The HiSoftware Security Sheriff has put out an APB for users that break the laws around data and content security within SharePoint, and as of today listed its top three “most wanted” users: Andy the Anonymous Admin, Felonious Phil, and Fran the Folder Fiend. “It’s not that they’re necessarily malicious,” explained HiSoftware CEO Kurt Mueffelmann. “It could be people doing their jobs in a lazy way, circumventing rules and policies” regarding document visibility, alteration and movement.
Andy the Anonymous Admin: One-third of SharePoint administrators admit to having looked at sensitive organizational data, Mueffelmann said, whether it is employee pay rates or promotions, drug test results, or financial reporting data. “Our secure metadata is all admins can see without the proper permissions,” he said. Andy slipped up when, during a holiday, he was the only on-site admin that day, so his fingerprints were all over the data.
Felonious Phil: Phil is collaborative by nature, Mueffelmann said, so he doesn’t care what information is in a document. He’s going to share it with unauthorized users, often sharing information he shouldn’t, such as health information. “Unless you’re scanning the document, you don’t always know what’s in it,” he said. This kind of sharing could put an organization at risk for violating regulations such as HIPAA.
Fran the Folder Fiend: Bless her heart, Fran loves to create sub-folder after sub-folder in her document libraries. “In Nirvana, there would be one folder for all docs, managed by permission,” Mueffelmann said. Folders, he said, create problems with site proliferation, and create multiple versions of the truth.