Most corporations ignore SharePoint security risks

A survey of more than 150 business managers reveals that companies are largely unaware of what is happening within Microsoft SharePoint Environments. They do not know if sensitive data is being shared in these sites, who is using these sites, who has access to them and who needs access. And in many cases, companies do not even have acceptable use policies in place for SharePoint, nor is there anyone in the organization responsible for ensuring SharePoint security and compliance.

Key survey results include:

• The majority of respondents (86.7%) cite SharePoint as a point of concern for data theft.
• More than one-third (33.8%) of respondents do not have a policy defining acceptable usage for SharePoint.
• More than 36% of companies do not currently monitor their SharePoint usage.
• Nearly two-thirds (62.7%) do not currently have tools in place to monitor SharePoint usage, access or policy compliance.

Courion recommends that organizations establish risk-based governance and controls in these environments to ensure long term security and compliance with business policy and industry regulations. System administrators and security personnel need to be able to answer the following questions:

• What SharePoint sites are on our network and who owns them?
• Who has access to these sites and what Permissions do they have?
• Are sites with sensitive data being managed using best practices consistent with the organization’s security policies?
• How can I fix sites that are exposing the organization to security problems?