5 ways to keep SharePoint content private

From its humble beginnings as a repository for Office documents to its current role as a hulking enterprise-wide information portal, Microsoft’s SharePoint Server suite has always been about content.

SharePoint’s vast feature set now includes enterprise content management, search, social networking, blogs and wikis, collaboration and business process management. But all parts of the machine depend on content, from training videos to financial reports to confidential legal documents.

However, it is a machine that can potentially wreak havoc if SharePoint is not implemented and monitored effectively by IT.

Storing content in SharePoint is only part of the challenge; securing it is an area where many organizations run into trouble when clear corporate policies regarding SharePoint access and user permissions are not in place.

The risks of keeping SharePoint content safe are not limited to malicious attacks or disgruntled employees leaking confidential information, says Larry Concannon, VP of product marketing at HiSoftware, a Web content and social media compliance software firm.

“The most common privacy breaches are inadvertent,” says Concannon, “often resulting from carelessness or lack of awareness by an employee.”

The best content security strategy for SharePoint is one that lets employees freely contribute content and collaborate, but enforces policies within departments to keep sensitive documents from ending up in the wrong hands, internally as well as outside the company.

HiSoftware recommends five of the most common ground rules for protecting content in SharePoint.

Make it clear what content is permissible

Enterprises should create clear, documented policies as part of their SharePoint implementations, says Concannon, including rules about what types of content is permissible.

Related story – Websense offers ‘middle-of-the-road’ security

While each organization will have its own definition of permissible content, the most secure SharePoint implementations are governed by policies that take into account who is allowed to review or publish content, and what content itself is appropriate for storage within SharePoint.

Educate employees

Another key to a secure SharePoint implementation is educating users about the privacy and confidentiality rules set up by IT that protect both the employee and the company.

“On one level this means simple user training,” says Concannon. “But it could also mean creating a “terms of service” screen that comes up as users are creating their own My Site, for example.”

Use classification to guide behavior

One configuration available in SharePoint that protects content is a classification screen that pops up every time a document is added. These classification screens are based on categories set up by IT to enforce what should and should not be in the system.

“Classification screens will let you know if a document doesn’t fall into one of the designated categories,” says Concannon. “If it doesn’t, don’t publish it.”

Don’t forget to enforce the policies

Once the business rules are in place for SharePoint, says Concannon, IT managers must enforce them and let users know when violations occur. One approach is to provide users with a way to tag content they consider to be “inappropriate.”

Automated software is also available from HiSoftware and other vendors to check SharePoint content before it is published to avert the posting of non-compliant content. Features like automated content scans can be used to validate specific regulations in SharePoint that are designed to prevent privacy breaches and confidentiality leaks.

Social tools: find the right balance

One area in SharePoint that needs to be watched closely is social networking, says Concannon. Social features like blogs, wikis, communities, My Site profile pages and forums have been featured more prominently in SharePoint 2010. While these popular tools can improve communication and productivity, they are potential compliance landmines.

Related story- Cash in on Microsoft SharePoint’s social tools

Educate employees

Another key to a secure SharePoint implementation is educating users about the privacy and confidentiality rules set up by IT that protect both the employee and the company.

“On one level this means simple user training,” says Concannon. “But it could also mean creating a “terms of service” screen that comes up as users are creating their own My Site, for example.”

Use classification to guide behavior

One configuration available in SharePoint that protects content is a classification screen that pops up every time a document is added. These classification screens are based on categories set up by IT to enforce what should and should not be in the system.

“Classification screens will let you know if a document doesn’t fall into one of the designated categories,” says Concannon. “If it doesn’t, don’t publish it.”

Don’t forget to enforce the policies

Once the business rules are in place for SharePoint, says Concannon, IT managers must enforce them and let users know when violations occur. One approach is to provide users with a way to tag content they consider to be “inappropriate.”

Automated software is also available from HiSoftware and other vendors to check SharePoint content before it is published to avert the posting of non-compliant content. Features like automated content scans can be used to validate specific regulations in SharePoint that are designed to prevent privacy breaches and confidentiality leaks.

Social tools: find the right balance

One area in SharePoint that needs to be watched closely is social networking, says Concannon. Social features like blogs, wikis, communities, My Site profile pages and forums have been featured more prominently in SharePoint 2010. While these popular tools can improve communication and productivity, they are potential compliance landmines.

Related story- Cash in on Microsoft SharePoint’s social tools

To safeguard this new wave of Web 2.0 content as well as plain old documents, HiSoftware recommends a balanced approach where collaboration and information sharing is encouraged, but security regulations are enforced within departments to prevent, say, a legal document about a potential merger from being viewed by the wrong person.

Shane O’Neill covers Microsoft, Windows, Operating Systems, Productivity Apps and Online Services for CIO.com. Follow Shane on Twitter @smoneill. Follow everything from CIO.com on Twitter @CIOonline. Email Shane at [email protected].

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Brian Jackson
Brian Jacksonhttp://www.itbusiness.ca
Editorial director of IT World Canada. Covering technology as it applies to business users. Multiple COPA award winner and now judge. Paddles a canoe as much as possible.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs