Gartner Blog Network

From the Gartner Information Security Summit on SharePoint Security

by Neil MacDonald  |  July 27, 2009  |  2 Comments

We had a crowd of several hundred people for my presentation on SharePoint security at the recent Gartner Information Security Summit. It’s pretty much as I suspected – just like virtualization projects where security tends to be an afterthought (if considered at all), SharePoint deployments are pretty much following the same course.

When I polled the audience with this question: “Was information security involved in the planning and implementation of SharePoint?”, about 14% said “Yes, from the beginning” and the remaining 86% were evenly split between “Yes, after deployments had started” and “No”.

This is reflected in my conversations with clients that are looking for guidance on where to get started with SharePoint security. I pulled all of this together in this research note on SharePoint security on which the presentation was based. In fact, I couldn’t get all of the material in the research note into the presentation in the hour allotted.

Securing SharePoint is a balance. We don’t want to control too tightly and discourage the grass roots collaboration that is taking place, but we can’t ignore the fact that sensitive data is being shared (in many cases externally) without any security controls. Even if we are called in after deployments have started, at a minimum we need to make sure SharePoint isn’t serving as a conduit for malware and to identify sensitive data being shared so we can understand when and why the users require this and what controls might be necessary.

Category: sharepoint-security  

Tags: best-practices  information-security  sharepoint  sharepoint-security  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Thoughts on From the Gartner Information Security Summit on SharePoint Security

  1. […] a recent blog posting, my colleague Neil Macdonald writes about his experience at the Gartner Information Security Summit 2009 speaking about SharePoint security. […]

  2. Social comments and analytics for this post…

    This post was mentioned on Twitter by securitypro2009: #life From the Gartner Information Security Summit on SharePoint Security

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.