One question I get asked a lot when talking to clients about implementing SharePoint is, “is my content secure when I put it into SharePoint?” Many other questions arise such as, “should I store my content on-premises or in the cloud and what are the security considerations?, who should have access to what?,” and the bigger question, “who should decide and monitor who has access?”
It always amazes me that when I work with a client in the requirements gathering process for SharePoint implementations, security is such a big topic. Many times we are moving content from a network file share and leveraging the network security in place, so what could be the problem? I have found that in many cases the network file shares and folder structures haven’t been reviewed for a long time. The process of establishing an information architecture and user targeted content brings this to the forefront inevitably making them think about who needs access to what. Typically, when business users save files to the network they never really think about the security within the folder structure – they just make assumptions as to the accessibility others have, or don’t have, to their files.
We recently hosted a webcast focused on how SharePoint can help organizations better manage and secure content. As we talked through the best practices and how SharePoint can enhance the security model it made me think of the conversations we have had with IT departments. One of the first questions I ask is how well their security roles and groups are defined within Active Directory. Many times the answer to this question is “needs some work,” or “we’ve been working on that.”
Then I talk with the business users and ask how they manage and monitor their content on the file share. Often the perception is that IT takes care of making sure their content is secure but they are not sure how it happens. That is when it is time to take a step back from the technical talk and really understand the security policies, training plan and governance strategy for the organization’s content. SharePoint is a great platform to start, build, track and manage the organization’s governance practices.
In my opinion, the first question should not be to ask how secure SharePoint can be but rather can SharePoint adopt the organization’s security requirements. As you prepare for your implementation, not only is it critical to define the requirements for the structure of the content and collaboration spaces but it is equally important to insure you have a governance plan to keep the content secure.