Supplementing SharePoint Governance with Adaptive Tooling – Security Labs Update

SharePoint governance, throughout the various versions of the product has remained a difficult concept and technical task for organizations to tackle. Part of the fundamental problem with SharePoint governance arises from the lack of adaptive tooling within the product to provide organizations with a logical path towards genuine Enterprise Content Governance (ECoG). Organizations are encountering dire needs to lower operational costs while maintaining a competitive edge through controlling and properly structuring content, optimizing their existing investments while improving corporate efficiency. As a side effect of this action, compliance issues can be managed and maintained, as well as the overall footprint of the SharePoint effort is increased.

How does one define what SharePoint ECoG truly is? Simply put, SharePoint ECoG is making certain your organizational content in SharePoint is logically structured, controlled, managed, and secured with the ultimate end goal of:

  • Reducing Total Cost of Ownership (TCO) of the SharePoint information architecture
  • Minimizing exposure to compliance risks
  • Increasing worker productivity
  • Guarding the organization’s key knowledge assets

While all of these goals are crucial when determining the effectiveness of a SharePoint governance strategy, it is also important to maintain a consistent focus on maintaining reasonable content quality that has the appropriate security mechanisms in place.

The balance between the content budding that SharePoint often cultivates while keeping within the constraints of compliance (both internal, as well as external) is a fundamental issue that organizations face with successful SharePoint deployments. Atomic content growth, when unchecked, can cause a multitude of user evident issues such as content not being able to be found, immediate impact on storage, and an assortment of security concerns.

ARB Security Solutions Approach

In order to solve this dilemma, the ARB Security Solutions is in the final testing of the only tooling designed from the ground up as a security and governance platform. The GovernanceCenter for SharePoint™software package tackles governance issues using acclimatized security remediation processes that have been designed in the field by SharePoint security and governance integrators. Nearly 75% of the organizations that have been testing the GovernanceCenter for SharePoint™platform have discovered redundancies and malformed security settings that have the potential to cause operational and financial issues. Coupled with increasing regulations around collaborative storage environments, means to reduce their impact upon a business is bound to be of great financial and user benefit.

Providing the means to take a security model and apply it to an entire SharePoint environment, the GovernanceCenter for SharePoint™software suite tackles regulatory and corporate governance requirements by managing the security and disposition of information. The information governance capabilities built into GovernanceCenter for SharePoint™have helped ARB Security Solutions customers meet requirements for Sarbanes-Oxley, HIPAA, document retention and business continuity. The SecureCenter governance framework delivers seamless and holistic security governance within your environment while increasing service quality. It improves service cost management across service delivery channels, operational SharePoint support systems, and business support systems.

To find out more about how the security integrators at ARB Security Solutions are improving governance in SharePoint 2007 and 2010, please find more about our efforts in the labs.


The SharePoint Federated Identity Process – Part 1 – Introduction

* Throughout this series, Adam Buenz’s Software House  is a medium sized company using Active Directory to authenticate. ARB Security Solutions is a customer of Adam Buenz’s Software House, buying….you know software from them. *

The desire for a business to share various types of resources with others is very common. Yet each business has a different method in place for taking care of issues including security, authentication, and their directory services. Through the use of federated identity though we are able to get passed such barriers. It allows employees to have a standard type of credential that they use to log on to a network.

Let’s put this idea into practice shall we? The basis will be a business known as Adam Buenz’s Software House. We will be exploring how it allows ARB Security Solutions, one of its customers, to share various types of resources through the use of federated identity.

Adam Buenz’s Software House has SSO for the employees to use, so we can move on to the next step in the process. The customers are asking to have an software component order program in place so they can track the progress of what people have ordered from start to finish, hosted in SharePoint. They want it to operate like a SharePoint application that is in their own domain. The sales manager wants to be able to log on using the credentials that ARB Security Solutions has provided him with to do so.

Through such a process, he will have the same access to the information as employees of Adam Buenz’s Software House have. However, the manger of ARB Security Solutions won’t need to have any special credentials in order for this to happen. Adam Buenz’s Software House allows this because they don’t want the responsibility of maintaining any account for another company that happens to be using one of its applications.


Free Server Name WebPart Which WFE Is Servicing a SharePoint Request

This is probably the most nominal WebPart I have ever seen / written but I really needed it this morning. As you can guess it just uses a ServerVariables object (off the current context request) to expose the relevant environment variables, in this case just the server name.

The reason this came about was in large SharePoint farms it is notably important when doing certain types of architecture troubleshooting to know which WFE you are hitting. And….well…that’s really it. At least you don’t have to put the WSP together I guess.

So this is what that WebPart does. Just install the WSP and deploy it in Central Admin (as noted in previous posts, I never automate the deployment step).

10-13-2009 10-07-51 AMThe WebPart is Feature activated. In the site collection features, locate the Server Name WebPart feature and activate it.

10-13-2009 10-10-07 AM

Once activated, you will find the WebPart under the ARB Security Solutions header in the WebPart gallery.

10-13-2009 10-13-01 AM

Add it to the page, and it will display the server name in the SharePoint farm responding.

10-13-2009 10-13-51 AM


Well I guess I should actually give a download link :)