Microsoft SharePoint Secured
How to cut through the hype and choose the right SharePoint security product.
Microsoft SharePoint; these are two words that conjure up both relief and fear.
First, the relief; with over 85 million licenses sold and $1 billion (£670 million) in sales, it’s clear that organisations are rapidly embracing Microsoft SharePoint as an affordable technology that can solve the not-so-insignificant challenges of secure collaboration.
Second, the fear: Microsoft SharePoint servers are being deployed so rapidly that IT can’t keep up with the security, compliance and risk considerations.
How to secure Microsoft SharePoint
A typical scenario; a sales department hit with budget cuts and resource reductions turns to the IT department to help it streamline the document sharing process with partners and customers. IT deploys a sales sub-site on a Microsoft SharePoint server that’s also home to human resources, marketing and other corporate sub-sites. The sales department then creates partner and customer folders on its site.
Business and revenue objectives demand that document sharing begins immediately, so IT grants immediate access to the sales site for partners and customers. In fact, access is opened so fast, that IT doesn’t have time to implement a policy restricting partners from accessing other sub-sites, and documents, hosted on the server. In this case (an all-too-common occurrence today), communication and customer objectives are being met, while security and compliance policies are exposed.
There is certainly a level of trust between the organisation, its partners and customers. However, the fact that outside entities now have access to different departmental sub-sites, and shared files, clearly presents a security and compliance issue. With cutbacks and the drive to keep channel and customer revenue flowing, how can IT possibly hope to keep up with security and compliance?
Fortunately, for organisations turning to collaboration tools such as Microsoft SharePoint, there are many cost-effective security and compliance solutions that respond to the demands of rapid and secure collaboration. However, these products and their marketing messages are hitting the street at such a furious pace that it’s hard to keep up with what’s real and what’s hype.
How to choose a Microsoft SharePoint security solution
Inevitably, at some point in time, a security breach or compliance violation is going to force the purchase of a Microsoft SharePoint security solution. When evaluating solutions that claim to provide secure access to Microsoft SharePoint, keep in mind that they must do or support the following ten things:
- Integrate into multiple directories; Active Directory and Lightweight Directory Access Protocol (LDAP) directories included
- Support multiple attributes per policy for detailed access control
- Support company-wide policies across numerous Microsoft SharePoint application instances
- Align security policy with business intent
- Rapidly provide and enforce entitlement policies across applications and users
- Easily define and enforce policies that control access to specific areas of a Microsoft SharePoint portal
- Support audit and e-discovery mandates to ensure compliance
- Centralise management to reduce administration costs and support shared ownership of policies across networking, security, applications and business teams
- Increase return on investment by using existing investment in IT infrastructure, existing directory stores and the network
- Provide security on time and within budget
Equally important is the evaluation process. Because many of the solutions are as new as Microsoft SharePoint, a comprehensive evaluation period should precede any purchase.
During assessments, remember to put the product under consideration through the rigours of real-world scenarios. Once trials conclude that the solution in question can provide all of the benefits listed above, in actual situations, and that effective customer support is available, then it is time to buy.
Shane Buckley is president and CEO of Rohati Systems Inc.