Survey: SharePoint creating security weak point

A poll of business managers has revealed they are ignoring a myriad of SharePoint security and data risks.

A whopping 87 per cent of companies have cited SharePoint as a source of concern for sensitive data, according to a new survey.

While many organisations are adopting the Microsoft software package, the survey of 150 business managers worldwide found that most companies are largely unaware of what is happening within the information sharing environment.

Nearly two thirds (63 per cent) did not have the tools to monitor and control the use of SharePoint in their organisation, meaning they do not know if sensitive data is being shared in these sites, who is using these sites, who has access to them and who needs access.

Furthermore, more than one-third (34 per cent) of respondents do not have a policy defining acceptable usage for SharePoint. While more than 36 per cent of companies do not currently monitor usage of the software, nor was there anyone in the organisation responsible for ensuring SharePoint security and compliance.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The survey sponsor and access management and compliance firm, Courion said its findings were particularly worrying in light of the fact that analyst firm Gartner reports that approximately 50 per cent of small to mid-sized businesses (SMBs) surveyed are running some variant of SharePoint, primarily to meet their portal, content and collaboration needs.

The report said that users reported that SharePoint is so easy to install and deploy that it doesn't require significant IT expertise or involvement.

It said many IT directors find that, since they are already standardised on Microsoft products in their organisations, it was likely that SharePoint is already in their environment. This has made turning to software to an easy decision when their end users need a collaboration package.

Courion recommended that organisations establish risk-based governance and

controls in their SharePoint environments to ensure long term security and compliance with business policy and industry regulations.

Policy requirements include system administrators and security personnel knowing which SharePoint sites are on their networks and who owns them, as well as who has access to these sites and what permissions they have.

Advertisement - Article continues below

The vendor recommended establishing whether sites with sensitive data being managed using best practices consistent with the organisation's security policies and to amend them if not.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/infrastructure/server-storage/354476/broadberry-cyberserve-r182-z90-review-gigabytes-epyc-gamble
Server & storage

Broadberry CyberServe R182-Z90 review: Gigabyte’s EPYC gamble pays off handsomely

7 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020