Microsoft SharePoint. These are two words that conjure up both relief and fear. First, the relief: with over 85 million licenses sold and $1 billion in sales, it’s clear that organizations are rapidly embracing Microsoft SharePoint as an affordable technology that can solve the not-so-insignificant challenges of secure collaboration.
Second, the fear: Microsoft SharePoint servers are being deployed so rapidly that IT can’t keep up with the security, compliance and risk considerations.
Consider this: A sales department hit with budget cuts and resource reductions turns to the IT department to help it streamline the document-sharing process with partners and customers. IT deploys a sales sub site on a Microsoft SharePoint server that’s also home to human resources, marketing and other corporate sub sites. The sales department then creates partner and customer folders on its site.
Business and revenue objectives demand that document sharing begin immediately, so IT grants partners and customers immediate access to the sales site. In fact, access is opened so fast that IT doesn’t have time to implement a policy restricting partners from accessing other sub sites and documents hosted on the server. In this case (an all-too-common occurrence today), channel and customer objectives are being met while security and compliance policies are exposed.
There is certainly a level of trust between the organization, its partners and customers. But the fact that outside entities now have access to different department sub sites and file shares clearly presents a security and compliance issue. With cutbacks and the drive to keep channel and customer revenue flowing, how can IT possibly hope to keep up with security and compliance?
Fortunately, for organizations turning to collaboration tools such as Microsoft SharePoint, there are many cost-effective security and compliance solutions that respond to the demands of rapid and secure collaboration. Unfortunately, these products and their marketing messages are hitting the street at such a furious pace that it’s hard to keep up with what’s real and what’s hype.
How to Choose a Microsoft SharePoint Security Solution
How to choose a Microsoft SharePoint security solution
Inevitably, at some point in time, a breach or compliance violation is going to force a Microsoft SharePoint security solution purchase. When evaluating solutions that claim to provide secure access to Microsoft SharePoint, keep in mind that they must do or support the following ten things:
1. Integrate into multiple directories (Active Directory and LDAP directories included)
2. Support multiple attributes per policy for fine-grained access control
3. Support enterprise-wide policies across numerous Microsoft SharePoint application instances
4. Align security policy with business intent
5. Rapidly provision and enforce entitlement policies across applications and users
6. Easily define and enforce policies that control access to specific areas of a Microsoft SharePoint portal
7. Support audit and e-discovery mandates to ensure compliance
8. Centralize management to reduce administration costs and support shared ownership of policies across networking, security, applications and business teams
9. Increase return on investment benefit by leveraging investment in IT infrastructure, existing directory stores and the network
10. Provide security on time and within budget
Equally important is the evaluation process. Because many of the solutions are as new as Microsoft SharePoint, a comprehensive evaluation period should precede any purchase.
During assessments, remember to put the product under consideration through the rigors of real-world scenarios. Once trials conclude that the solution in question can provide all of the benefits listed above in actual situations, and that effective customer support is available, then it is time to buy.
/images/stories/heads/knowledge_center/buckley_shane70x70.jpgShane Buckley is president and CEO of Rohati Systems Inc. He has more than 20 years of global executive and general management expertise, having held senior executive positions in the United States, Europe, the Middle East and Asia-Pacific. Before taking the helm at Rohati, Shane served as COO at Nevis Networks, Inc., a leader in network access control. Prior to that, he was VP of Worldwide Operations for Juniper Networks. Before that, he served as the International President of Peribit Networks, the leader in Network Optimization. Juniper Networks purchased Peribit in June 2005 for $385 million.
Prior to Peribit, Shane served as CEO of Conduit Software, a provider of Directory Assistance and Wireless Applications solutions. Before that, he was VP, EMEA at 3Com. In this role, he managed a $2.2 billion business unit and was responsible for 3Com’s distribution strategy, OEM partnerships and reseller channels. Shane also chaired 3Com’s Global Distribution Council, was a member of the company’s worldwide OEM steering team, and served as 3Com’s head of operations for the Asia-Pacific Region based in Hong Kong and Tokyo.
Shane is a frequent speaker at high-level industry trade shows and events such as Gitex, CeBIT, and The Wall Street Journal Europe conference. He has also contributed to many magazines and news programs, including MSNBC, SABC and Middle East Business news. He holds a Bachelor’s Degree in Engineering from the Cork Institute of Technology in Ireland. He can be reached at shane@rohati.com.