I’m sure you’ve experienced the growth of SharePoint in your organizations firsthand (and those are only the deployments you know about!). SharePoint is a flexible product with a pretty powerful security architecture and it got even more powerful with the latest release. But with this flexibility comes complexity. In discussions with clients on securing SharePoint deployments, there are several issues that come up again and again. To be clear, it’s not that SharePoint is insecure, it’s that it frequently is deployed insecurely. My colleague, Adam Hils, and I have just completed an in-depth research note outlining the major issues we have observed in SharePoint deployments and our specific recommendations to address them:
Since Adam covers the network security side of things, we were able to collaborate and provide a comprehensive framework to discuss and address these issues including SharePoint policy and governance, access control, information protection, as well as networking and server protection. In the research, we refer to multiple third party tools that can improve and augment the security of your SharePoint deployments. There are also pointers to additional Gartner research content and advice that will help you securely expand your use of SharePoint.
An entire book could be written about SharePoint Security. Microsoft provides extensive documentation. I found this one to be the best – and it is the size of a small book. Our goal was not to create a SharePoint security tutorial or to rehash the installation documentation. Instead, we wanted to focus on the most pressing issues that we encounter daily in real-world deployments. In other words, what should I be worried about that the installation guide didn’t tell me?
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.