Research by Cryptzone shows at least 36 percent of SharePoint users are breaching security policies — and another 9 percent admit they have no idea how to prevent sensitive information from being uploaded.
The study, conducted among attendees at Microsoft’s SharePoint Conference in Las Vegas in March, is a warning to organizations that it is essential to develop adequate information security policies. It further underscores how lack of such policies are putting business critical information at risk.
Earlier this month, Cryptzone, a provider of encryption solutions and identity and access management (IAM), was acquired by Medina Capital, an equity investment firm focused on the IT infrastructure sector.
Data, Data Everywhere
The unsettling reality of the research is that access to business information is pretty much a free-for-all, with users accessing what they want, whenever they want it in organizations that have deployed SharePoint.
The survey (registration required) did not speculate where this information might end up. But it's a safe bet that a significant portion of lands outside corporate firewalls on unregistered laptops or mobile devices, despite the innocent intentions of those using the information.
But before anyone gets too paranoid, let's put the issue in perspective. Cryptzone concedes the data is based on a small sample of only about 100 conference attendees.
The respondents were SharePoint professionals, primarily those with technical roles in their organizations, from companies of all sizes. Many of them (41 percent) were from companies with more than 5,000 employees,
The survey was conducted anonymously to determine how organizations are controlling access to SharePoint content and identify the steps they are taking to prevent data from being misused or lost, particularly in light of compliance regulations within their industries.
It's Not SharePoint: It's Management
Even though the study represents a small survey from a vast user base, it is worth considering. If the percentages here are extrapolated across the entire SharePoint user set, then there is a significant problem here.
That said, the survey does not point to any inherent security weaknesses in SharePoint itself. Rather, the problem is poor management of both IT and information resources. If this is indeed the case, then it is reasonable to draw the same conclusions about all systems being used by organizations to manage their information, not just SharePoint.
What makes this even worse is that this is a known problem. The survey describes information security issues as common knowledge.
About 19 percent of respondents noted that their companies do not allow sensitive information to be stored in SharePoint. However, nearly a quarter of those respondents said people within their organizations are doing it anyway.
In addition, only 18 percent of enterprises use technical controls to prevent access to sensitive information. Most — 73 percent — rely on written policies or informal understandings with their workforce.
Cryptzone also reports that the biggest security offenders appear to be SharePoint administrators, who are unintentionally abusing their access privileges and putting organizational information at risk.
The kind of information that is being accessed is also noteworthy. Interest in salary details has dropped more than 50 percent in the past year, but interest in insider information and intellectual property has climbed.
There are many possible reasons for this, but one of the hypothesis that Cyrptzone offers is that the recent upswing in the economy has prompted people to go job prospecting again. That means this insider information could make a candidate considerably more interesting than he might be otherwise.
- Has Google Delivered a Killer Blow to Microsoft Office Apps?
- Should You Use LinkedIn to Build a Network or an Audience?
- 5 Marketing Lessons From HubSpot
- Microsoft Leaves Ballmer Bleeding as It Moves On
- A Graceful Exit for Box?
- Dave Gray on Work Like a Network and the Role of Hierarchies
- Does Jive Do Social Better by Putting the End User First?