In the AIIM, SharePoint Security – A Survey on Compliance with Recommendations for Improvement, author David Jones asked if respondents had any general comments to make about their compliance and information security issues. They had a lot to say. We’ve compiled and provided some commentary on eight responses that caught our attention:
1. “Even though governance is established, compliance is faulty and monitoring is sketchy at best.”
2. “If you want compliance don’t use SharePoint.”
Content compliance and monitoring do not need to be faulty or sketchy. SharePoint can absolutely offer secure collaboration and compliance with the right tools in place. The points below offer a close look at some of the steps and solutions that can assist you.
3. “After migrating content it is difficult to retroactively apply rules.”
Many will face the migration obstacle as they move to SharePoint 2010/2013 or hybrid environments. What’s important here is that organizations can take proactive steps to clean and check content against compliance both before and after migration, and regardless of where it resides. Using third party solutions, compliance and security policies can easily be applied to scan of all the content within the platform. Some policies will be based on regulatory and industry standards, while others will be custom to the requirements of a specific organization. Rules can be set-up to determine what to do when confidential or regulated content is discovered to restrict access to it and control what actions can be taken with it. This helps to ensure that all content in SharePoint, regardless of whether it is new or old, is compliant with policies. Adding additional security around sensitive content helps reduce organizational risk and the threat of breaches.
4. “Currently taking a cautious approach until third party tools are in place.”
5. “As with many organizations that are using SharePoint, we know/understand the current and potential risks associated with it, but are still in the process of trying to “get our hands around it” from an organization/enterprise perspective.”
SharePoint can be a mammoth task to secure; and trying to secure it without content compliance and security solutions is an impossible task. Third party solutions for automated, content-aware compliance and security for SharePoint will ensure you are reducing risk while also maximizing your collaboration investment.
6. “Our organization lacks understanding of what’s actually in SharePoint, from a sensitive/regulated information perspective.”
The best thing about SharePoint is you can put anything in it, and the worst thing about SharePoint is you can put anything in it. Organizations need to balance an increasingly social collaborative environment while still meeting regulatory requirements. Many SharePoint sites seem to be a Wild West of unstructured content. But, there are solutions out there that can audit your site content to help you identify and secure sensitive and regulated information, helping you rein in compliance.
7. “Committing resources to tighten and maintain proper security requires a major, visible commitment from upper management to initiate and maintain the effort and incorporate it into the corporate culture.”
There are a lot of important take-aways from this comment. There is absolutely a need to have management buy-in and engagement on implementing proper SharePoint security features, but it’s too much to cover in one blog post. The emphasis should be on making compliance and security a seamless part of corporate culture. Training takes time and relying on staff to remember all the rules opens you up to those dreaded “whoops” moments. Using solutions that monitor content for compliance issues, taking the onus off the individual is the best way to ensure policies are enforced. After all balancing the need to collaborate with the need to maintain SharePoint security is essential to reducing organizational risk. Read how policy management can impact corporate culture.
8. “Compliance, security and record retention are must haves for us.”
This is the ultimate comment because compliance and security are must haves for all organizations using SharePoint. Effective compliance is the ability to not only have a governance strategy in place, but to also be able to manage risk by identifying issues and potential violations, and have a process in place for resolution and fine tuning. The most effective method for managing compliance and security risk in SharePoint is to protect sensitive information at the file level using automated solutions for classification, encryption and content restriction. To better protect your organization, you should consider how automated compliance and security products can remove some of the vulnerabilities and human diligence required to maintain SharePoint content security over the longer term.
Read more findings from the report including recommendations on improving SharePoint security or find out how selecting the right content compliance and security solution will help your organization achieve the full benefits of SharePoint by reading Microsoft SharePoint Security: Evaluating a Content Security Solution.