Microsoft SharePoint: 5 Tips for Keeping Content Private
SharePoint content is sprawling, and requires that IT support content sharing and collaboration while also enforcing strict policies within departments to keep sensitive documents out of the wrong hands. Here are five ground rules for protecting content in SharePoint.
Thu, February 10, 2011
CIO — From its humble beginnings as a repository for Office documents to its current role as a hulking enterprise-wide information portal, Microsoft's (MSFT) SharePoint Server suite has always been about content.
SharePoint's vast feature set now includes enterprise content management, search, social networking, blogs and wikis, collaboration and business process management. But all parts of the machine depend on content, from training videos to financial reports to confidential legal documents.
However, it is a machine that can potentially wreak havoc if SharePoint is not implemented and monitored effectively by IT.
Storing content in SharePoint is only part of the challenge; securing it is an area where many organizations run into trouble when clear corporate policies regarding SharePoint access and user permissions are not in place.
The risks of keeping SharePoint content safe are not limited to malicious attacks or disgruntled employees leaking confidential information, says Larry Concannon, VP of product marketing at HiSoftware, a Web content and social media compliance software firm.
"The most common privacy breaches are inadvertent," says Concannon, "often resulting from carelessness or lack of awareness by an employee."
The best content security strategy for SharePoint is one that lets employees freely contribute content and collaborate, but enforces policies within departments to keep sensitive documents from ending up in the wrong hands, internally as well as outside the company.
HiSoftware recommends five of the most common ground rules for protecting content in SharePoint.
Make it Clear What Content Is Permissible
Enterprises should create clear, documented policies as part of their SharePoint implementations, says Concannon, including rules about what types of content is permissible.
While each organization will have its own definition of permissible content, the most secure SharePoint implementations are governed by policies that take into account who is allowed to review or publish content, and what content itself is appropriate for storage within SharePoint.
Another key to a secure SharePoint implementation is educating users about the privacy and confidentiality rules set up by IT that protect both the employee and the company.
"On one level this means simple user training," says Concannon. "But it could also mean creating a "terms of service" screen that comes up as users are creating their own My Site, for example."
Use Classification to Guide Behavior
One configuration available in SharePoint that protects content is a classification screen that pops up every time a document is added. These classification screens are based on categories set up by IT to enforce what should and should not be in the system.