Survey: Security Void Exists Around Microsoft SharePoint Infrastructure Of Some Companies

  • Jan 27, 2009

There appears to be a void in security around companies' Microsoft SharePoint infrastructure even though SharePoint usage is on the rise. This puts SharePoint servers and employee PCs at risk for data-stealing malware; outside customers, clients, partners, and remote employees who share the same collaboration platform also become vulnerable to the growing complexity of Web threats that can spread silently, but destructively.

A survey conducted by Osterman Research and commissioned by Trend Micro of 269 IT managers involved in overseeing the messaging and collaboration infrastructure of their organizations found that only 60 percent have currently deployed security, leaving 40 percent unprotected. Of those with security, many organizations are still vulnerable -- they are relying upon file server antivirus products, which fail to adequately protect SharePoint content and users.

The survey, which involved companies from North America, France, Germany, Sweden and the UK, also found that many of these organizations allow external users to access their SharePoint systems: 48 percent of these outside users are contractors, 38 percent are business partners, 30 percent are affiliates, and 20 percent are customers. This leaves endpoint security outside a company's control and increases the potential impact of data loss and compromise.

The survey showed that approximately seventy-two percent of SharePoint users surveyed cite protecting business-sensitive information as the biggest need for SharePoint security, and 43 percent cite preventing malware as their top concern.

Web threats have increased by nearly 2000 percent since 2005 and collaboration systems like SharePoint that enable real-time interaction and information sharing are more vulnerable than ever to cybercriminals who target business-critical information. The sophistication of these threats, many of which are executed through social engineering tactics, demand security that keeps SharePoint repositories free of viruses, worms, Trojans and spyware, as well as protect against data loss.

"For many organizations, [we] found that SharePoint security is considered a "nice to have", but that security capabilities deployed at the gateway, server and endpoint level are perceived to be sufficient to protect SharePoint servers from malware and related threats," said Michael Osterman, founder and president of Osterman Research. "However, deploying anti-malware software at the endpoint or on a server does not fully secure the SharePoint environment (the underlying database, Web pages, etc.) Organizations should understand that deploying SharePoint at all layers of the network and on all systems is key to providing complete protection from all threats."

Other notable findings from the survey:

  • Deployment of SharePoint security is more prevalent in Europe. Among North American respondents, 58 percent of respondent organizations have deployed security on their SharePoint servers and another 27 percent plan to do so in the next 12 months. Among European respondents, 62 percent have done so and 24 percent plan to deploy security in the next 12 months. Globally, there are a variety of reasons cited by organizations for using SharePoint, including improvement of remote or regional communication (74 percent), improvement in the speed of decision making (56 percent), reducing in-person meetings and travel expenses (55 percent) and improving communication with external partners or vendors (34 percent).
  • Where they are deployed, the focus of SharePoint security concerns appears to be much more on protecting sensitive information than on traditional malware and similar threats. There was somewhat more concern about security for SharePoint from an information-protection perspective in Europe which may be related to the stricter information privacy regulations in Europe.
  • Organizations who use SharePoint often allow access to their SharePoint systems to outside partners and vendors, making it difficult for organizations to control security. Among such organizations, 31 percent allow access to affiliates, 38 percent allow business partners, 48 percent allow contractors or consultants and 19 percent allow customers.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Protecting Data is Critical

    To say that the Internet of Things (IoT) has become a part of everyday life would be a dramatic understatement. At this point, you would be hard-pressed to find an electronic device that is not connected to the internet. Read Now

  • Mobile Access Adoption

    Smartphones and other mobile devices have had a profound impact on how the world securely accesses the workplace and its services. The growing adoption of mobile wallets and the new generation of users is compounding this effect. Read Now

  • Changing Mindsets

    We have come a long way from the early days of fuzzy analog CCTV systems. During that time, we have had to migrate from analog to digital signals. When IP-based network cameras arrived, they opened a new world of quality and connectivity but also introduced plenty of challenges. Thankfully, network devices today have become smart enough to discover themselves and even self-configure to some degree. While some IT expertise is certainly required, things are much smoother these days. The biggest change is in how fast security cameras and supporting infrastructure are evolving. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3