SharePoint Security Wake Up Call: Time for an Audit

Please first read this article on the recent NSA leaks then read on.  “NSA Chief leaks data on sharing tech, it’s SharePoint

With the recent news of SharePoint involvement in the NSA and Snowden investigation, I hope everyone involved in SharePoint is tuning in… Consultants, vendors, SharePoint Admins, Engineers, Devs, and especially Business Folks are tuning in.  The investments in SharePoint Security are no joke!  It takes a concerted effort on all sides to take this seriously.  Don’t blame SharePoint, the problem is… Everyone blames SharePoint, but the responsibility is shared! With No Governance, there’s serious concerns for security leaks!!!

While I plan to give you some tips on best practices around managing security.  This is a heads up.  Review your SharePoint governance plans and dig into these questions.  Good time for an Audit…

1. Who owns SharePoint security?  If it’s shared make it clear who has what responsibilities.

2. Who is responsible for managing permissions? Who cleans it up when someone moves roles or teams? If you rely on site admins, do they have the reports they need to know who has rights recursively?  Granular permissions can be a beast to manage.

3. What is your Data Retention Policy?  Site or Data lifecycle policies?

4. Are databases encrypted? Should they be?

5. Do your admins have rights to the data via Policy?  Should they? What are you using to Audit your permissions on a recurring basis?

7. Do you treat all SharePoint data equally?  Should you? What do your policies as it relates to enterprise public data vs. highly confidential data?

8. What are you using for site clean up?

9. Just because it’s over SSL doesn’t mean it’s secure. What does your auth stream look like from end to end?  How are accounts being managed and cleaned up?

10. Is SharePoint out of the box security and auditing good enough?  Should you consider building extra governance around your sites and data for policies or a third party tool?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s