Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

From the Gartner Information Security Summit on SharePoint Security

by Neil MacDonald  |  July 27, 2009  |  2 Comments

We had a crowd of several hundred people for my presentation on SharePoint security at the recent Gartner Information Security Summit. It’s pretty much as I suspected – just like virtualization projects where security tends to be an afterthought (if considered at all), SharePoint deployments are pretty much following the same course.

When I polled the audience with this question: “Was information security involved in the planning and implementation of SharePoint?”, about 14% said “Yes, from the beginning” and the remaining 86% were evenly split between “Yes, after deployments had started” and “No”.

This is reflected in my conversations with clients that are looking for guidance on where to get started with SharePoint security. I pulled all of this together in this research note on SharePoint security on which the presentation was based. In fact, I couldn’t get all of the material in the research note into the presentation in the hour allotted.

Securing SharePoint is a balance. We don’t want to control too tightly and discourage the grass roots collaboration that is taking place, but we can’t ignore the fact that sensitive data is being shared (in many cases externally) without any security controls. Even if we are called in after deployments have started, at a minimum we need to make sure SharePoint isn’t serving as a conduit for malware and to identify sensitive data being shared so we can understand when and why the users require this and what controls might be necessary.

2 Comments »

Category: SharePoint Security     Tags: , , ,

2 responses so far ↓

  • 1 SharePoint, The DMZ, and Network Security   July 28, 2009 at 11:33 am

    [...] a recent blog posting, my colleague Neil Macdonald writes about his experience at the Gartner Information Security Summit 2009 speaking about SharePoint security. [...]

  • 2 uberVU - social comments   February 4, 2010 at 9:03 am

    Social comments and analytics for this post…

    This post was mentioned on Twitter by securitypro2009: #life From the Gartner Information Security Summit on SharePoint Security http://bit.ly/2c08Ue