You can’t secure what you don’t know about and can’t see. We estimate that 30% of SharePoint servers are deployed outside the management of the IT department.
It’s not SharePoint’s fault. It is a popular software solution precisely because it enables users to share information in the way that works best for them. In many cases, business units will take it upon themselves to setup their own SharePoint sites. Servers are proliferating rapidly. This is not necessarily bad – it’s clear by the rapid uptake in SharePoint deployments that it has addressed an unmet need. However, the issue is that the ad hoc configurations may not conform to enterprise security policy for configuration, authentication, authorization and so on that I detailed in a research note titled “Security Considerations and Best Practices for Securing SharePoint”.
Have these sites followed your SharePoint security guidelines? Is the information being shared being appropriately protected? Is inappropriate information being shared?
The good news is that there are a couple of free tools to help you scan your networks to identify unknown and potentially unmanaged SharePoint installations:
It’s time to turn on the flashlight in the closet. Maybe it’s scary. Maybe it’s not. But at least now you’ll know.