The Battle Between Sharepoint and Security has Ended


Security is the topic on everyone’s list these days and for good reason. Gone are the days of simple network security where the security of the entire business was left to a few nerds in the IT department. These days -- where the cloud is king and everyone from the CTO to the guy who brings the bagels is logging in using personal smartphones and tablets -- security is much more difficult to get a hold on. Nonetheless, it’s still paramount for any business to maintain their data security lest they fall to the same fate as Equifax, Marriott or -- god forbid -- Yahoo.

With security being so important, Savvior’s team of experts thought it prudent to put together this article outlining the relationship between security and one of the most used document management tools in business today, Sharepoint. This article will cover:

  • What is Sharepoint

  • Sharepoint and Security

  • How Savvior can help

What is Sharepoint

If you aren’t one of the millions of licensed Sharepoint users, odds are you've probably still heard of it. If you’ve been hiding from such big tech, however, let’s review. Sharepoint is a document management and collaboration tool released by Microsoft. It’s used by businesses to help bring offices together in a more organized way internally. Essentially, it’s an intranet and content management system.

Sharepoint is at the center of a lot of businesses. Microsoft claims it’s used in almost 80% of Fortune 500 businesses. If you don’t believe them, there’s no denying their sales anyway. In just 5 years (between 2006 and 2011) Microsoft sold over 36 million user licenses. That’s big money, even for a mega-corporation like Microsoft. Being one of the big boys in internal networks and office organization means Sharepoint is also the target of a lot of user frustration, however.

The price of being the biggest means everyone has an opinion. Everywhere you look, there’s another think piece or article about the “many failures” of Microsoft Sharepoint. One of the major complaints shared by users of all kinds is the potential for security risks found in Sharepoint. But what are these risks exactly? Can your business run Sharepoint and avoid them? Let’s take a look.

Sharepoint and Security

Screenshot taken from Adobe webpage

As we’ve said: Microsoft developed Sharepoint as a collaborative document management tool. The entire point of the software was the open communication of information around a business. So now, in this age of security, many see this as the problem. The real problem is, however, how businesses -- and especially their employees -- have been using it.

We’re not saying Microsoft created some kind of new age site where everything is open to anyone. The good people at Microsoft are reasonable and Sharepoint is just as reasonable. There are permission levels that can be associated with documents individually, as a set, individual employees, groups, etc. Admins are able to set these levels and edit them so that whomever needs the information can get it and whomever doesn’t cannot. Problems arise is 3 key areas:

  1. Permissions Maintenance

  2. End User Mistreatment

  3. End user vulnerability

  4. Permissions Maintenance

Fortune 500 companies are big. They’re really big. That have almost too many employees. Now, you take all of these people and you set user permissions either individually or at the document level and you have an organizational nightmare when it comes time to edit them. Though Sharepoint allows admins to set user permissions at a group level, many still go person by person setting up who can see what and who cannot. But then, what happens when someone quits? Or is fire? What happens when someone swears to destroy the company from the inside out? Well, you have to go in and make sure they can’t see anything. That process is going to be really difficult if you’ve set up your system by attaching permissions to individuals and documents, and odds are, you’re going to miss something. That can leave your business vulnerable.

Savvior’s advice:

Make sure you’re organizing permissions at a group level and never at the document level. This makes things clearer and less prone to maintenance nightmares down the road.

  1. End User Mistreatment

When someone has been given access to certain data and someone else has not, many administrators and business owners think that’s just the end of it. That’s not always the case, however. In a recent survey of 100 Sharepoint users, almost half admitted to have copied sensitive information onto an off network format (i.e. USB, email, etc.) with 18% admitting to doing this regularly. A lot of this was so they could work from home (43%) has Sharepoint allows for comprehensive permissions to be set depending on location -- thus preventing some employees from accessing what they need to from the relatively insecure context of home.

A whopping 55%, however, claimed to have done this specifically to send this information to another user that did not have access. That’s a problem. Or it can be. Obviously, not all of these instances resulted in major data breaches. More often than not, the fact one party didn’t have access could have been an admin mistake, and someone with access was just helping out a colleague. But the fact remains, this leaves businesses open to huge vulnerabilities and liability in that 1 in a million instance these parties are malicious or being targeted for data.

Savvior’s advice:

Educate your employees. Microsoft encourages Sharepoint training for users. Sadly, many ignore this, but it’s important your staff understands the gravity of security and implications of a breach.

  1. End User Vulnerability

At the end of the day, businesses still have to worry about good old hacking. Setting aside how end users might mismanage the data they’re privy to (though these two naturally inflate one another), many employees use personal computers, smartphones and tablets at work these days. That can mean vulnerability for your business. If these personal devices are secured to industry standards they can be easily hacked and the data your employee has permission for can be leaked to the wrong people.

Savvior’s advice:

Ask that your employees secure their devices. Make security a part of daily office culture to the point where everyone is committed and knowledgeable about the threat of security breaches.

How Savvior can help

As we’ve said: Sharepoint is an immensely useful internal network to use to allow your employees and offices to cooperate. It can also be incredibly complicated to maintain such a system for a large company and that complexity can lead to security vulnerabilities. That’s where your favorite IT experts from Pittsburgh come in. Sharepoint security can be difficult to build, so why not let a team of Sharepoint security experts do it for you? Our team of experienced Sharepoint experts can help you manage permissions, organize your workflows and automated networks and set you on the right track so Sharepoint can be your path to success, not a security nightmare.