By Mandy Pang
Microsoft SharePoint server is an outstanding and widely adopted collaboration platform for sharing business-critical data. However, enterprises are finding that SharePoint’s permissions-based security model is not scalable and doesn’t provide adequate controls for sensitive, regulated, and highly valuable data. There is a rapid proliferation of SharePoint sites and data, as well as SharePoint’s ad-hoc collaboration and discretionary access control model. Due to the rapid proliferation, organizations face an increased risk that their sensitive data will be leaked or mishandled. Because of this, users are more likely to grant access to critical assets in SharePoint in ways that may result in non-compliance and intellectual property (IP) leakage.
Here are typical challenges businesses encounter with SharePoint:
- In an attempt to manage access to content, SharePoint administrators will often create separate collaboration sites for each group. As the number of project groups increase, so do collaboration sites that are created increase. While new sites are being created, few collaboration sites are being deleted – even after the project is completed. This leads to an increased overhead in site management and an increase in the risk for IP loss.
IT and Content Disconnect
- I.T. is often chartered with adding user access for SharePoint sites, while users often upload content without knowing who has been given access to the site. This disconnect could lead to unintentional disclosure of proprietary data, thus increasing the risk of regulatory non-compliance or loss of IP.
User Dependent Classification
- To properly control access to sensitive documents and files, content must be correctly classified. Unfortunately, many SharePoint sites are dependent on manual classification of content. The manual system is dependent on users evaluating, determining, and labeling of sensitive information. This often leads to unintentional omissions or misclassifications, leading to increased risk of IP and data loss.
Unmanaged Data Collaboration
- Enterprises are seeing a tremendous uptick in SharePoint users downloading documents and storing them in local servers or on their desktop. This behavior may violate data privacy, corporate policy, and export regulations. Other user behavior that opens the enterprise to data loss and IP theft are when users email site contents to their business partners and co-workers. Without proper management of data collaboration that is automatic and easily enforceable through a technology solution that is centrally managed by business operations that are faster and more flexible that IT operations, IP loss can exponentially increase as enterprises scale globally.
SharePoint 2013 may amplify the above challenges even more: new social capabilities, improved search, cross-site publishing, and a roadmap for companies that want to move to Office 365 in the Azure cloud—all the new and exciting features mean sharing information inside and outside an organization will be even easier, and protecting sensitive data even harder.
CIOs, CSOs, and IT leaders can solve these prevalent data security challenges by easily implementing automated information risk management solutions for SharePoint that will:
- Identify where critical or sensitive data resides, and correctly classify them
- Control access and storage of critical or sensitive data
- Persistently protect data even after it leaves SharePoint
- Achieve visibility into where sensitive data is generated and who is accessing the data
Attending Microsoft SharePoint 2014 conference in Las Vegas? Click here to request a meeting at the show with NextLabs. NextLabs is the leader in information risk management technologies. We turn complex technical challenges into easy-to-understand business solutions.