A theme that constantly comes up in customer discussions is a pretty simple use case, with SharePoint being installed as a replacement for file servers and network drives. 

While simple conceptually, implementing SharePoint as a file server replacement can bring new risks to the organization. Questions that are worth considering if you are thinking about using SharePoint as a file server replacement include:

- What compliance regulations affect/impact our organization, and what do those regulations say about necessary protection for sensitive/personal information?

- What sorts of content and data types will we allow to be stored in SharePoint?

- Are we comfortable with end users making security decisions about content and data? 

- Can we rely on training our end users sufficiently as regards data governance and security to make smart decisions about what kind of content can be stored in SharePoint?

- What security controls are appropriate for sensitive information being stored in SharePoint?

- Can we implement transparent (to end users) security controls in SharePoint which remove the security decision-making burden from end users?

In addition, if you’re looking at moving existing content stored on file servers to SharePoint, do yourself a favor and do an assessment of exactly what kinds of information is presently stored (ePHI?, credit card numbers? SSN’s? other confidential information?), clean it up, and create some data governance guidelines for users that clearly tell them what’s allowed, and what isn’t.

If you're already using SharePoint as a file server replacement, doing regular security assessments and data audits to determine what kinds of data are being stored in SharePoint is a good idea. Tools from multiple vendors are available that can crawl your sites looking for sensitive data types.

From a transparent protection standpoint, CipherPoint's transparent encryption products provide a unique ability to lock down SharePoint sites on a per user, library, or list basis, without burdening end users with security decision-making, or requiring end-user actions to protect content.

JD