SharePoint Security Mistakes you are Probably Making

So back in 2012 a post was written that talked about the 10 things that you, me and other organizations are doing or not doing with regards to SharePoint Security. Now since then a lot has happened, cloud has taken off, On-Premises is now less appealing and of course we have had many data and security breaches that have hopefully meant we are doing better than ever at protecting our content.

http://www.darkreading.com/risk-management/10-sharepoint-security-mistakes-you-probably-make/d/d-id/1102545?page_number=1
http://www.darkreading.com/risk-management/10-sharepoint-security-mistakes-you-probably-make/d/d-id/1102545?page_number=2

So let’s look at the initial top 10 things that made the list:

  1. Poor Security Training
  2. Collaboration Barriers
  3. Unclear security oversight
  4. Overly Broad access rights
  5. Not watching watchers
  6. Failure to encrypt
  7. Sloppy search indexing
  8. Poor Internet Information Services (IIS) maintenance
  9. Poor endpoint security
  10. Failure to scan for viruses

All in all, a pretty good list. So the follow up question would be:

Have we moved beyond this now?

Have we been able to resolve these issues and implement better solution since this list was published?

What do you think?

Ahh……., the magic questions. Did we do any better? 5In reality I would like to say yes we did but actually we didn’t really. We may have the secure cloud, but now we have just moved what would be Infrastructure Security issues to now be End User Access Security issues. In the original post it states the following “…if your business uses SharePoint to store sensitive information, ignore taking the time to secure and monitor access to that data at your peril. That is a pretty good message, too often we spend time worried about making sure the servers and systems are secure, when in reality the front door to the applications is wide open. Over a year ago I wrote a guest blog post for the guys over at Sharegate on SharePoint Security.

http://en.share-gate.com/blog/10-ways-make-sharepoint-secure

Then while presenting at SharePoint Fest Seattle earlier this year, I presented the idea of pillars of security that can help us avoid the 10 items listed.

If you want to read a blog post, I wrote you can head over to the following URL:

https://ecm.protiviti.com/blog/Lists/Posts/Post.aspx?ID=261

So in reality if we have to keep writing about, presenting and talking about Security in SharePoint then we haven’t really moved any further forward. So what do we do? We move forward and start to do the things that we know we should do, the items listed in the 3 pillars of Security, which when you read, make complete sense and then you wonder why you haven’t done them yet J

Liam Cleary

Liam began his career as a Trainer of all things computer related. He quickly realized that programming, breaking, and hacking was a lot more fun. He spent the next few years working within core infrastructure and security services until he found SharePoint. He is the founder and owner of SharePlicity, a consulting company that focuses on all areas of Technology. His role within SharePlicity is to help organizations implement technology that will enhance internal and external collaboration, document and records management, automate business processes and of course security controls and protection. Liam also serves as the Product Owner for Security at Rencore, where he is helping to develop offerings that help organizations further understand and mitigate security and compliance risks, within SharePoint and Office 365 customizations. His core focus will is to identify, control and protect whether they are full-fledged customizations or out-of-the-box Office 365 functionality. He is also a twelve-time Microsoft MVP focusing on Architecture but also crosses the boundary into Development. His specialty over the past few years has been security in SharePoint and its surrounding platforms. He can often be found at user groups or conferences speaking, offering advice, spending time in the community, teaching his kids how to code, raspberry PI programming, hacking the planet or building Lego robots.

You may also like...