I’m sure you’ve experienced the growth of SharePoint in your organizations firsthand (and those are only the deployments you know about!). SharePoint is a flexible product with a pretty powerful security architecture and it got even more powerful with the latest release. But with this flexibility comes complexity. In discussions with clients on securing SharePoint deployments, there are several issues that come up again and again. To be clear, it’s not that SharePoint is insecure, it’s that it frequently is deployed insecurely. My colleague, Adam Hils, and I have just completed an in-depth research note outlining the major issues we have observed in SharePoint deployments and our specific recommendations to address them:
Since Adam covers the network security side of things, we were able to collaborate and provide a comprehensive framework to discuss and address these issues including SharePoint policy and governance, access control, information protection, as well as networking and server protection. In the research, we refer to multiple third party tools that can improve and augment the security of your SharePoint deployments. There are also pointers to additional Gartner research content and advice that will help you securely expand your use of SharePoint.
An entire book could be written about SharePoint Security. Microsoft provides extensive documentation. I found this one to be the best – and it is the size of a small book. Our goal was not to create a SharePoint security tutorial or to rehash the installation documentation. Instead, we wanted to focus on the most pressing issues that we encounter daily in real-world deployments. In other words, what should I be worried about that the installation guide didn’t tell me?