Is your SharePoint content secure? More importantly, do you know how to assess your content security?

Given the number of SharePoint environments, it’s likely that a lot of people would answer "no."

Metalogix, however, has just released a new tool it claims will help. The new Insider Threat Index (ITI) offers SharePoint managers insight into their content security based on nine metrics.

Before creating the ITI, Metalogix surveyed a large number of enterprises. It found many are at risk of major data breaches.

Steve Marsh, director of product marketing for Metalogix and an expert in SharePoint migration and management technologies, said governance, monitoring, and compliance are still major headaches for many enterprises.

Growing Pains

The ITI is a free download that assesses SharePoint content security. It provides visibility into key vulnerabilities that may open otherwise secure business content to insider threats.

Marsh told us the increasing use of SharePoint as a repository and management platform for content is making this longstanding problem even worse.

"The volume of content is growing. We also have noticed that the nature of the content is more business critical and much more sensitive," he said.

SharePoint deployments are more complex — and so is managing the security around the content in it. There are many potential issues: multiple site administrators, broken inheritances, too many power users. “These are the kind of things that go against best practice and presents the highest risk of your data breaking out, “Marsh adds.

And it’s not always obvious risks either. There are inverted risk as well, such as the wrong content in the wrong document library, making sensitive information available to everyone in the organization.

A Look at the Index

The ITI downloads to a user’s desktop and analyzes SharePoint 2013 deployments against nine security metrics.It scans SharePoint environments for vulnerabilities created by inadequate access governance, gaps in monitoring content security and misuse of authority due to insufficient separation of duties.

ITI offers IT a better understanding of the gap between workforce productivity, permissions and security across their SharePoint environment. If this version is only for SharePoint 2013, releases to cover other SharePoint editions are on their way:

In general where SharePoint is being used it [SharePoint] has matured as has the way organizations are using it. It’s the nature of the content that has become more business critical. This is for 2013 specifically but in the coming weeks we will be releasing products for other kinds of SharePoint as well as for SharePoint Online. And this is a problem that goes across all versions of SharePoint, “ Marsh added.

9 Metrics

So what are the nine metrics?

1. Permissions

How many site users have direct permissions and can access sites? Site owners in many instances assign permissions for sites, a practice that should be avoided when possible.

2.Granular Permissions

Having too many users with limited access means that the access list needs to be managed at a micro level and for each individual that wants site access. As the SharePoint farm grows, this kind of micro-management can lead to breaches as individuals are overlooked.


If administrators have no oversight into Active Directory groups, the SharePoint environment has a major blind spot. ITI can assess the percentage of domain groups with direct permissions to sites.

4. Authenticated Users Group

Misuse of permissions for this group can inadvertently give access to content for everyone within your organization. To protect you organization, these accounts should be kept to a minimum.

Learning Opportunities

5. Separation of Duties

Administrator accounts should be used to manage the SharePoint farm, not the content within it. Failure to separate the access is a common cause of data leaks.

6. Proactive Monitoring

Constant auditing is a key part of keeping secure, particularly tracking changes and who made them. Both internal and external compliance requires that this data is kept and monitored for a set period of time.

7. Managed Service Accounts

Allowing Managed Service accounts access to sites exposes organizations to insider threats through misuse of account credentials and through that to business data.

8. Broken Inheritance

A SharePoint farm with high number of instances of broken inheritance - where you to set up security once for a site collection and allow everything to inherit those security settings - - often leads to over- looked security settings enabling unauthorized users access restricted content.

9. AuditMonitors

SharePoint allows for a multitude of events to be tracked through auditing. To get a full picture of the security you need to track those events from start to finish.

Marsh adds that while not measuring up to each of theseindividually is not a disaster, when you have a critical mass of people missing several of these metrics it can create a lot of problems.

The potential damage to businesses as a result of SharePoint vulnerabilities and insider threats is hard to underestimate. After all whistleblower Edward Snowden was a SharePoint administrator. 

When we asked about permissions[in the survey], for example, people were very confident to start with and told us they were doing things the way Microsoft say be should be doing it and protecting theircontent. But when you really dig in and get quite granular about the issues and their confidence seeps away," Marsh added.

It is also true that lot of people don’t actually know what content they have in SharePoint or any other system for that matter. This is where the proactive monitoring comes in.

Do you have a lot of stale content lying around that hasn’t been accessed in a long time?

Does that content offer access to other content that may be sensitive?

There is no single answer to the problem of keeping your content safe, but a good starting point is knowing where your enterprise is vulnerable.