how to secure Microsoft SharePoint
Enterprises are increasingly turning to affordable collaboration tools such as Microsoft SharePoint to meet the needs of rapid and secure collaboration among their employees, partners and customers. Knowledge Center contributor Shane Buckley explains how IT administrators can secure Microsoft SharePoint in their organization to keep up with security and compliance demands.
Microsoft SharePoint. These are two words that conjure up both relief and fear. First, the relief: with over 85 million licenses sold and $1 billion in sales, it's clear that organizations are rapidly embracing Microsoft SharePoint as an affordable technology that can solve the not-so-insignificant challenges of secure collaboration.
Second, the fear: Microsoft SharePoint servers are being deployed so rapidly that IT can't keep up with the security, compliance and risk considerations.
Consider this: A sales department hit with budget cuts and resource reductions turns to the IT department to help it streamline the document-sharing process with partners and customers. IT deploys a sales sub site on a Microsoft SharePoint server that's also home to human resources, marketing and other corporate sub sites. The sales department then creates partner and customer folders on its site.
Business and revenue objectives demand that document sharing begin immediately, so IT grants partners and customers immediate access to the sales site. In fact, access is opened so fast that IT doesn't have time to implement a policy restricting partners from accessing other sub sites and documents hosted on the server. In this case (an all-too-common occurrence today), channel and customer objectives are being met while security and compliance policies are exposed.
There is certainly a level of trust between the organization, its partners and customers. But the fact that outside entities now have access to different department sub sites and file shares clearly presents a security and compliance issue. With cutbacks and the drive to keep channel and customer revenue flowing, how can IT possibly hope to keep up with security and compliance?
Fortunately, for organizations turning to collaboration tools such as Microsoft SharePoint, there are many cost-effective security and compliance solutions that respond to the demands of rapid and secure collaboration. Unfortunately, these products and their marketing messages are hitting the street at such a furious pace that it's hard to keep up with what's real and what's hype.
How to choose a Microsoft SharePoint security solution
Inevitably, at some point in time, a breach or compliance violation is going to force a Microsoft SharePoint security solution purchase. When evaluating solutions that claim to provide secure access to Microsoft SharePoint, keep in mind that they must do or support the following ten things:
1. Integrate into multiple directories (Active Directory and LDAP directories included)
2. Support multiple attributes per policy for fine-grained access control
Microsoft SharePoint: New Use, Security Risks and Best Practices
Data Centric Security for Enterprise WANs
Compliance and Legislative Readiness: The Next Generation Competitive Edge
New Web Threats for 2009
3. Support enterprise-wide policies across numerous Microsoft SharePoint application instances
4. Align security policy with business intent
5. Rapidly provision and enforce entitlement policies across applications and users
6. Easily define and enforce policies that control access to specific areas of a Microsoft SharePoint portal
7. Support audit and e-discovery mandates to ensure compliance
8. Centralize management to reduce administration costs and support shared ownership of policies across networking, security, applications and business teams
9. Increase return on investment benefit by leveraging investment in IT infrastructure, existing directory stores and the network
10. Provide security on time and within budget
Equally important is the evaluation process. Because many of the solutions are as new as Microsoft SharePoint, a comprehensive evaluation period should precede any purchase.
During assessments, remember to put the product under consideration through the rigors of real-world scenarios. Once trials conclude that the solution in question can provide all of the benefits listed above in actual situations, and that effective customer support is available, then it is time to buy.
No responsibility can be taken for the content of external Internet sites.
Return to hosting news headlines
View Hosting News Archive