You can’t secure what you don’t know about and can’t see. We estimate that 30% of SharePoint servers are deployed outside the management of the IT department.
It’s not SharePoint’s fault. It is a popular software solution precisely because it enables users to share information in the way that works best for them. In many cases, business units will take it upon themselves to setup their own SharePoint sites. Servers are proliferating rapidly. This is not necessarily bad – it’s clear by the rapid uptake in SharePoint deployments that it has addressed an unmet need. However, the issue is that the ad hoc configurations may not conform to enterprise security policy for configuration, authentication, authorization and so on that I detailed in a research note titled “Security Considerations and Best Practices for Securing SharePoint”.
Have these sites followed your SharePoint security guidelines? Is the information being shared being appropriately protected? Is inappropriate information being shared?
The good news is that there are a couple of free tools to help you scan your networks to identify unknown and potentially unmanaged SharePoint installations:
It’s time to turn on the flashlight in the closet. Maybe it’s scary. Maybe it’s not. But at least now you’ll know.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.