Home : Strategy : News

Survey: SharePoint creating security weak point

A poll of business managers has revealed they are ignoring a myriad of SharePoint security and data risks.

By Miya Knights, 17 Nov 2008 at 10:09

A whopping 87 per cent of companies have cited SharePoint as a source of concern for sensitive data, according to a new survey.

While many organisations are adopting the Microsoft software package, the survey of 150 business managers worldwide found that most companies are largely unaware of what is happening within the information sharing environment.

Nearly two thirds (63 per cent) did not have the tools to monitor and control the use of SharePoint in their organisation, meaning they do not know if sensitive data is being shared in these sites, who is using these sites, who has access to them and who needs access.

Furthermore, more than one-third (34 per cent) of respondents do not have a policy defining acceptable usage for SharePoint. While more than 36 per cent of companies do not currently monitor usage of the software, nor was there anyone in the organisation responsible for ensuring SharePoint security and compliance.

The survey sponsor and access management and compliance firm, Courion said its findings were particularly worrying in light of the fact that analyst firm Gartner reports that approximately 50 per cent of small to mid-sized businesses (SMBs) surveyed are running some variant of SharePoint, primarily to meet their portal, content and collaboration needs.

The report said that users reported that SharePoint is so easy to install and deploy that it doesn’t require significant IT expertise or involvement.

It said many IT directors find that, since they are already standardised on Microsoft products in their organisations, it was likely that SharePoint is already in their environment. This has made turning to software to an easy decision when their end users need a collaboration package.

Courion recommended that organisations establish risk-based governance and

controls in their SharePoint environments to ensure long term security and compliance with business policy and industry regulations.

Policy requirements include system administrators and security personnel knowing which SharePoint sites are on their networks and who owns them, as well as who has access to these sites and what permissions they have.

The vendor recommended establishing whether sites with sensitive data being managed using best practices consistent with the organisation's security policies and to amend them if not.