Securing your communications around SharePoint information.
Over the past few years the trend to migrate field to the secure and collaborative information sharing environment of SharePoint has been increased tremendously. SharePoint is currently being used by more than 78% of Fortune 500 companies. With the adoption of Microsoft SharePoint in the business world increasing at a greater rate than security practices change, the chances for information compromise to occur is quickly increasing. Many organizations are storing their sensitive information on SharePoint and then collaborated around that information with external users. According to Dimensional research, more than 76% of organizations have been requested to grant non-employee access to their sensitive and secret data. Many of these requests are legitimate and SharePoint is made to handle them, but people need to know how to use it and what SharePoint’s limitations are. Most people are not adequately trained, and we have been seen many security incidents in the recent years have led companies to billions of dollars in losses.
Secure messaging is always very crucial in everyday business functions. We will always need way to collaborate around our working files. One of the biggest security challenges SharePoint with using SharePoint lies in the information path of the data surrounding our secure documents. SharePoint stores company’s data into a secure and fully auditable transactional database that underlies the SharePoint secure platform. However, when most people collaborate around that data they do so over email. Sometimes this involves messages around secure content, some of it involves the actual files themselves being emailed out of SharePoint. If the data or information is sent out of the SharePoint it will never come back. Moreover, all versioning and auditability of SharePoint is now lost. The best practice is to the keep data in to the SharePoint. Now Question arises HOW? , the easiest solution to this problem is to send the link of the document to the receiver instead of attaching the actual file which will keep the document into the SharePoint Environment as an asset and within the boundaries of your business.
As long as the document stays in SharePoint, it is both secure and auditable. SharePoint logs can be set to show every user who opens or changes a document, and each version of the document can be set to save indefinitely. Now every user of a document is verified and auditable and your information is safe. The most common complaint with this method is the difficulty in teaching people to link instead of to attach files. Training is important here. Users need to be shown how to Share files and set permissions on shared files using both the SharePoint Document Actions menu as well as the SharePoint Ribbon. Each allows both attaching and linking. Teach people to link and not attach!
Another more radical means is to disable attachments on email. If a user needs to email out a file they would upload to your SharePoint environment and then send a link. If the document is going out externally a new external user account would be created and the user would now be authenticated and tracked.
Another advantage of sending links instead of attachments lies in versioning and storage. In every day’s busy working environment, the flow of information is constant. This heavy information flow causes a versioning and storage problem. Every time someone sends information via SharePoint, it sends as a duplicate copy of that document which then resides on the person’s storage. In addition, other copies of that same document now reside all over the network. This leads to a versioning nightmare and a waste of storage space. However, with taking a simple measure of using a link we can minimize the storage problem and just send the reference link to the file that now remains in the SharePoint and users will just able to view the document instead of downloading to their computers.
Creating a culture of links instead of attachments will help your file security, but still leaves the problem of communications around those secure files. Every email creates a new information trail out of SharePoint and out of our vision. We need a way to keep the information about our documents with our documents. A full Audit Trail of a company’s information flow is very difficult to track and audit the second messages get forwarded outside the SharePoint environment. To overcome this problem, we can make a policy that all information about SharePoint documents should be put on custom wiki’s or discussion boards in SharePoint. This is a difficult practice to get adopted, but will work wonders for the integrity and organization of your information.
If you want to keep the information about your controlled documents safe but cannot overcome the adoption hurdles of switching information to discussion boards, we (Easy Dynamics), make a product called {{cta(’18e00ca6-a02a-43ac-899b-ea3c7e2fc1c2′)}} which can give you the best of both worlds. Click for more info.
{{cta(‘a8e8fe51-4b89-4055-a473-8970f645c6db’)}}