Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

The Phantom Security Menace: Rogue SharePoint Sites

by Neil MacDonald  |  March 24, 2009  |  10 Comments

You can’t secure what you don’t know about and can’t see. We estimate that 30% of SharePoint servers are deployed outside the management of the IT department.

It’s not SharePoint’s fault. It is a popular software solution precisely because it enables users to share information in the way that works best for them. In many cases, business units will take it upon themselves to setup their own SharePoint sites. Servers are proliferating rapidly. This is not necessarily bad – it’s clear by the rapid uptake in SharePoint deployments that it has addressed an unmet need. However, the issue is that the ad hoc configurations may not conform to enterprise security policy for configuration, authentication, authorization and so on that I detailed in a research note titled “Security Considerations and Best Practices for Securing SharePoint”.

Have these sites followed your SharePoint security guidelines? Is the information being shared being appropriately protected? Is inappropriate information being shared?

The good news is that there are a couple of free tools to help you scan your networks to identify unknown and potentially unmanaged SharePoint installations:

Microsoft provides a free tool to do this and Quest Software also offers a free tool for this purpose.

It’s time to turn on the flashlight in the closet. Maybe it’s scary. Maybe it’s not. But at least now you’ll know.

10 Comments »

Category: SharePoint Security     Tags: , ,

10 responses so far ↓

  • 1 Michael Markulec   March 24, 2009 at 4:00 pm

    You’re absolutely right about instances of SharePoint going unmanaged, but the problem is much bigger than SharePoint. I’ve seen scans of big corporate networks where up to 20% of the entire network was unmanaged. Assets get overlooked during the M&A process, business managers set up their own servers without talking to IT – the bottom line is that there’s a lot of people out there who don’t know what’s on their network, period. SharePoint is a problem, but it’s just the tip of the iceberg.

  • 2 Tales from the Perimeter » Blog Archive » Network Discovery and the Problem of Unmanaged IT Assests   March 24, 2009 at 4:01 pm

    [...] MacDonald had an interesting post over at Gartner’s blog about unmanaged SharePoint servers. He estimates in a recent research note [...]

  • 3 Kurt Johnson, VP Corporate Development, Courion   March 25, 2009 at 2:16 pm

    Very interesting finding. We’re certainly seeing the same issue of rogue sites across our customer base where the flexibility of distributed administration inherent in SharePoint is keeping security people up at night. They’re clearly concerned by the number of sites going up outside of their purview, as well as the information posted on those sites and a lack of understanding on which users have access to it. I spoke about this in my recent blog “Microsoft SharePoint: Governance Schmuvernance” (http://blog.courion.com/access_assurance_blog/bid/16227/Microsoft-SharePoint-Governance-Schmuvernance). Even on sites that the organization does know about, there is not a clear understanding of who has access and to what. I was in LA earlier this week speaking at the ISACA LA Spring Conference. I asked the roomful of auditors attending my session how many were using SharePoint, about 75% of the hands went up. When I asked how many included it as part of their audits, only 3 hands stayed up. Many I spoke to said this was on their radar as an area to address soon, so organizations better get ready.

  • 4 Neil MacDonald   March 29, 2009 at 3:07 pm

    Michael, you are right. SharePoint is *not* the only unmanaged asset connected to our networks… and the problem is getting worse, not better, with various forms of contractor and employee-owned IT also connecting.

    The reason I called out SharePoint is because the problem goes beyond just another unmanaged system on our network. It’s the information they hold, its sensitivity and who has access that worries me. Many times I see SharePoint sites set up by business units and individuals where data that is extracted or cut-and-pasted out of production systems (e.g. ERP) is shared and used in informal ad-hoc processes — without the associated access controls that protected the information on the formally supported systems.

  • 5 Javier Jarava   April 19, 2009 at 5:45 am

    Just a quick FYI that might be interesting: it seems that MS has discontinued their “SharePoint Asset Inventory Tool”, according to this post on one of their tech. blogs (February 16th, 2009):

    http://blogs.msdn.com/saikodi/archive/2009/02/16/SAIT-Discontinued.aspx

    Also, the download links in the technet page are no longer working.

  • 6 Neil MacDonald   April 22, 2009 at 6:24 pm

    Javier,

    Yup. You are correct. The tool has been removed. Darn! Free is always a good thing. Quest still offers their tool though. I’ve told the SharePoint team that this issue is real, so we can hope that this capability will make it into future releases of SharePoint, System Center, or both. Thanks for pointing this out.

  • 7 Firewall 2.0 » Seven Things You May Not Know About Microsoft SharePoint   July 1, 2009 at 12:37 pm

    [...] 2) SharePoint is growing at 48% year over year while the others creep along at 10%. 3) According to Neil McDonald of Gartner, it is estimated that 30% of the SharePoint deployments are rogue! 4) SharePoint uses IIS and MS-SQL as part of a 3 tiered architecture – which of course introduces [...]

  • 8 ÁghyBlog » links for 2009-03-30   January 14, 2010 at 7:18 pm

    [...] The Phantom Security Menace: Rogue SharePoint Sites You can’t secure what you don’t know about and can’t see. We estimate that 30% of SharePoint servers are deployed outside the management of the IT department. (tags: sharepoint2007 administration Gartner) [...]

  • 9 Palo Alto Networks Research Center » Seven Things You May Not Know About Microsoft SharePoint   February 10, 2010 at 4:17 pm

    [...] 2) SharePoint is growing at 48% year over year while the others creep along at 10%. 3) According to Neil McDonald of Gartner, it is estimated that 30% of the SharePoint deployments are rogue! 4) SharePoint uses IIS and MS-SQL as part of a 3 tiered architecture – which of course [...]

  • 10 Gartner Warns of Rogue SharePoint Sites | Business Computing World   April 7, 2010 at 10:20 am

    [...] BlogI was just reading Gartner analyst Neil MacDonald’s most recent blog posting about Rogue SharePoint Sites and was interested to see that Gartner estimates that about 30% of SharePoint servers are operating [...]