SharePoint Security: Users Say No

The results of a new survey sponsored by Cryptzone, a threat-management solutions provider, should have security and SharePoint administrators worried. Although 92 percent of SharePoint users know that sharing data outside of SharePoint is risky for their enterprise, almost a third (30 percent) of those surveyed were willing to do so, saying they weren’t “bothered if it helps me get the job done.” One-third of survey participants (34 percent) admitted that they “never really thought about the security implications of SharePoint,” and 13 percent said that protecting company data wasn’t their job.

More troublesome: nearly half (45 percent) of those surveyed turn their nose up at SharePoint security, admitting that they “disregard the security within SharePoint and copy sensitive or confidential documents from the collaboration tool to their local hard drive [or] USB device” or will e-mail it to third parties.

Why copy documents from SharePoint instead of using the built-in controls the collaboration tool offers? According to 43 percent of those surveyed, they work from home or have to work with others who don’t have access to SharePoint (more than 55 percent use this reasoning).

As Cryptzone concludes: “What this practice demonstrates is that this new technology, while supposedly a business enabler, is recognized by many employees as a barrier and doesn’t live up to its full potential as an inclusive collaboration tool to enhance productivity.”

Porosity of the Perimeter

In a statement, Daniel Nilsson, data-loss-prevention expert at Cryptzone said, “Organizations recognize that today’s workforce needs to be able to collaborate effectively, but if this new-found access to data is introducing lax security practices, then the danger could quickly outweigh the benefits. While some might consider it admirable that their employees are so dedicated to getting the job done, the fact remains that they’re circumventing procedures and security put in place for good reason.

“Ignoring the consequences is a risky strategy. [I]s it any wonder, then, that we see so many data security breaches as a result? Rather than ignoring what’s happening, steps need to be taken that recognize the increasing porosity of the perimeter and allow the workforce to harness the power SharePoint offers without compromising security.”

The study also looked at security administration. It found that one-third of IT admins believe users can control access rights within SharePoint but aren’t allowed to do so, which explains why 69 percent say they’re responsible for managing access rights. Almost a quarter of users (22 percent) don’t know how to manage access rights.

More than one-third (35 percent) of SharePoint administrators go snooping and peek “at documents they’re not meant to read,” such as employee details (including salaries) or merger and acquisition details. Cryptzone says this indicates that “some organizations clearly aren’t getting the balance right.”

Nilsson recommends that organizations develop “even more innovative methods of communicating cause and effect to their users. Perhaps even consider sanctions to wake up the 12 percent that don’t consider it their role to protect corporate information.”

The full survey results are available at www.cryptzone.com/sharepoint-security-survey (no registration is requied).

-- James E. Powell
Editorial Director, ESJ

Posted by Jim Powell on 02/22/2012