All Federal Government Contractor customers of our Business Development solutions will at some point face the need to provide secure access to their Partners (Vendors, Suppliers) and Customers. This month, Steve Evangelista, one of our Lead Architects wrote a series of three articles that cover securing and hardening of your system for this scenario. We use all of these methods in our BD solutions. You can also use them in your own CorasWorks solutions.
The articles are:
Part 1: Securing & Hardening SharePoint Sites for External Users: Basic configuration using CorasWorks to support working with external parties.
Part 2: Securing & Hardening SharePoint Sites: How to modify SharePoint Master Pages to security trim common native pages (All Content, native web part pages, etc.). This is a SharePoint best practice.
Part 3: Securing & Hardening SharePoint Sites: Leveraging CorasWorks to create a secure proxy account to tightly secure what external users can see and do.
Comment: Design for Multi-Party Usage
It is very common for people to design systems in a classic way in which we think about all users sharing the same user interface, with security as a back-end system issue. However, in most collaborative systems and certainly BD systems, it is a better design approach to think of your groups of users as having separate interfaces. CorasWorks and SharePoint easily support this approach.
So, imagine your employees, your partners, and your customers each having their own user interface. It is their place to go. This interface is then optimized for them. It supports their role. You may even get more granular so that you have interfaces for Executives, Managers, and Doers internally or different types of partners or partners in different roles. Yet, effectively, all of these users are working off of the same data. This design makes it far easier to manage the security by role in a different interface. This makes it more secure.