Improve SharePoint Security

Earlier this year AIIM released its study, SharePoint Security – A Survey on Compliance with Recommendations for Improvement. One of the areas the study reviewed was in how survey respondents planned to improve the security of an existing SharePoint installation. Some key stats include:

35% prefer to only use SharePoint as a collaboration tool and store important data in separate repositories.

I believe this is a huge missed opportunity for these users. SharePoint can deliver significant benefits beyond collaboration as long as it’s secured properly.

33% prefer to hold out until new SharePoint features are available in future versions.

Why use and invest in SharePoint if you are going to wait for security features to be available in the future when the platform offers significant business benefits today? The current version of the platform can be made more secure with the addition of third party tools.

31% prefer to deploy automated, rules based agents to enforce information security.

As pointed out by AIIM, these “operate in a similar way to an anti-virus system, checking documents as they are created, stored or moved, and using a rules-based mechanism to ensure they are allocated a suitable level of security.” In a previous blog post, I asked readers if they would

Send an email without spell checking it?

Open an attachment without running a virus scan?

Scan your SharePoint documents for compliance automatically?

However, this survey also suggests that times they are a changing. AIIM says, “Automated issue-detection agents have a low current installed base, but show the greatest degree of growth.” In future, I believe that third party tools that aid in better-securing the platform for the storage of even the most sensitive content will be standard practice for all organizations using SharePoint.

27% prefer to buy third party add-ons to secure their SharePoint content

As mentioned in the previous point, automated-detection agents are showing growth and I believe this plays an important role in the overall security of content. What is important here is that add-on solutions can take native SharePoint security a step further with features that automatically detect, classify and encrypt sensitive content to help prevent content breaches in addition to tracking it for auditing purposes.

11% prefer to utilize automated issue detection techniques to highlight problems.

Automated issue detection can help not only detect, but prevent problems. AIIM says, “…users are increasingly placing greater trust in automated intelligence and rules-based enforcement than in user-optioned actions.” Protect the organization by using automated violation scanning, versus relying on manual compliance. Read more on why to automate SharePoint compliance.

There are a number of options to improve the security of an existing SharePoint installation, many include folder level, and permission based security. However, the most effective method for content security is to protect sensitive information at the file level using automated solutions for classification, encryption and content restriction. To better protect your organization, you should consider how automated compliance and security products can remove some of the vulnerabilities and human diligence required to maintain SharePoint content security over the longer term.

Download Managing Compliance Risk in SharePoint: A Step by Step Illustrated Guide

Effective compliance is the ability to not only have a governance strategy in place, but also be able to manage risk by identifying issues and potential violations, and have a process in place for resolution and fine tuning. This step-by-step illustrated guide lays out each step; from defining your compliance strategy, to implementing HiSoftware’s suite of solutions for identifying and managing compliance and security issues in SharePoint to help protect your organization.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: