At study that was conducted amongst last month's Microsoft's SharePoint Conference attendees in Las Vegas, found that at least 36 percent of SharePoint users are breaching security policies and gaining information to sensitive, confidential information that they are not entitled to access.
The study also found that 19 percent of respondents whose organization to store confidential information on SharePoint environments, discovered that nearly a quarter of them stated that they knew of individuals who accessed content that they weren't entitled to. In other words, SharePoint users were ignoring this directive. Most alarmingly, the study determined that the majority of SharePoint administrators perceived their roles to be unrestricted, where the common thought is that 'administration access is God mode.' With that said, the study found that many SharePoint administrators were abusing their access rights by putting confidential data at risk.
The study was sponsored by Cryptzone to better understand how organizations are controlling access to SharePoint content to prevent the misuse or loss of data. The results revealed that many organizations are struggling at controlling access to sensitive information in SharePoint environments. As compliance is undoubtedly a concern among many organizations, 36 percent of organizations didn't take any measures to audit their systems.
Hakan Saxmo, CTO of Cryptzone highlighted the key takeaways from this study, "Firstly, there needs to be a separation of duties, so that SharePoint administrators are only responsible for performing normal administrative functions in SharePoint: setting up sites, libraries, content types, meta-data columns, access rights and configuring page layouts, etc. They should never have full visibility to all content, as it presents compliance issues and a security risk. Secondly, employing technical controls that enforce information security policies automatically, without changing the user experience, is fundamental to the rules being maintained. Users won't follow the rules, just because they are there! And finally, with the proliferation of mobile devices (smartphones and tablets), having a secure solution for mobile users who need access to SharePoint and other web-based applications is a critical issue for the majority of organizations today."
Visit Cryptzone's website to see the full survey results.