Survey: Security Void Exists Around Microsoft SharePoint Infrastructure Of Some Companies

There appears to be a void in security around companies' Microsoft SharePoint infrastructure even though SharePoint usage is on the rise. This puts SharePoint servers and employee PCs at risk for data-stealing malware; outside customers, clients, partners, and remote employees who share the same collaboration platform also become vulnerable to the growing complexity of Web threats that can spread silently, but destructively.

A survey conducted by Osterman Research and commissioned by Trend Micro of 269 IT managers involved in overseeing the messaging and collaboration infrastructure of their organizations found that only 60 percent have currently deployed security, leaving 40 percent unprotected. Of those with security, many organizations are still vulnerable -- they are relying upon file server antivirus products, which fail to adequately protect SharePoint content and users.

The survey, which involved companies from North America, France, Germany, Sweden and the UK, also found that many of these organizations allow external users to access their SharePoint systems: 48 percent of these outside users are contractors, 38 percent are business partners, 30 percent are affiliates, and 20 percent are customers. This leaves endpoint security outside a company's control and increases the potential impact of data loss and compromise.

The survey showed that approximately seventy-two percent of SharePoint users surveyed cite protecting business-sensitive information as the biggest need for SharePoint security, and 43 percent cite preventing malware as their top concern.

Web threats have increased by nearly 2000 percent since 2005 and collaboration systems like SharePoint that enable real-time interaction and information sharing are more vulnerable than ever to cybercriminals who target business-critical information. The sophistication of these threats, many of which are executed through social engineering tactics, demand security that keeps SharePoint repositories free of viruses, worms, Trojans and spyware, as well as protect against data loss.

"For many organizations, [we] found that SharePoint security is considered a "nice to have", but that security capabilities deployed at the gateway, server and endpoint level are perceived to be sufficient to protect SharePoint servers from malware and related threats," said Michael Osterman, founder and president of Osterman Research. "However, deploying anti-malware software at the endpoint or on a server does not fully secure the SharePoint environment (the underlying database, Web pages, etc.) Organizations should understand that deploying SharePoint at all layers of the network and on all systems is key to providing complete protection from all threats."

Other notable findings from the survey:

  • Deployment of SharePoint security is more prevalent in Europe. Among North American respondents, 58 percent of respondent organizations have deployed security on their SharePoint servers and another 27 percent plan to do so in the next 12 months. Among European respondents, 62 percent have done so and 24 percent plan to deploy security in the next 12 months. Globally, there are a variety of reasons cited by organizations for using SharePoint, including improvement of remote or regional communication (74 percent), improvement in the speed of decision making (56 percent), reducing in-person meetings and travel expenses (55 percent) and improving communication with external partners or vendors (34 percent).
  • Where they are deployed, the focus of SharePoint security concerns appears to be much more on protecting sensitive information than on traditional malware and similar threats. There was somewhat more concern about security for SharePoint from an information-protection perspective in Europe which may be related to the stricter information privacy regulations in Europe.
  • Organizations who use SharePoint often allow access to their SharePoint systems to outside partners and vendors, making it difficult for organizations to control security. Among such organizations, 31 percent allow access to affiliates, 38 percent allow business partners, 48 percent allow contractors or consultants and 19 percent allow customers.

Featured

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.