New Year and new resolutions. Any enterprise that hasn't made its content mobile must surely be looking at this as one of their resolutions for 2013. But if you’re main enterprise content management system is SharePoint, or even if it’s just one of your systems, how do you make it secure when making it mobile?
It’s not that there are particular issues around SharePoint that make mobilizing it more problematic than other systems. It’s just that over past year we have seen the number of SharePoint deployments in the enterprise increase dramatically, and with SharePoint 2013 on the horizon, it's likely that one of the big issues this year in the information management space will be SharePoint and mobile.
This is particularly true given the fact that everyone is now talking SharePoint online and SharePoint in Office 365. Enterprises are also looking to mobilize their workforce. Combine the two and you have a mobile workforce that is looking to access its SharePoint content on the road and securely.
Mobile file sharing vendor Accellion has been looking at this problem and in a recent white paper has addressed some of the security issues that enterprises need to address before mobilizing all their SharePoint content.
This has become particularly important with the rise of Bring-Your-Own-Device (BYOD) policies in many enterprises, a subject that Dan Latendre, CEO of Igloo, identified as rising trend at last year’s Advanced Intranet and Portal conference in Amsterdam.
According to this paper entitled Mobilize SharePoint Securely: Top 5 Enterprise Requirements 90% of US enterprises have now adopted BYOD policies, even if some, like IBM, remain to be convinced about the value of it.
On top of this, only yesterday, we saw from Gartner that IT spending is set to rise this year pushed largely by devices, particularly tablets and smartphones. We also saw that the amount of money spent is likely to fall as tablets and android devices become more competitively priced.
So, over the coming year it is likely that enterprises will see more and more diverse devices entering the workplace which, unless managed correctly, will create all kinds of headaches for enterprise IT departments.
ECM Investments, BYOD, IT
Looking a little closer at SharePoint deployments, according to Accellion, 17,000 organizations now run SharePoint as their Enterprise CMS with 67% of all the organizations that have SharePoint providing it to all enterprise users, bringing the total number of SharePoint licenses sold to date up to 125 million. Many enterprises in both the public and private sector are using it as the system of choice for storing data internally, and for sharing that data across the organization.
Combining SharePoint and BYOD policies has created a whole set of new problems for IT departments. Instead of operating homogenous environments using a single operating system, they now have to manage environments that come with in-house servers, third party cloud servers and a mix of laptops, desktops, smartphones and tablets that may or may not be working off the same OS as the enterprise. Add to this the fact that most workers are not replacing their desktop or laptop with a device but just adding a new device into the mix, Accellion estimates that the average worker is now using 2.8 devices at the moment and will be using three or more by 2014.
The needs of workers and the challenge for enterprises is to enable workers to use these devices to access consistent, up-to-date views of those files so that they will be working on the most recent version of the file.
In the classic IT-centric model, users would access their corporate network using a Virtual Private Network (VPN) from their device, enabling them browse their SharePoint environments at will, find content, manipulate that content and then save it back into SharePoint.
In the BYOD universe, this just doesn't work. Instead, they are using cloud-based services to copy and propagate copies of the SharePoint files to work on in their own devices, and then saving the new version back into SharePoint resulting in numerous copies of the same document floating around a whole range of different devices.
File Sharing As A Solution
There are many solutions on the market that enable quick and easy file sharing for those that want to access their files while mobile. With most you just install a desktop client and corresponding mobile client and off you go, sharing away on multiple devices.
But the problems here are obvious. Clearly, no one that has sensitive documents in SharePoint can allow this kind of sharing behavior. There are legal issues, compliance issues, copyright issues, access issues and security issues that all come into play just by the simple act of sharing -- and the sharing doesn't have to be with someone outside the enterprise for there to be problems. And IT can’t help here. Using file sharing services leaves no way of monitoring or controlling the distribution of files using these services. There is no way of monitoring what files are being shared with or knowing which files are being distributed.
In short, a corporate compliance nightmare. Think of all the different kinds of files that are stored in your enterprise repositories and for every personal file, HT file, medical file and payroll file multiply it by the number of employees and you start to get an idea of the problem. And then there’s all the intellectual property an enterprise has and the risk of it being shared on the wrong device.
5 IT Responses
How to make SharePoint secure? IT needs to find a solution that is easy to use, ensuring that employees are not tempted to find easy, but risky, work-around solutions. IT also needs to block services that it considers a threat to enterprise security. It should insist on sharing services that can be monitored and controlled by IT.
1. SharePoint without VPNs
Users should be able to access SharePoint directly without having to go through a VPN. The point here is to make the files accessible without having to make copies that can end up in the wild and accessible to anyone, including competitors.
2. Content Silos
The user experience should be unified so that they can access all relevant SharePoint content through the same entry point. This doesn't just mean easy access to SharePoint, but also single-point access to all relevant content repositories. Without this the temptation to use cloud, file sharing services will always be present.
3. Internal External Collaboration
With the growth of global organizations and the need for users across the globe to collaborate, workers need to be able to exchange information through mobile devices. In fact, the need to collaborate inside and outside the firewall was cited as the principal reason workers turn to file sharing services.
While there are many reasons why external users should not be allowed direct access to content inside the firewall, the mobile access solution for SharePoint should support file sharing between all types of authorized users, both internal and external.
4. Centralized Oversight and Control
Mobile access solutions need to come with security features like strict access controls, defense against brute-force password attacks as well as rigorous encryption of data passing from one point to another.
IT administrators should have control over who should have access to what files and should be involved in the application of sharing protocols to content. They should have full power to disable accounts, as well as prevent any worker, current or otherwise, from accessing confidential files.
5. Compliance and Data Privacy
For compliance with some of the more rigorous standards like HIPAA and SOX, enterprises need to go beyond access controls and encryption. To comply with standards like HIPAA and SOX they need to implement logging and auditing to provide a trail of where the content is and has been.
While security is a problem, it’s not insurmountable and can be achieved once a proper assessment of the problem is made.