Is Your SharePoint Farm Ready for Hackers?

If you play a part in managing or administering SharePoint at your company, the Sony hack might be more frightening to you than any scary movie they’ve released. The hackers looted Sony’s network and released sensitive employee information, confidential intellectual property, and even embarrassing emails. You don’t have any of these on your servers, do you?

Sure, your firm might not attract the ire of a rogue nation, but corporate cyber attacks are commonplace. Most malware isn’t directed at a specific target; instead, it sweeps the internet for network vulnerabilities.

Oil is near $50 per barrel, companies are belt-tightening, and the last thing you need is a messy and expensive cleanup when your SharePoint environment is compromised. Here are the tools you should employ to help protect yourself.

On-Premises 

If you control the network that contains your SharePoint farm, you first have to make sure that the network is secure through the proper use of firewalls and proxies. After that, look into:

  • Dedicated Service Accounts: By creating the correct number of accounts and restricting their access as much as possible (called principle of least privilege), you can stop a rogue account from gaining access to parts of your farm it shouldn’t be able to access.
  • SQL Transparent Data Encryption: Available with SQL Enterprise, SQL TDE encrypts SharePoint data while in storage, while backed up, and while in use in temporary databases.
  • SSL and IPSec: If messages are being sent to and from SharePoint servers to computers outside of your firewall, such as when you have a corporate extranet, SSL will ensure safe arrival of packets to your SharePoint farm, and IPSec will grant safe communication between the servers in your farm.

SharePoint Online (O365)

If you are using Office 365, Microsoft hosts your farm on their network. Microsoft has put a lot of thought and effort in security, since the success of their offerings hinges on your perception of how secure their network is, and they continue to improve. Microsoft states, as of the beginning of 2015:

Our latest encryption feature with which content in OneDrive for Business and SharePoint Online will be encrypted at rest will start rolling out to customers soon. With this, the encryption technology in Office 365 moves beyond a single encryption key per disk to deliver a unique encryption key per file.

Still, you may be uncomfortable with a third-party holding your data and your encryption keys on shared hardware. You might reasonably conclude that the O365 servers represent a ripe target for unscrupulous individual trawling the web. In the words of famed criminal Willie Sutton when asked why he robs banks, “That’s where the money is.”

If so, you should consider software that makes your data more secure in the cloud by encrypting it before it goes to Microsoft and keeping a copy of the key locally. Other options withhold portions of your data from ever making it to the cloud, while others make monitoring and enforcing your security and governance policies easier and more transparent.

Either On-Prem or Online

Whether you host your own farm or use Office365, you’re going to want to look at these strategies for more secure data:

  • Role Based Access Control: You should have a thoughtful strategy for assigning roles to users and permissions to those roles. If your AD is a mess, the mail clerk who left the company six months ago might have access to your personnel file.
  • AD/Azure RMS: Different names depending on whether you host your farm or whether Microsoft does, but RMS (Rights Management Services) is the tool you use to make sure that someone doesn’t download that sensitive document and email it to the Everyone@YourCompany.com distribution group.

If trying to implement some of these tools on top of your regular workload is less funny than The Interview, give us a call. We’ve helped countless upstream, midstream, downstream, and services companies buy, build, and integrate software.

 

Four Reasons to Consider Software Consulting

Software Consulting and the Right Team

During our ongoing discussion on quality and custom software, Entrance’s software consulting team recently covered what we bring to the table for our clients.

As a buyer, you may have wondered why you should hire an outside programmer versus building an internal team. What follows is a four great reasons why the investment in software consulting is worth it for your company.

Exposure to Many Industries and Practices

As software consultants, we get exposed to many different companies and industries, so part of the value we bring to the table is our diversity of experience. Our clients may be asking for a specific request, in a specific way, because they are unaware of any other way to do things.

We can help them diversify their options by sharing our knowledge and experience from other clients and projects, especially when those clients and projects are in a different industry. Other industries may have been doing something for a long time, and consider it standard practice, but that same process could be a revolutionary innovation in a completely different industry.

As an example, think about FedEx, who applied a hub-and-spoke concept that revolutionized the overnight delivery industry.

Subject Matter Expertise

Yet another way we add value is by becoming a subject matter expert, either for an industry as a whole, for specific operations within an industry, or for a series of technologies. One specific place where Entrance shines in this regard is our deep expertise in oil and gas software and integration solutions.

Then we become advisors, coaches and mentors to our clients, thereby reducing their efforts to make decisions that are right for their company and industry.

Saving Time for the Tasks that Matter

One of the best value-adds our clients have seen from software consulting is that we can improve processes Software Consultingso that they can focus their energy on doing what they do to add value. Usually this is improving workflows or automating data gathering and reporting.

Over and over again, clients tells us, “This isn’t my job, this is just the stuff I have to get out of the way to GET TO my job.” A trusted team of software consultants can help your employees get past those road blocks that waste their time on a daily basis.

Beyond freeing up time that may have been spent on time-consuming tasks that don’t bring value, software consulting can also address problems that have been languishing at your business for a long time.

A lot of times, customers see a need for improvement, but do not have the capability to implement that improvement while also maintaining existing commitments. Frequently, we are in a position to take care of this without interrupting the normal flow of business.

Fresh Set of Eyes

When your company is dealing with a long-standing problem, a fresh outlook may be just what you need to get it solved. Far too often, people cannot get to the root of their own problems, which prevents them from coming up with insight that leads to worthwhile solutions.

Some people may not have a mindset of curiosity, others are uncomfortable with change, and many are too busy to dig deep and solve problems. As a result, companies tend to lean on tired solutions that only half work.

When an Entrance software consultant starts a new engagement, we focus on identifying how our clients deliver value to their customers, and then find the roadblocks that stand in the way of that happening. We use questions and our outsider perspective to break each piece down to its essential components and build it back up again in a way that is novel and valuable.

Turning Your Business Goals into Reality

As your company considers internal versus external resources for software, qualities like domain knowledge, inter-organizational experience, technical knowledge, and providing additional capacity to deliver solutions to match business initiatives should all be considered.

For more on how software consulting can help your company make decisions that are right for the business, check out our series, “Software Selection: Buy versus Build.”

SharePoint Consulting: Library and List Thresholds

SharePoint Consulting Best Practices

Our SharePoint consulting experts have recently run into some problems with SharePoint library and list thresholds that we have been trouble shooting. We’re sharing some of the best practices that we’ve developed as a result to save other users out there some of the trouble!

Libraries and List in SharePoint

The bottom line for libraries and lists is this: use either folders or indexed columns and filtered views to accurately present a list or library with more items than the threshold. Also beware unexpected results when trying to make changes to settings for the list.

Basically, there are a number of operations that need to query the entire list, any of which may fail if not performed either through code or during the “daily time window” when list thresholds are not applied.

SharePoint consulting: accessing many items in a list or library

The “Item Limit” option for views is also something to consider. We should keep in mind that filtering a view on a non-indexed column may still break the threshold even if the number of items displayed by the view is limited with this option.

In this resource from Microsoft, the author says it pertains to SharePoint Foundation, but we seem to be finding similar restrictions within the other versions.

I also wanted to highlight a quote from the article that stresses how important planning ahead is for any SharePoint consulting engagement:

“The performance of any SharePoint site, especially one that contains lists and libraries with many items, is directly affected by decisions made when setting up and planning a SharePoint site.”

Limits for SharePoint 2013

For users of SharePoint 2013, we have also found a great resource sharing some of the limits and boundaries of this updated platform.

For more learnings from our SharePoint consulting work, check out our “SharePoint Best Practices,” blog!

Custom Software: Achieving Solutions that Meet Your Needs

Meeting Business Needs with Custom Software

The following case demonstrates the importance of understanding business needs in achieving a great final result for custom software. The accounting Custom software: jumping to conclusionsdepartment for one of our clients uses a checklist to track the journal entries they’ve completed that month for a recent project.

A SharePoint list template seemed like a no-brainer when they told us they need to start with basically the same list each month. However, we determined that these lists will contain hundreds of items that the client needs to retain for at least seven years.

We also asked them about their future plans, and they mentioned their need to completely automate the process next year based on data from another system. Their original solution suddenly appeared less likely to have the scalability or flexibility needed to handle the client’s future requirements.

Digging a little deeper into the client’s requirements and not jumping to conclusions prevented us from delivering something that works now but will fail to meet the client’s needs in the future.

A Clear Understanding

We routinely meet prospective clients who need custom software or software consulting services. These clients have taught us that a clear understanding of the business value behind a software project is essential for achieving a successful result. We always make a maximum effort on each project, but this understanding has made a big difference in the client’s satisfaction with our SharePoint consulting services.

Solutions Equal to the Need

Most businesses have problems that we can probably solve with software. These may include simple issues such as tracking contracts or more complex problems like migrating algorithms from an Excel spreadsheet to a custom software application. However, businesses don’t necessarily need to solve every problem with software.

Business Costs

The best way to determine the optimum solution for a business problem is to understand its true cost. This value will tell you the amount of resources you should be willing to spend on the solution. You will also be better able to set your priorities and measure your return on investment. Remember to evaluate business costs in terms of time and personnel as well as money.

Measuring Success

Our clients often lack a high level of confidence on the full cost of a problem they’re facing when we ask them questions about its scope. This can make it difficult to measure success or determine when a project is complete.

It may appear time consuming to build a business case for custom software, but it’s essential that you do so before committing additional money, personnel and time to a project. Failure to develop a business case will quickly result in budget overruns and failure to meet project milestones. It can also result in a final product that doesn’t completely meet your needs.

Evaluating the Options for Custom Software

The prospect of building a business case for a software solution can leave you feeling overwhelmed. Fortunately, we can evaluate your project to provide you with a better understanding of the value that it represents for your company. This approach can save you money in the long run by starting out with the right solution.

For more, read our post on building a business case for custom software…