Many of today's corporate environments are embracing enterprise CMS solutions as a way to disseminate and share information amongst workers and workgroups. Microsoft SharePoint is a popular choice because it aligns well with an existing Microsoft-powered network and project groupsí workflow. However, according to new research from Courion, companies who are deploying SharePoint are doing so in a manner that might be putting crucial data at risk.
According to Courion's web-based study, 86% of IT managers are concerned about sensitive data being exposed on SharePoint sites when SharePoint is used outside of applicable data security guidelines. Many organizations have not adapted to the quick adoption and lack appropriate tools for monitoring SharePoint usage to ensure compliance with security policies.
What's Going Wrong with SharePoint
Courian found many alarming trends when it came to how SharePoint is being deployed and used inside companies of all sizes. These trends include:
- SharePoint sites are being deployed in large organizations without strong governance or consideration for security guidelines and best practices.
- While a majority of organizations have a policy for managing who can create a SharePoint site, most lack automated tools for provisioning SharePoint users and managing their access rights and entitlements.
To gather their numbers, Courion surveyed 150 business managers in the month of September. Of those questioned, roughly 37 percent reported they were not monitoring SharePoint sites to ensure conformity with security practices. Additionally, more than a third of business managers responded by saying they do not have policies to monitor security rights within SharePoint sites.
What Type of Data is Considered 'Sensitive'?
For this study, the data managers expressed concern over social security numbers, credit card numbers, private health information, corporate trade secrets and intellectual property. While file shares and other existing tools have been locked down to ensure private information is seen only by those authorized, SharePoint sites have been overlooked as facilities for sharing these sensitive data.
Security Being Ignored?
What is causing security policies to be ignored when it comes to SharePoint? In many organizations, there is pent up demand for an enterprise collaboration tool, and often SharePoint is looked to as a shining example of how a workgroup, department or project team can use web tools for centralized collaboration and management. To respond to this demand, IT shops are rolling out SharePoint in a liberal manner to facilitate the communication teams and managers desire.
SharePoint, as a tool, can be configured to be locked down and secure. Microsoft has enabled SharePoint site owners to grant security privileges down to the document level. However, in many cases, SharePoint site owners are given their SharePoint site by their IT department without appropriate training on security practices and policies.
In many cases, governance is an afterthought with SharePoint deployments. With any document management system, SharePoint needs to be seen as a powerful collaboration system in need of security analysis to ensure document and data security. Not doing so can result in legal action that will ensure you may spend far more money in litigation vs. adequately securing your SharePoint environment at launch.
What is Being Done At Your Organization?
What types of security policies and sweeps are you doing in your organization to ensure data security compliance on SharePoint sites? We look forward to seeing your answers in the comments.