So back in 2012 a post was written that talked about the 10 things that you, me and other organizations are doing or not doing with regards to SharePoint Security. Now since then a lot has happened, cloud has taken off, On-Premises is now less appealing and of course we have had many data and security breaches that have hopefully meant we are doing better than ever at protecting our content.

http://www.darkreading.com/risk-management/10-sharepoint-security-mistakes-you-probably-make/d/d-id/1102545?page_number=1
http://www.darkreading.com/risk-management/10-sharepoint-security-mistakes-you-probably-make/d/d-id/1102545?page_number=2

So let’s look at the initial top 10 things that made the list:

  1. Poor Security Training
  2. Collaboration Barriers
  3. Unclear security oversight
  4. Overly Broad access rights
  5. Not watching watchers
  6. Failure to encrypt
  7. Sloppy search indexing
  8. Poor Internet Information Services (IIS) maintenance
  9. Poor endpoint security
  10. Failure to scan for viruses

All in all, a pretty good list. So the follow up question would be:

Have we moved beyond this now?

Have we been able to resolve these issues and implement better solution since this list was published?

What do you think?

Ahh……., the magic questions. Did we do any better? 5In reality I would like to say yes we did but actually we didn’t really. We may have the secure cloud, but now we have just moved what would be Infrastructure Security issues to now be End User Access Security issues. In the original post it states the following “…if your business uses SharePoint to store sensitive information, ignore taking the time to secure and monitor access to that data at your peril. That is a pretty good message, too often we spend time worried about making sure the servers and systems are secure, when in reality the front door to the applications is wide open. Over a year ago I wrote a guest blog post for the guys over at Sharegate on SharePoint Security.

http://en.share-gate.com/blog/10-ways-make-sharepoint-secure

Then while presenting at SharePoint Fest Seattle earlier this year, I presented the idea of pillars of security that can help us avoid the 10 items listed.

If you want to read a blog post, I wrote you can head over to the following URL:

https://ecm.protiviti.com/blog/Lists/Posts/Post.aspx?ID=261

So in reality if we have to keep writing about, presenting and talking about Security in SharePoint then we haven’t really moved any further forward. So what do we do? We move forward and start to do the things that we know we should do, the items listed in the 3 pillars of Security, which when you read, make complete sense and then you wonder why you haven’t done them yet J