5 Myths about SharePoint Content Protection
John Mancini

By: John Mancini on July 3rd, 2012

Print/Save as PDF

5 Myths about SharePoint Content Protection

Sharepoint and Office 365

A CIO recently said to me, “SharePoint? What a security nightmare…”At first, I was taken aback – SharePoint can be a great tool for CIO’s looking to protect content. But having worked with SharePoint content for years, I know the protections that are in place automatically – and the ones that fit into the current workflow– to help organizations embrace secure collaboration.

But for many people, the idea of collaboration of any kind, even formalized in SharePoint, leads to visions of unsecured content flitting about cyberspace. They couldn’t be more wrong. According to Symantec’s 2011 Cost of Data Breach Study released last month, employee negligence factors into 39% of data breaches. When used correctly, SharePoint can work to eliminate the possibility of that negligence.

Here are 5 things people think about implementing SharePoint Security that are just flat out incorrect.

Myth #1: Collaboration Puts Content at Risk

The most fundamental myth about SharePoint content protection is the idea that collaboration inherently makes content less secure. But that isn’t the case in SharePoint. When used correctly, SharePoint can significantly reduce the risks associated with sharing files. The system protects content by housing it securely and eliminating the need for email - a huge potential for risk.

SharePoint left to its own devices does not provide the best possible security for your content. Technology vendors (like mine, let’s not kid ourselves) have developed a number of tools to support SharePoint content and promote security and efficient collaboration. But myths about them exist as well.

Get Your Free eBook: Connecting and Optimizing Office 365

Myth #2: One Size Fits All

There are people in technology that think in terms of band-aids or cures. SharePoint security solutions can offer both. But before you decide what you need, you need to know what you're up against.

Step one is to assess your data so you have a strong understanding of the problem you face, giving you the information so you can judge the situation. Based on this information, you can make the best decision about the need for a content solution and what will work best for your organization. The fact is that data trumps opinion every time, and an assessment provides the information you need to make your case to the rest of your organization.

Many technology vendors that automate information security, compliance, and monitoring offer assessment services or trials so you can better understand the breadth of the problem and figure out how a solution might work within your environment. An assessment will help you document your organization’s unique needs and ensure that the technology solution that you’re implementing addresses your biggest concerns.

Myth #3: You Can Do it On Your Own

Because SharePoint is a collaboration tool, many people in an organization are invested in its success and policies. Neither a SharePoint administrator nor a CTO should jump into a SharePoint content solution without the buy-in, and more importantly, the participation of a number of people in the organization.

It’s best to set up a Governance Board comprised of people from several different departments. If your CIO wants to establish certain policies, it won’t do any good without the advice and support of the SharePoint Administrator. Creating a defensible, written information security plan empowers your organization to address blind spots inside SharePoint and minimize the fallout from breaches if they should happen.

Myth #4: File-Level Security is Fine

The people who use the SharePoint system every day do not make content security their priority. And no matter how much it is YOUR priority, that reality will never change. Expecting users to appropriately file content within SharePoint,

Classifying and securing your SharePoint content at the file level changes that. In concert with a full assessment, developing a complete classification of content and documents can secure your system. Once you classify information, you can use that to limit distribution, thereby ensuring the security of each piece of information rather than relying on folder-level security. In this scenario, each document that has a credit card number or the name of the secret project only gets into trusted hands.

Myth #5: The End is Near

The end of the installation is hardly the end of SharePoint security. The policies and technologies you have put in place to protect your SharePoint content are a critical part of keeping content secure, but not enough. Ongoing auditing and monitoring are vital to the success of your implementation and provide a strong backbone of support for regulators and auditors.

If not controlled properly, SharePoint can create the major weak point that CIO’s fear and can have significant consequences for your organization. By understanding and overcoming these 5 myths, companies can embrace collaboration wholly and reap the benefits it has to offer.

 

Free Report: Connecting and Optimizing Office 365

About John Mancini

John Mancini is the President of Content Results, LLC and the Past President of AIIM. He is a well-known author, speaker, and advisor on information management, digital transformation and intelligent automation. John is a frequent keynote speaker and author of more than 30 eBooks on a variety of topics. He can be found on Twitter, LinkedIn and Facebook as jmancini77. Recent keynote topics include: The Stairway to Digital Transformation Navigating Disruptive Waters — 4 Things You Need to Know to Build Your Digital Transformation Strategy Getting Ahead of the Digital Transformation Curve Viewing Information Management Through a New Lens Digital Disruption: 6 Strategies to Avoid Being “Blockbustered” Specialties: Keynote speaker and writer on AI, RPA, intelligent Information Management, Intelligent Automation and Digital Transformation. Consensus-building with Boards to create strategic focus, action, and accountability. Extensive public speaking and public relations work Conversant and experienced in major technology issues and trends. Expert on inbound and content marketing, particularly in an association environment and on the Hubspot platform. John is a Phi Beta Kappa graduate of the College of William and Mary, and holds an M.A. in Public Policy from the Woodrow Wilson School at Princeton University.