The native security in SharePoint is heavy on the use of manual settings, which opens the gate to SharePoint vendors with less labor-intensive solutions. Before you go out and select a product, Titus Security product manager and SharePoint expert Antonio Maio says, consider doing two simple things first.
1. Classify your data. If you’re not already doing it, consider classifying your information by using metadata. See Microsoft’s article “Metadata-based routing and storageoverview (SharePoint Server 2010)” and “Metadatanavigation overview (SharePoint Server 2010).”
2. Determine a few appropriate policies and enforce them. Consider what types of policies make sense to your business, and involve stakeholders in that decision process. Then start simple with enforcement. Protect the most important information in SharePoint and see where the policies grow. “Some will want to enforce policies holistically, but starting simple lets you get feedback from users and meet the demands of the business,” Maio says. See Microsoft’s “Information management policy planning(SharePoint Server 2010)” as a start.