Auditing SharePoint site

SharePoint Auditing – A potent tool to enhance your operational efficiency
Microsoft SharePoint is a platform for collaboration between organizations in sharing vision, ideas and content. This is like a meeting place where documents can be shared with colleagues, information can be passed onto customers and projects can be managed seamlessly through the concept of sharing and exchange on the platform. Equipped with tools for collaboration the platform offers easy content management options by setting up compliance measures in the system. Microsoft SharePoint is being extensively used by organizations to power websites, share content and store confidential data.

Benefits of SharePoint

The functionalities are attracting organizations to use the SharePoint platform as the primary system for creation of websites. Successful implementation of SharePoint is becoming critical for organizations that want to take advantage of managing time efficiently, lowering IT cost and managing risks in a better way.

 

  • Managing time - The platform has inbuilt compliance policies that are centrally managed and can be accessed by the users. Upgrades can be handled by the users using the solutions and intuitive tools that ensure transparent collaboration and consistency. The users are less dependent on the IT functionaries for using the platform, thus saving productive time of the IT team.
  • Lowering cost – The platform can be customized to meet unique needs of your business. The blend of latest computing technologies and innovative hardware enables the platform with the ability to handle efficiently enormous data at much lower cost.
  • Managing risk -The features of the platform enable tracking of the activities of the users. It is possible to define and control the authority of access to information and detect users who have accessed critical information and modified it.
     

Auditing SharePoint site

Activity tracking from the user’s perspective in the SharePoint platform can be defined as SharePoint Auditing. The primary objective of auditing is to generate reports that can be used to determine the level of usage of available resources in the system. These reports are very useful for Managers and Administrators. The auditing feature is built into the system and provides considerable flexibility for managing the system. Some of the activities that can be tracked are:

  • Editing Permissions
  • Library Access
  • Listing access
  • Opening of Documents
  • Editing Items
  • Copying / Moving / Deleting items
  • Check In / Check Out
  • Searching

 

Using the audit feature

For efficient management of the business process it is often necessary to know who has accessed which information and how the information has been used. This is particularly important for records management and regulatory compliance. Using the audit feature in SharePoint you can find out the kind of actions taken by users. It will become easy for you to know what kind of actions have been taken on the sites, list items, libraries, lists, content types and library files related to site collections.

You can find out when a particular document was edited and by who because the history of actions of a specific user can be retrieved and if required it is also possible to obtain the history of actions taken during a specified time period.

Preparing for audit

The first step in preparing for auditing SharePoint site is to configure the audit settings page. You can specify the events that should be audited, like libraries, lists, sites and documents and items sections.  Whenever the audit is carried out, huge amount of data is generated that constitutes the audit log. Set up the configuration of auto trimming of audit log that allows the report to include only relevant data.

Audit reports

The data captured in the audit is presented in the form of a report that is displayed in Microsoft Excel format that can be made available from the page related to Auditing reports. You can also create a custom report that includes a number of events over a specified period of time, according to individual user or within a specific area of activity.

Information available in audit report

The following information for the selected events of  audit is captured in the audit log.

  • The site of origin for the event.
  • Item ID, name, location and type.
  • The ID of the user related to the event.
  • Event date, time, type and source.
  • What action has been taken on the item – like moving, deleting, restoring or copying.

 

By auditing SharePoint site you will be able to get information about what action has been taken and when it has been taken but you will not be able to know the details of the changes that have happened.

Why audit logs have to be trimmed

Auditing of an event entails that every item in the site is under the scanner whenever the events occur. This means that a high number of audit events are created that are reflected in the audit log that occupies enormous hard disk space and affects the sites, performance and other aspects. To avoid the possibility of overcrowding of the hard disk that can degrade the performance of the site, you will have to take recourse to audit trimming. This would enable you to manage the audit log’s size in a better way. However, there is an option of archiving the complete audit log data prior to trimming of the data. This enables you to save the file in the document library. The month end is the default schedule for audit log but can be set according to the needs by the central administrator.

Being selective

It is important to be selective in choosing events for audit that are relevant to your business process. Select the event that is directly related to the business process and can impact its performance. Avoid unnecessary auditing of events that have no bearing to the business process, as this would downgrade the site performance and also affect many other aspects of the site.

What has been discussed so far has been centered on monitoring and control of user activities that facilitates assessment of the usage of the resources of the site.  In simple words, auditing SharePoint site puts the users under surveillance. However, there is a soft under belly of SharePoint that makes it vulnerable to changes that could be either malicious or accidental. The most concerning thing is that content and farm configurations can be easily modified sans authorization. This is something that worries the administrators and is not addressed by the auditing tool that we have spoken about. The audit tool that is provided with the system does not have the capabilities to audit SharePoint configuration, content changes and permission efficiently and effectively. So, how can this issue be addressed?

Auditing SharePoint site - the Administrator’s perspective

There is some audit software available (auditing solution) that has been developed to take care of these issues by making all changes in SharePoint clearly visible. You will have to buy such software to get the benefits of the audit from the Administrator’s perspective by keeping a close watch on the unsolicited changes that might have happened to the farm configurations, sever, content and security settings.

Scope of the audit

  • All changes made to security and farm configurations including modifications of permission levels, permission inheritance, security policies and group membership of SharePoint are made clearly visible.
  • Generation of reports on changes made to any content of SharePoint including lists and libraries, sites, documents and list items and folders.
  • What changes have been made by whom, when and where highlighting the workstation from where it has been made and showing the values pre and post change.

 

Features of the software

The software can be used to track all modifications done on SharePoint farms, servers, sites, security and content as well as the changes done to their permissions and settings. All the changes made to  SharePoint configurations are reflected in the daily automated reports that capture every event that has occurred with complete information about what has been changed, giving the values before and after the change. The software is equipped with very high storage capacity that enables to store audit data for 10 years and more. Accompanied with it, is the facility of generating custom reports according to specific needs. An added feature of the software allows Windows server operating system audit as well as the user activity on the SharePoint servers can be recorded on video that can be used to enhance further  the security of your SharePoint servers.

Benefits

  • All changes across the SharePoint platform are captured in details, including those that are beyond the scope of the built in audit tool.
  • The SharePoint management system is greatly enhanced by strengthening security, streamlining compliance and simplifying the process of root cause analysis.
  • Changes made to the security set up such as policies, permission, groups and inheritance are detected promptly that allows quick action against any breach of security.
  • The software enables to maintain compliance on a continued basis as both authorized and unauthorized changes are continuously audited and reported.
  • Broken configurations to sites and accidental changes that may happen to site collections, security groups, permissions, definitions, security role bindings and many more are detected early.
  • The software allows compete visibility across the SharePoint servers and generates reports that are user friendly.

 

Auditing SharePoint site gives you the confidence of being in complete control of the operations of the SharePoint sites and take proactive action against possible breaches in security and resource management that can add great value to your business process.