SharePoint Security Mistakes you are Probably Making

So back in 2012 a post was written that talked about the 10 things that you, me and other organizations are doing or not doing with regards to SharePoint Security. Now since then a lot has happened, cloud has taken off, On-Premises is now less appealing and of course we have had many data and security breaches that have hopefully meant we are doing better than ever at protecting our content.

http://www.darkreading.com/risk-management/10-sharepoint-security-mistakes-you-probably-make/d/d-id/1102545?page_number=1
http://www.darkreading.com/risk-management/10-sharepoint-security-mistakes-you-probably-make/d/d-id/1102545?page_number=2

So let’s look at the initial top 10 things that made the list:

  1. Poor Security Training
  2. Collaboration Barriers
  3. Unclear security oversight
  4. Overly Broad access rights
  5. Not watching watchers
  6. Failure to encrypt
  7. Sloppy search indexing
  8. Poor Internet Information Services (IIS) maintenance
  9. Poor endpoint security
  10. Failure to scan for viruses

All in all, a pretty good list. So the follow up question would be:

Have we moved beyond this now?

Have we been able to resolve these issues and implement better solution since this list was published?

What do you think?

Ahh……., the magic questions. Did we do any better? 5In reality I would like to say yes we did but actually we didn’t really. We may have the secure cloud, but now we have just moved what would be Infrastructure Security issues to now be End User Access Security issues. In the original post it states the following “…if your business uses SharePoint to store sensitive information, ignore taking the time to secure and monitor access to that data at your peril. That is a pretty good message, too often we spend time worried about making sure the servers and systems are secure, when in reality the front door to the applications is wide open. Over a year ago I wrote a guest blog post for the guys over at Sharegate on SharePoint Security.

http://en.share-gate.com/blog/10-ways-make-sharepoint-secure

Then while presenting at SharePoint Fest Seattle earlier this year, I presented the idea of pillars of security that can help us avoid the 10 items listed.

If you want to read a blog post, I wrote you can head over to the following URL:

https://ecm.protiviti.com/blog/Lists/Posts/Post.aspx?ID=261

So in reality if we have to keep writing about, presenting and talking about Security in SharePoint then we haven’t really moved any further forward. So what do we do? We move forward and start to do the things that we know we should do, the items listed in the 3 pillars of Security, which when you read, make complete sense and then you wonder why you haven’t done them yet J

Liam Cleary

I began my career as a Trainer of all things computer related. However, I very quickly realized that programming, breaking, and hacking was a lot more fun. I then spent the next few years working on core infrastructure and security services, until I found SharePoint. I am now the founder and owner of SharePlicity, a consulting company that focuses on all areas of Technology. My role within SharePlicity is to help organizations implement technology that will enhance internal and external collaboration, document and records management, automate business processes and of course security controls and protection. I am also an eleven-time Microsoft MVP focusing on Architecture but also cross the boundary into Development. My specialty over the past few years has been security in SharePoint and its surrounding platforms. I can also be found at user groups or conferences speaking, offering advice, spending time in the community, teaching my kids how to code, raspberry PI programming, hacking the planet or building Lego robots.

You may also like...