Survey: Security Void Exists Around Microsoft SharePoint Infrastructure Of Some Companies

There appears to be a void in security around companies' Microsoft SharePoint infrastructure even though SharePoint usage is on the rise. This puts SharePoint servers and employee PCs at risk for data-stealing malware; outside customers, clients, partners, and remote employees who share the same collaboration platform also become vulnerable to the growing complexity of Web threats that can spread silently, but destructively.

A survey conducted by Osterman Research and commissioned by Trend Micro of 269 IT managers involved in overseeing the messaging and collaboration infrastructure of their organizations found that only 60 percent have currently deployed security, leaving 40 percent unprotected. Of those with security, many organizations are still vulnerable -- they are relying upon file server antivirus products, which fail to adequately protect SharePoint content and users.

The survey, which involved companies from North America, France, Germany, Sweden and the UK, also found that many of these organizations allow external users to access their SharePoint systems: 48 percent of these outside users are contractors, 38 percent are business partners, 30 percent are affiliates, and 20 percent are customers. This leaves endpoint security outside a company's control and increases the potential impact of data loss and compromise.

The survey showed that approximately seventy-two percent of SharePoint users surveyed cite protecting business-sensitive information as the biggest need for SharePoint security, and 43 percent cite preventing malware as their top concern.

Web threats have increased by nearly 2000 percent since 2005 and collaboration systems like SharePoint that enable real-time interaction and information sharing are more vulnerable than ever to cybercriminals who target business-critical information. The sophistication of these threats, many of which are executed through social engineering tactics, demand security that keeps SharePoint repositories free of viruses, worms, Trojans and spyware, as well as protect against data loss.

"For many organizations, [we] found that SharePoint security is considered a "nice to have", but that security capabilities deployed at the gateway, server and endpoint level are perceived to be sufficient to protect SharePoint servers from malware and related threats," said Michael Osterman, founder and president of Osterman Research. "However, deploying anti-malware software at the endpoint or on a server does not fully secure the SharePoint environment (the underlying database, Web pages, etc.) Organizations should understand that deploying SharePoint at all layers of the network and on all systems is key to providing complete protection from all threats."

Other notable findings from the survey:

  • Deployment of SharePoint security is more prevalent in Europe. Among North American respondents, 58 percent of respondent organizations have deployed security on their SharePoint servers and another 27 percent plan to do so in the next 12 months. Among European respondents, 62 percent have done so and 24 percent plan to deploy security in the next 12 months. Globally, there are a variety of reasons cited by organizations for using SharePoint, including improvement of remote or regional communication (74 percent), improvement in the speed of decision making (56 percent), reducing in-person meetings and travel expenses (55 percent) and improving communication with external partners or vendors (34 percent).
  • Where they are deployed, the focus of SharePoint security concerns appears to be much more on protecting sensitive information than on traditional malware and similar threats. There was somewhat more concern about security for SharePoint from an information-protection perspective in Europe which may be related to the stricter information privacy regulations in Europe.
  • Organizations who use SharePoint often allow access to their SharePoint systems to outside partners and vendors, making it difficult for organizations to control security. Among such organizations, 31 percent allow access to affiliates, 38 percent allow business partners, 48 percent allow contractors or consultants and 19 percent allow customers.

Featured

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.