Secure Mobile & Web Access to Microsoft SharePoint

The Opportunity: Connecting Employees, Maximizing Effectiveness

Microsoft SharePoint empowers enterprises to deploy intranet portals and collaboration tools. Allowing employees to access SharePoint-based resources from beyond the organizational perimeter, via mobile devices and the Web, helps enterprises maximize productivity, grow job satisfaction and leverage the BYOD (“bring-your-own-device”) movement.

The Challenge: Allowing External Access to SharePoint Without Increasing the Attack Surface

Microsoft SharePoint authorizes user access based on a Microsoft domain session using Kerberos or similar technologies. An external user without a direct domain session cannot access SharePoint directly using common Single Sign-On (SSO) solutions deployed at the perimeter of the enterprise. Requiring VPN access to the enterprise for accessing SharePoint and other intranet resources is not practical and widens the attack surface of the enterprise.

The Solution: Brokering Access to Intranet Resources with SecureSpan Gateways

Layer 7 delivers a simple solution for brokering access to Microsoft-based Web applications and APIs. By deploying Layer 7’s SecureSpan Gateway in the DMZ, the enterprise can enable and control access to Microsoft SharePoint without the need for VPN connections. This solution integrates into the existing environment, including the SSO solution. Once this infrastructure is in place, the enterprise can leverage the same SecureSpan Gateway to control access to any Web applications and APIs that need to be consumed by mobile apps.

The Layer 7 Value: A Complete Set of Products for Securing External Access to Intranet Resources

Layer 7 offers a comprehensive suite of Gateways and complementary products, including:

• SecureSpan Mobile Access Gateway – Provides Mobile Access to APIs and Web applications and enforces policies for controlling this access
• Identity Broker – Integrates with backend and externally-facing identity and access management (IAM) solutions and brokers between them at runtime
• Layer 7 OAuth Toolkit – Provides a complete OAuth implementation for issuing tokens to mobile applications consuming APIs plus flexible token/session lifecycle management