This week, we begin with a riddle: How is it that, in a recent AIIM survey, 82% of the respondents claimed to be using SharePoint to access or store secure content, but 57% said they are worried that SharePoint does not meet their security or compliance requirements?
Kurt Mueffelmann, CEO of HiSoftware, which underwrote the survey, thinks the answer is that many people aren’t aware of what’s going into their SharePoint implementation. “The best thing about SharePoint is that you can put anything into it,” he said. “And the worst thing about SharePoint is that you can put anything into it.” Another riddle?
Not to Mueffelmann. “We like to say security is a team sport in SharePoint. That includes content providers, business users, admins, and all the roles that touch SharePoint.”
Securing SharePoint—like securing any other document repository—is a balancing act of providing access to documents, but controlling that access. In SharePoint, according to the survey, that can mean keeping documents out of the wrong hands, managing audit trails (including tracking a sensitive document’s chain of custody) and complying with industry standards and company policies. (The study looked only at SharePoint Server 2010, but found—interestingly—that more than a third of respondents still were using Microsoft Office SharePoint Server 2007.)
While SharePoint does offer features for claims-based authentication and authorization, Mueffelmann said there’s nothing in 2010 (or in 2013 that he’s seen, for that matter) that addresses item-level security. This means someone might have authorization to read or check out a document, but he or she might then copy it, or send it via e-mail, to another party that should not be viewing or revising the document.
To compound the problem, nearly half the respondents admit they are not making the best use of security tools they have. Yet, as organizations take SharePoint from a departmental document repository and deploy it out through the enterprise, Mueffelmann believes “encryption will become much more important as time goes forward.”
AIIM concluded that 70% of organizations still rely on humans to manage security vulnerabilities, rather than use automated detection, which it termed “frightening.” It found that despite security enhancements in SharePoint 2010, it is not simple to use and deploy.
So, perhaps that is why 13% of large organizations using SharePoint say security “is a disaster waiting to happen.”
Meanwhile, the folks at Axceler are trying to gain an understanding of how organizations are (or aren’t) putting governance plans into place and then executing them. The SharePoint Governance Survey is open until mid-October, so if you’re involved in governance (or not), Axceler asks that you take just a couple minutes to complete the survey and share your opinions!
—David