SharePoint Security Mistakes you are Probably Making

So back in 2012 a post was written that talked about the 10 things that you, me and other organizations are doing or not doing with regards to SharePoint Security. Now since then a lot has happened, cloud has taken off, On-Premises is now less appealing and of course we have had many data and security breaches that have hopefully meant we are doing better than ever at protecting our content.

http://www.darkreading.com/risk-management/10-sharepoint-security-mistakes-you-probably-make/d/d-id/1102545?page_number=1
http://www.darkreading.com/risk-management/10-sharepoint-security-mistakes-you-probably-make/d/d-id/1102545?page_number=2

So let’s look at the initial top 10 things that made the list:

  1. Poor Security Training
  2. Collaboration Barriers
  3. Unclear security oversight
  4. Overly Broad access rights
  5. Not watching watchers
  6. Failure to encrypt
  7. Sloppy search indexing
  8. Poor Internet Information Services (IIS) maintenance
  9. Poor endpoint security
  10. Failure to scan for viruses

All in all, a pretty good list. So the follow up question would be:

Have we moved beyond this now?

Have we been able to resolve these issues and implement better solution since this list was published?

What do you think?

Ahh……., the magic questions. Did we do any better? 5In reality I would like to say yes we did but actually we didn’t really. We may have the secure cloud, but now we have just moved what would be Infrastructure Security issues to now be End User Access Security issues. In the original post it states the following “…if your business uses SharePoint to store sensitive information, ignore taking the time to secure and monitor access to that data at your peril. That is a pretty good message, too often we spend time worried about making sure the servers and systems are secure, when in reality the front door to the applications is wide open. Over a year ago I wrote a guest blog post for the guys over at Sharegate on SharePoint Security.

http://en.share-gate.com/blog/10-ways-make-sharepoint-secure

Then while presenting at SharePoint Fest Seattle earlier this year, I presented the idea of pillars of security that can help us avoid the 10 items listed.

If you want to read a blog post, I wrote you can head over to the following URL:

https://ecm.protiviti.com/blog/Lists/Posts/Post.aspx?ID=261

So in reality if we have to keep writing about, presenting and talking about Security in SharePoint then we haven’t really moved any further forward. So what do we do? We move forward and start to do the things that we know we should do, the items listed in the 3 pillars of Security, which when you read, make complete sense and then you wonder why you haven’t done them yet J

Liam Cleary

I work as an Associate Director for Protiviti in Virginia. My main focus is to ensure that SharePoint can either natively or with minimal customization meet the business requirement securely. I am currently a SharePoint MVP focused on Architecture but also cross the boundary into Development and Security. I am often found at user groups, conferences speaking, offering advice, spending time in the community, teaching my kids how to code, raspberry PI programming, hacking the planet and sometimes building Lego robots.

You may also like...