Swedish IT security risk management company Cryptzone Group said a recent survey showed almost one in three (30%) Microsoft SharePoint users have disregarded its security measures and admitted to copying and distributing sensitive or confidential documents through non-secure means. The group further comments that, remarkably, of the 92% of respondents who understood the risk, 13% believe that protecting company data is not their responsibility.
The Cryptzone report shows that in 98% of the cases, the rationale seems innocent enough. Of those who admittedly breached the Microsoft SharePoint security protocol, more than half (55%) needed to share data with someone without SharePoint access. This holds the implication that SharePoint has "...yet to become an inclusive collaboration tool," the group said.
Another 43% rationalized the security breach by wanting to work on a file at home, which may indicate IT managers have more work to do in extending the secure collaboration network to users' home environment. Only a mere 2% had complaints with the performance of SharePoint in say, editing documents, as a reason to work outside the secure environment.
From SharePoint Security Survey by Cryptzone 2012
Heard But Not Heeded
Of the 92% who said they were aware taking documents out of SharePoint made them less secure, (indicating general knowledge of the security risk), 34% said they didn't consider the "security implications" of their specific actions in removing files. Cryptzone said this indicates the IT security awareness message "...is being heard, but not listened to."
Perhaps the most troubling finding of the survey was that 30% of SharePoint users responded they weren't bothered by the security issue, "...if it helps me get the job done," and another 13% absolved themselves completely from security breach action claiming "Not my responsibility to protect the data."
Cryptzon's Daniel Nilsson said, "Is it any wonder, then, that we see so many data security breaches as a result. Rather than ignoring what’s happening, steps need to be taken that recognize the increasing porosity of the perimeter and allow the workforce to harness the power SharePoint offers without compromising security."