Peter Coffey of Salesforce put out this tweet recently:

RT @salesforce: .@Benioff via @petercoffee: "#Microsoft SharePoint is like my grandma's attic: what I put in there I can never find."

A great catchy quote that lots of people (including many SharePoint users and admins) can probably relate to, at least a little.

Let's ignore for the moment that Salesforce are competitors trying to influence perceptions of SharePoint (OK, let's call it what it is, they are taking a potshot at SharePoint, and one has to believe that Salesforce information storage products have the same issue). Besides usability/findability, there are some real security and privacy concerns about the information that is stored in SharePoint. Llet's extend the "Grandma's attic" analogy a little to talk about data security risks.  

Think about sensitive or regulated information being stored in SharePoint sites. Recent industry surveys point to an increasing use of SharePoint as a platform to store sensitive, confidential, and regulated information. Other studies, such as the annual one from AIIM, still show gaps around governance of SharePoint site usage, and specifically around data governance. Many organizations still treat SharePoint sites a little like Grandma's attic, putting all sorts of stuff in there without a huge amount of forethought/planning/control. And without thinking through the security implications of this sort of information being in SharePoint without adequate security controls being in place.

Governance can be a much abused term, and a false panacea. The SharePoint governance challenge is not just about having appropriate policies, it is also about deploying the right security controls and auditing actual usage against policy. We at CipherPoint believe that there are two huge gaps here. First, too many organizations are deploying SharePoint without solid governance. Second, even for organizations with governance policies in place, there's far too little audit of actual practice vs. policy. Both of these combine to expose enterprises to significant security and compliance risk for content in SharePoint.

To help organizations get a handle on the SharePoint content challenge, CipherPoint will be releasing a free software utility that will scan your SharePoint sites, and find files that may have sensitive information in them, or data and information that is subject to compliance regulations.

Our belief is that you can't start to address the security requirements for your SharePoint environment without answering this fundamental question: "What sort of sensitive or compliance regulated information are we actually storing in our SharePoint sites?"  We expect to release this software utility in July. If you are interested in receiving a free copy of our content scanning utility, please drop us a note to info@cipherpointsoftware.com, and we'll make sure you receive the software.

In the event that you know you have sensitive or regulated information being stored in SharePoint, and are looking for a content security solution, give us a call, we'd be happy to tell you more about our transparent data encryption solution for SharePoint.


JD