Breaches of information security resulting in the disclosure of personal and confidential information have become commonplace. As a result, lawmakers and regulators worldwide have created regulations requiring that organizations adequately protect sensitive and private information. The table below lists some of the prominent regulations impacting IT security:

Penalties for non-compliance can vary dramatically, but generally have been made more punitive and onerous over time. Additionally, public disclosure of breaches has resulted in more and larger class action lawsuits.  Even HIPAA, which has long had lax enforcement and little consequence for non-compliance, is now being aggressively enforced, with audits of healthcare firms, a requirement to disclose breaches, and fines that can (and have) been in the millions of dollars. The recent HITECH Act extended HIPAA to specifically cover Business Associates, meaning essentially all service providers to healthcare providers and payers who handle or have access to protected healthcare information

For companies in these and other industries, SharePoint and similar collaboration and content management platforms represent a new potential threat to compliance despite the business efficiencies SharePoint provides. SharePoint makes storing and sharing content extremely easy. The challenge is how best to protect private and confidential content while taking full advantage of SharePoint.

The July, 2010 AIIM industry report on SharePoint adoption found many areas of concern with respect to data governance and security for SharePoint. Granularity of security was cited as an issue by 28% of respondents, 1/3 of respondents reported no plans as to where and where not to use SharePoint, and only 22% of respondents provided any guidance on corporate classification of data. Despite shortcomings, the growth in SharePoint deployments is nothing short of amazing, with 44% having deployed SharePoint to 10+ sites, and 12% hosting more than 1,000 sites in their organization.

From a compliance perspective, the dramatic growth in SharePoint sites and the ease with which sensitive content can be stored in SharePoint sites creates a significant new compliance risk.

Sensitive, regulated content can be easily stored in SharePoint as Excel files, e-mail attachments, and Word documents, creating security and compliance risk for content that has been stored casually in SharePoint. Given the lack of governance that typically exists around content being stored in SharePoint, this is a real and present risk for many organizations. Another recent industry study found that 86% of SharePoint administrators are concerned that sensitive content may be stored in SharePoint sites, and 22% have already found sensitive content on SharePoint sites that shouldn’t be there without proper security controls.

Compliance risk for content stored in SharePoint which is subsequently lost, stolen, or otherwise disclosed can translate into significant fines from regulators, brand damage, and loss of customer trust. A report from the Ponemon Institute determined that the average cost to corporations experiencing security breaches and data loss was $6.6M per incident.

CipherPoint Solution for Improved Compliance

The CipherPoint solution encryption and controls access to sensitive content stored in SharePoint sites, and ensures that only authorized users are allowed access to this information. CipherPointSP and SP Enterprise insert into the SharePoint topology to optimally provide the broadest threat protection against security breaches that can cause compliance violations. CipherPoint provides protection against these threats:

•  Server theft or loss

• Media theft or loss, including backup media

• Misuse and content theft by insiders, including SQL/storage administrators, and all levels of SharePoint administrators

CipherPoint's comprehensive solution for compliance includes simple, cost-effective content encryption with CipherPointSP, and can be extended to address the sophisticated security and key management needs of large organizations using our CipherPointSP Enterprise software and CipherPointKM, our central security console and key management platform.

Benefits

The CipherPoint solution provides significant benefits to organizations subject to compliance regulations:

• Avoid significant fines associated with non-compliance, and data breaches

• Avoid disclosing breaches for data which is lost (and which is encrypted)

• Secure sensitive information of all kinds, including IP, financial information, business plans, and regulated content

• Broaden the usage of SharePoint to include even the most sensitive content while being assured this sensitive content is strongly protected

To download a copy of our Compliance solutions brief, click here, or visit our Resources and Downloads web pages. For payer or provider organizations in the healthcare industry, or for service providers to the healthcare industry, CipherPoint has created a specific white paper on what it means to comply with HIPAA and HITECH. This white paper is available here.