In Depth
Why Security Pros Hate Microsoft SharePoint (and What to Do About It)
Microsoft's SharePoint collaboration platform is all the rage in today's business world, especially since third parties gained the ability to plug security holes. But managing it can still be a nightmare for IT security shops
By Bill Brenner, Senior Editor
The desire of organizations to smooth out such difficulties has translated into robust sales for security vendors like Exostar LLC. Vijay Takanti, the company's senior director, says his customers want a solution to the problem where partners use SharePoint without observing a consistent set of security rules.
"They want to make sure all their partners are using two-factor authentication and they want better labeling for Word documents placed in SharePoint," Takanti says. "What we do to meet the need is to implement SharePoint as a service in the cloud."
Where there's a will (and manpower) there's a way
Despite all the difficulties, companies can overcome SharePoint's eccentricities with the right amount of will and workforce, says George Johnson, chief security officer at the National Center for Crisis and Continuity Coordination (NC4).
"Any application can be secured at instantiation," he says. "The problem is that organizations lack the will, people and process elements for the mission. IT and security should be given the expertise necessary to deploy tools properly at the start."
Once a platform is in place, Johnson says, radically inconsistent missions are put on top of it and people get confused, make mistakes, information is lost or delivered to inappropriate parties, and so on.
"This is not the fault of the tool but rather the governance structure or the lack thereof," he adds. "IT-based collaboration is very tough as it requires governance from far more."
For a SharePoint implementation to be successful, he says, IT, security, sponsor and end-user requirements must be brought into alignment.
"These are often either completely overlooked or abandoned once the product is initially deployed," he says.
Other stories by Bill Brenner
Microsoft
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
