Tag Archives: SharePoint Collaboration
Top Security Challenges with SharePoint Collaboration
In today’s business environment successful companies rely upon the rapid and efficient exchange of information. Collaboration between employees is a critical part of this equation and a key driver for increasing competitiveness and productivity. Effective collaboration requires timely access to information— both structured (databases) and unstructured (file systems, online content and communications).
Many companies have invested in SharePoint for managing their unstructured information. However, few have realized the potential efficiencies and productivities that SharePoint offers because of concerns about the security of the information stored in it. Worse still, many continue to maintain legacy document management systems to store sensitive information and continue to incur the associated software maintenance, labor and hardware costs. This drastically reduces the ROI on their SharePoint investment.
Are you SEC Audit-Ready?
If the SEC came knocking on your door today, are you confident your organization is audit ready? Could you comply with the Gramm Leach Bliley Act (GLBA)? Show how regulated users are monitored? Prove that you are preventing exposure of clients’ personal information or confidential corporate information? Could you do all this in your SharePoint Collaboration environment?
Will Collaboration Expose your Business?
Opening up your business to social media collaboration carries significant risk. Major brands have experienced issues with social media strategies that encourage customers to share with them, most recently Coca Cola.
How to Prevent SharePoint Mistakes
Readin
g Mathew J. Schwartz’s article in Information Week, ‘10 SharePoint Security Mistakes You Probably Make,’ there were a few items of particular interest.
- The first was on the discovery that in the case of Bradley Manning leaking 250,000 U.S. State Department cables, the forensic expert “discovered Wget scripts on Manning’s computer that pointed to a Microsoft SharePoint server holding the Gitmo documents. He ran the scripts to download the documents, then downloaded the ones that WikiLeaks had published and found they were the same, Shaver testified.” (Source: Wired, Forensic Expert: Manning’s Computer Had 10K Cables, Downloading Scripts)
Olympic Security Dossier Left on Train: Could SharePoint have prevented?
The Sun reported earlier this week that a secret dossier detailing plans for policing this summer’s London Olympics were left on a train. Included in the dossier were names and mobile phone numbers of constables, sergeants and inspectors as well as details of pre-Olympics rehearsals, emergency “lock-down” procedures and plans to avoid traffic congestion.
The Guardian wrote an interesting post criticizing the Sun because of its dramatic reference that the file “contained details that would have helped al-Qaida terrorists mount a devastating attack on the Games in London this summer.” Before I get too involved with The Sun verses The Guardian newspaper, my point is that we should ensure the possibility doesn’t happen that an al-Qaida operative is on the same train at the same time as a police officer leaving a security dossier.
On this note, I couldn’t help wonder if SharePoint could have prevented this situation in the first place? Lost documents are nothing new so why does it still happen? Secure documents do not need to be left in places because they shouldn’t be printed in the first instance. It makes more sense for organizations to use SharePoint with a specific automated rules engine to define the parameters that people can access information.
In this instance, if the document was available to the constables, sergeants and inspectors mentioned in the dossier, they should only be able to access it from a computer using a secure SharePoint connection. Then, they should only be able to read it on screen or comment in a secure Team Site on the platform. No printing of the material should ever been allowed. Not only would this mean no loss of documents, but it would also help the Met monitor who was reviewing the information and how the readers felt about the plan (using the Team Site) to make improvements such as the radio comments that appeared in the dossier. Lastly, the Met could see if there was any person wanting to print the materials or access it inappropriately.
SharePoint could lend itself to a useful collaboration tool for the Met. If used with appropriate, automated compliance and security solutions, SharePoint could ensure that instances like this would be a thing of the past.
To help discover the range of issues driving organizations toward stronger content security and policy enforcement, and learn how the most forward-thinking organizations are managing content compliance, download a privacy whitepaper.
The Risks for SharePoint Data and Document Control
I was reading an article on Microsoft Certified Professional Magazine about the risks associated with SharePoint data. It’s a topic I often write about, but thought this was an interesting take on it…
SharePoint is apparently in the crosshairs of potentially nefarious attackers, according to security expert Randy Franklin Smith.
Smith, who runs the Ultimate Windows Security Web Site, said in particular that enterprise users need to be careful about sharing sensitive data online via SharePoint. It’s not just because of the risk. There’s also the confusion around version control, or who’s viewed, edited or downloaded a SharePoint-shared document. At issue are two specific versions of SharePoint, Windows SharePoint Services 3.0 and SharePoint Foundation. Smith called the audit function in those two versions “basically unusable.”
Microsoft Certified Professional Magazine, “SharePoint Data Could Be At Risk, Says Researcher” Jabulani Leffall, May 02, 2011
SharePoint is a brilliant collaboration tool, but unfortunately it doesn’t have the compliance tool required of any enterprise organisation. Without a tool that protects sensitive data while monitoring document usage, it is difficult for any enterprise to feel confident using the collaboration capabilities.
Sleepless in SharePoint 2010
Having many people within an organisation author and publish content is scary and it’s one of the fears that keeps people awake at night. It begs the question – who sleeps soundly in a multi-author environment?
Subscribe to our RSS Feed 
Follow Us on Twitter 
Find us on LinkedIn 