The yin and yang of SharePoint

By David Rubinstein

February 15, 2012 — In a chat this week with Eric Darbe of HiSoftware, he described what he called “the yin and yang” of SharePoint: Organizations want to see wide internal adoption, but there’s a hesitation to give this kind of wide access because of security concerns.

“Security can seem contrary to collaboration,” he said. “It’s the confidence gap that we as a community need to address.”

SharePoint, he said, gets a bit of a bad rap when it comes to security. “We were at a security conference, and someone came up to me and said, ‘SharePoint? That’s the bane of the privacy officer’s existence.’ That’s reality turned on its head, and we need to work to change this perception, by adding technology and telling the story.”

Darbe cited a recent AIIM study called “Using SharePoint for ECM: How Well is it Meeting Expectations?” in which 80% of the respondents said they aren’t comfortable putting sensitive information into SharePoint. “Maybe it’s more of an approach,” he said. “There’s not the level of nuance from a permissions standpoint you’d like to have.”

Darbe went on to say that SharePoint follows the Windows Security Model, which enables you to secure what he described as “buckets,” but that can result in securing too much information and hampering cross-departmental collaboration. “Securing by library or site butts up against the ‘Enterprise 2.0’ vision of SharePoint in terms of collaboration,” he said.

What’s missing, Darbe said, are file-level security and content awareness, which allow organizations to have a deep understanding of what’s in the individual items in SharePoint. The key, though, is to get people to classify their information “absolutely correctly,” he said. And, unless classification is part of your culture, it will break down due to human factors such as rushing to get done, or not truly seeing the importance of exact classification.

And the big point relevant to security, Darbe added, is that you have to have governance. “Organizations need to create a governance board and talk about governance, even beyond the SharePoint team,” he said. “Where’s the risk, and how do we manage it as a group? Otherwise, you’re just creating another silo. They have to move beyond SharePoint governance to information governance.”

Here’s an excellent blog post on the topic of SharePoint security, from a number of different roles.

Related Search Term(s): security

Share this link: https://sptechweb.com/link/36360

Metadata Security for SharePoint Adds Security Permissions Titus Metadata Security for SharePoint allows permissions to be assigned based on the recipient's Active Directory properties

New Database Reporting Console Tracks Compliance Application Security's Analytics 1.0 is used in conjunction with the company's DbProtect database security suite. It is based on Cognos' business intelligence suite and contains dashboards that cover compliance and security key performance indicators.

The Data Center: Security, Compliance Issues Holding Back the Clouds Cloud computing is still gaining steam as a concept and practice in the industry. Acceptance of it is being hindered by flaws in its application and by lingering doubts to its effectiveness, things that can or will soon be addressed.

Add comment

Name*
Email*
Country

Compose

The yin and yang of SharePoint

By David Rubinstein

Related Articles

Add comment