As versions have changed and with the release of cloud services, the same need is there. The organization has an inherent need at some point to modify the out of the box capabilities for their needs. When an organization reaches the need for modifications, the question of how to make them or how to extend an existing feature becomes a priority. Too often we all associate these changes with developers, simply because for the most part it has required code changes to be made. As part of this, I have noticed that there seem to be three different types of modifications that are needed. The first is extending or adding functionality to existing features or components. Second, branding of the sites and then lastly building what we term applications that use SharePoint as a presentation layer and core components to render data.
What does the word “Application” mean?
Now don’t get me wrong, I do like the word “Customization,” as I think it explains quite well what it is. However, I would argue the case that a “Customization” is, in fact, an “Application.” Now don’t argue with me yet, let’s look at the definition of the word “Application.”
“A program or piece of software designed to fulfill a particular purpose.” – https://en.oxforddictionaries.com/definition/application
as well as custom branding can be defined as an “Application.”
We need to shift our understanding of this and start to realize that Data Protection, Security and Access Control should become part of these enhancements.
We don’t have any customizations or applications in SharePoint
So, if end users are making these changes, then IT and Security teams within an organization need to be aware of them, analyze and monitor them. Within SharePoint Online there is currently no mechanism for this. PowerShell can be run to iterate all sites and find specific web parts on a page for example, but that would require PowerShell knowledge as well as the manual execution of any scripts for this. You could also manually review each page or utilize 3rd party components to execute frequent audits for applications.
In its most basic form, either manual, automatic, tools or management scripts should be used to control access, data as well as monitor these applications, and provide controlled testing and deployment. No longer can you as an organization expect that these applications or users are managing the security correctly, or even controlling the flow of data or content.
An even better approach is to utilize tooling that can perform the discovery, analysis, provide review and then monitor the applications easily. Tooling will allow an organization to spend time doing what it does best, without having to worry about the applications within the SharePoint Online sites. By using some automatic tool, IT, Security and end users have the assurance that applications are validated, constantly checked and protected from any potential risks.
Now is the time for organizations to provide mechanisms either through IT support, Security Teams or 3rd Party tools that will help control applications that inevitably exist out of necessity.