Survey: Security Void Exists Around Microsoft SharePoint Infrastructure Of Some Companies -- Security Today

Survey: Security Void Exists Around Microsoft SharePoint Infrastructure Of Some Companies

Jan 27, 2009

There appears to be a void in security around companies' Microsoft SharePoint infrastructure even though SharePoint usage is on the rise. This puts SharePoint servers and employee PCs at risk for data-stealing malware; outside customers, clients, partners, and remote employees who share the same collaboration platform also become vulnerable to the growing complexity of Web threats that can spread silently, but destructively.

A survey conducted by Osterman Research and commissioned by Trend Micro of 269 IT managers involved in overseeing the messaging and collaboration infrastructure of their organizations found that only 60 percent have currently deployed security, leaving 40 percent unprotected. Of those with security, many organizations are still vulnerable -- they are relying upon file server antivirus products, which fail to adequately protect SharePoint content and users.

The survey, which involved companies from North America, France, Germany, Sweden and the UK, also found that many of these organizations allow external users to access their SharePoint systems: 48 percent of these outside users are contractors, 38 percent are business partners, 30 percent are affiliates, and 20 percent are customers. This leaves endpoint security outside a company's control and increases the potential impact of data loss and compromise.

The survey showed that approximately seventy-two percent of SharePoint users surveyed cite protecting business-sensitive information as the biggest need for SharePoint security, and 43 percent cite preventing malware as their top concern.

Web threats have increased by nearly 2000 percent since 2005 and collaboration systems like SharePoint that enable real-time interaction and information sharing are more vulnerable than ever to cybercriminals who target business-critical information. The sophistication of these threats, many of which are executed through social engineering tactics, demand security that keeps SharePoint repositories free of viruses, worms, Trojans and spyware, as well as protect against data loss.

"For many organizations, [we] found that SharePoint security is considered a "nice to have", but that security capabilities deployed at the gateway, server and endpoint level are perceived to be sufficient to protect SharePoint servers from malware and related threats," said Michael Osterman, founder and president of Osterman Research. "However, deploying anti-malware software at the endpoint or on a server does not fully secure the SharePoint environment (the underlying database, Web pages, etc.) Organizations should understand that deploying SharePoint at all layers of the network and on all systems is key to providing complete protection from all threats."

Other notable findings from the survey:

Deployment of SharePoint security is more prevalent in Europe. Among North American respondents, 58 percent of respondent organizations have deployed security on their SharePoint servers and another 27 percent plan to do so in the next 12 months. Among European respondents, 62 percent have done so and 24 percent plan to deploy security in the next 12 months. Globally, there are a variety of reasons cited by organizations for using SharePoint, including improvement of remote or regional communication (74 percent), improvement in the speed of decision making (56 percent), reducing in-person meetings and travel expenses (55 percent) and improving communication with external partners or vendors (34 percent).
Where they are deployed, the focus of SharePoint security concerns appears to be much more on protecting sensitive information than on traditional malware and similar threats. There was somewhat more concern about security for SharePoint from an information-protection perspective in Europe which may be related to the stricter information privacy regulations in Europe.
Organizations who use SharePoint often allow access to their SharePoint systems to outside partners and vendors, making it difficult for organizations to control security. Among such organizations, 31 percent allow access to affiliates, 38 percent allow business partners, 48 percent allow contractors or consultants and 19 percent allow customers.

Featured

TSA Awards Rohde & Schwarz Contract for Advanced Airport Screening Ahead of Soccer World Cup 2026

Rohde & Schwarz, a provider of AI-based millimeter wave screening technology, announced today it has won a multi-million dollar award from TSA to supply its QPS201 AIT security scanners to passenger security screening checkpoints at selected Soccer World Cup 2026 host city airports. Read Now
- Airport Security
Brivo, Eagle Eye Networks Merge

Dean Drako, Chairman of Brivo, the leading global provider of cloud-native access control and smart space technologies, and Founder of Eagle Eye Networks, the global leader in cloud AI video surveillance, today announced the two companies will merge, creating the world’s largest AI cloud-native physical security company. The merged company will operate under the Brivo name and deliver a truly unified cloud-native security platform. Read Now
- Artificial Intelligence
Security Industry Association Announces the 2026 Security Megatrends

The Security Industry Association (SIA) has identified and forecasted the 2026 Security Megatrends, which form the basis of SIA’s signature annual Security Megatrends report defining the top 10 factors influencing both near- and long-term change in the global security industry. Read Now
- Artificial Intelligence
The Future of Access Control: Cloud-Based Solutions for Safer Workplaces

Access controls have revolutionized the way we protect our people, assets and operations. Gone are the days of cumbersome keychains and the security liabilities they introduced, but it’s a mistake to think that their evolution has reached its peak. Read Now
- Access Control
A Look at AI

Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now
- Artificial Intelligence

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Camden CV-7600 High Security Card Readers

Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.
EasyGate SPT SPD

Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.
A8V MIND

Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.