights to the sub-site collections based on employee department; however, managing permissions became challenging when certain users required access to information across departments. This is because three major deficiencies of native SharePoint are the inability to run reports across a site collection, gain full visibility into user permissions, and ensure that access is based on business need-to-know.

Technology Requirements

The Information Technology group runs security operations for all campus services departments with just a few resources.

Therefore, the ability to automate security processes with reporting and robust analytics was an important decision factor for the university. “SecureSphere has provided us with great return in regard to the level of security functionality without requiring dedicated operational support or resources,” said the senior director of the Information Technology group.

The University Chooses the Imperva Multi-Layer SharePoint Security Solution

After evaluating different SharePoint products, the Information Technology group understood that it needed a solution designed to fully secure its various SharePoint deployments. Imperva offered the university unique three-layer protection for all of Shareponit’s web, file and database resources.

The university benefitted from SecureSphere for SharePonit’s Web Application Firewall technology, which is tailored to Microsoft SharePoint to ensure accuracy. “In order to gain that fundamental insight into externally-facing SharePoint web applications, you need a tool that speaks the language of SharePoint,” noted a member of the team.

With defenses like patented Dynamic Profiling technology, SQL injection and cross-site scripting correlation engines, and the detection of Microsoft SharePoint HTTP protocol violations, SecureSphere identifies zero-day attempts to exploit vulnerabilities. “It’s important to have visibility into activity on our SharePoint sites and know what is getting blocked on a daily basis,” said one of the application developers. “I open up the daily reports and am always surprised. I’ll suspect it’s a quiet day but there’s always something going on.”

For its internal SharePoint deployment, SecureSphere’s activity monitoring and user rights management have helped secure the division’s intranet site. The ability to pull reports on user permissions across web applications, down to the site collection and document library level, is very useful for the team. SecureSphere also helps the team understand where users have more access rights than required, and helps it scale back rights where necessary.

The forward-looking Information Technology group has gained a deeper understanding of its SharePoint environment and enhanced its security posture by partnering with Imperva. The team intends to roll out SecureSphere for SharePoint to other external and internal sites in the near future.