A CIO recently said to me, “SharePoint? What a security nightmare…”At first, I was taken aback – SharePoint can be a great tool for CIO’s looking to protect content. But having worked with SharePoint content for years, I know the protections that are in place automatically – and the ones that fit into the current workflow– to help organizations embrace secure collaboration.
But for many people, the idea of collaboration of any kind, even formalized in SharePoint, leads to visions of unsecured content flitting about cyberspace. They couldn’t be more wrong. According to Symantec’s 2011 Cost of Data Breach Study released last month, employee negligence factors into 39% of data breaches. When used correctly, SharePoint can work to eliminate the possibility of that negligence.
Here are 5 things people think about implementing SharePoint Security that are just flat out incorrect.
Myth #1: Collaboration Puts Content at Risk
The most fundamental myth about SharePoint content protection is the idea that collaboration inherently makes content less secure. But that isn’t the case in SharePoint. When used correctly, SharePoint can significantly reduce the risks associated with sharing files. The system protects content by housing it securely and eliminating the need for email - a huge potential for risk.
SharePoint left to its own devices does not provide the best possible security for your content. Technology vendors (like mine, let’s not kid ourselves) have developed a number of tools to support SharePoint content and promote security and efficient collaboration. But myths about them exist as well.
Myth #2: One Size Fits All
There are people in technology that think in terms of band-aids or cures. SharePoint security solutions can offer both. But before you decide what you need, you need to know what you're up against.
Step one is to assess your data so you have a strong understanding of the problem you face, giving you the information so you can judge the situation. Based on this information, you can make the best decision about the need for a content solution and what will work best for your organization. The fact is that data trumps opinion every time, and an assessment provides the information you need to make your case to the rest of your organization.
Many technology vendors that automate information security, compliance, and monitoring offer assessment services or trials so you can better understand the breadth of the problem and figure out how a solution might work within your environment. An assessment will help you document your organization’s unique needs and ensure that the technology solution that you’re implementing addresses your biggest concerns.
Myth #3: You Can Do it On Your Own
Because SharePoint is a collaboration tool, many people in an organization are invested in its success and policies. Neither a SharePoint administrator nor a CTO should jump into a SharePoint content solution without the buy-in, and more importantly, the participation of a number of people in the organization.
It’s best to set up a Governance Board comprised of people from several different departments. If your CIO wants to establish certain policies, it won’t do any good without the advice and support of the SharePoint Administrator. Creating a defensible, written information security plan empowers your organization to address blind spots inside SharePoint and minimize the fallout from breaches if they should happen.
Myth #4: File-Level Security is Fine
The people who use the SharePoint system every day do not make content security their priority. And no matter how much it is YOUR priority, that reality will never change. Expecting users to appropriately file content within SharePoint,
Classifying and securing your SharePoint content at the file level changes that. In concert with a full assessment, developing a complete classification of content and documents can secure your system. Once you classify information, you can use that to limit distribution, thereby ensuring the security of each piece of information rather than relying on folder-level security. In this scenario, each document that has a credit card number or the name of the secret project only gets into trusted hands.
Myth #5: The End is Near
The end of the installation is hardly the end of SharePoint security. The policies and technologies you have put in place to protect your SharePoint content are a critical part of keeping content secure, but not enough. Ongoing auditing and monitoring are vital to the success of your implementation and provide a strong backbone of support for regulators and auditors.
If not controlled properly, SharePoint can create the major weak point that CIO’s fear and can have significant consequences for your organization. By understanding and overcoming these 5 myths, companies can embrace collaboration wholly and reap the benefits it has to offer.
