Many organisations rely on Microsoft SharePoint to manage and share content both internally and externally; collaborate around content, process and people, and search internal and online resources.
SharePoint has become the tool of choice for content management in part because it can be accessed from any location – a growing requirement for today’s mobile workforce. However, this flexible remote access, combined with unique SharePoint security threats, exposes applications and data to potential attack. At Dimension Data, we are seeing more and more, that SharePoint installations intended initially for internal use are now being opened up externally to the Internet which only increases the chance of compromise and therefore the security requirements to protect it. Others are built specifically for public access, but traditional perimeter security controls such as firewalls are not sufficient in protecting access to SharePoint and the information that resides on it.
SharePoint applications often contain confidential data, personally identifiable information, intellectual property, and sensitive financial data such as credit card numbers. With such valuable information at risk, SharePoint is both a top security concern for businesses and a lucrative target for external hackers or internal users who can abuse their privileged access.
Organisations need to make sure they have policies and a security capability that allows them to monitor when internal and external threats are occurring. Some of these threats to consider include:
- When is inappropriate access to data occurring? Why is this occurring and by whom? For example, if an employee all of a sudden starts downloading hundreds of internal confidential documents, is this because they intend to share this information with an unauthorised external party such as a competitor or a public forum (such as WikiLeaks)?
- When is suspicious external access targeting the web interface of SharePoint occurring? SharePoint, like many of your other public facing web applications can be susceptible to the same threats. What visibility do you have of someone from the outside trying to compromise your system?
- What information is stored on your employees’ mobile device from the SharePoint site through tools such as SharePlus? What happens if they lose their device?
It is critical that organisations employing these use cases evaluate their potential security issues and implement a plan for SharePoint security and management. Methodologies and technologies exist to gain visibility, awareness and protection of the valuable information that sits within your SharePoint environments. Mitigate your odds of a data breach. Your SharePoint environment can and should be secure.