Assessing SharePoint Content Security

March 17, 2015

With the volume of content housed in SharePoint implementations constantly growing, security threats are becoming an increasingly large problem as well. For organizations that are not sure how to measure the security of their SharePoint infrastructure, Metalogix may have a solution. CMS Wire covers the news in their article, “9 Metrics To Assess SharePoint Content Security.”

The article begins:

“Is your SharePoint content secure? More importantly, do you know how to assess your content security? Given the number of SharePoint environments, it’s likely that a lot of people would answer ‘no.’ Metalogix, however, has just released a new tool it claims will help. The new Insider Threat Index (ITI) offers SharePoint managers insight into their content security based on nine metrics.”

A lot of resources are devoted to helping organizations make the most of their SharePoint solution. Security is not the only concern, but also efficiency, structure, and user experience. To keep up with these and other topics, consider the SharePoint feed on ArnoldIT.com. Stephen E. Arnold has spent his career following all things search, including SharePoint. His expert-run Web site allows users to find lots of tips, tricks, and news pertaining to the enterprise.

Emily Rae Aldridge, March 17, 2015

Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com

Security Breaches of SharePoint Users Frequent

April 29, 2014

Security is an obvious concern among any enterprise content management system; but with an implementation as big as SharePoint, it is hard to believe all users would be following the rules. CMS Wire relays the latest research and proves suspicions correct in their article, “SharePoint Users Routinely Breach Security Policies.”

The story begins:

“Research by Cryptzone shows at least 36 percent of SharePoint users are breaching security policies — and another 9 percent admit they have no idea how to prevent sensitive information from being uploaded. The study, conducted among attendees at Microsoft’s SharePoint Conference in Las Vegas in March, is a warning to organizations that it is essential to develop adequate information security policies.”

Stephen E. Arnold is a longtime leader in search and a frequent reporter on all things SharePoint. His Web service, ArnoldIT.com, often gives attention to the issues surrounding SharePoint security. In this case, abidance by SharePoint rules and regulations can often be improved if users are comfortable with the platform and feel that it suits their needs. Arnold finds that an implementation plan and a good deal of customization go a long way.

Emily Rae Aldridge, April 29, 2014

Survey Reveals SharePoint Users Breach Security

April 21, 2014

Security is central to any SharePoint installation, but a new study shows that security breaches may be more widespread and more severe than previously thought. At the SharePoint Conference in Las Vegas, CryptZone conducted an anonymous survey of SharePoint users. Read the full report in DarkReading.com’s article, “Cryptzone Survey Reveals SharePoint Users are Breaching Security Policies.”

The article begins:

“A study, conducted amongst attendees at last month’s Microsoft’s SharePoint Conference in Las Vegas (USA), has found that at least 36% of SharePoint users are breaching security policies, and gaining access to sensitive and confidential information to which they are not entitled. It also found that . . . nearly a quarter of them later confessed they knew of individuals who had accessed content that they were not entitled to, demonstrating that users were ignoring this directive. Most alarmingly of all, the majority of administrators perceive their ‘permission’ to be unrestricted.”

Stephen E. Arnold is a longtime leader in search and a follower of all things SharePoint. He reports his finding on his Web site ArnoldIT.com. He has found that security is among the top concerns of all SharePoint managers. Although users don’t typically want to share about their security weaknesses, greater transparency about security concerns can lead to more secure practices and implementations.

Emily Rae Aldridge, April 21, 2014

Microsoft Issues Exchange Sharepoint Related Security Advisory

August 24, 2012

Possible a first in the industry, Microsoft Security Research Center published Microsoft Security Advisory (2737111), which describes how possible vulnerabilities in Oracle Outside In libraries affect the WebReady Document Viewing functionality of Microsoft Exchange and FAST Search Server. Oracle also released their own Critical Patch Update Advisory. Here are more details about the security risk:

“The vulnerabilities exist due to the way that files are parsed by the third-party, Oracle Outside In libraries. In the most severe case of Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010, it is possible under certain conditions for the vulnerabilities to allow an attacker to take control of the server process that is parsing a specially crafted file. An attacker could then install programs; view, change, or delete data; or take any other action that the server process has access to do.”

If you think you may be affected by this, look at this blog post that recommends the workarounds to be done.

Take note that there are 24 other companies – some of them industry giants – that also make use of the said Oracle library. Some of them are IBM, Cisco, Symantec, and McAfee. Hopefully, these companies will soon be able to assess the impact of the said vulnerability on their platforms and issue a security update soon.

Lauren Llamanzares, August 24, 2012

Sponsored by ArnoldIT.com, developer of Augmentext

Security Concerns and Account Permissions in SharePoint 2010 Explained

June 5, 2012

Robert Schifreen brings us the tenth installment of his SharePoint 2010 series in his ZDNet.co.uk post, “Security on the Farm: Accounts and Permissions.” Shifreen explains that SharePoint’s most important database is SharePoint_config but that if it breaks, you’re best bet is to rebuild from your notes and restore backed-up content databases. Why? Schifreen points out that restoring a backup of SharePoint_config isn’t actually supported by Microsoft and rarely works in practice.

The author also has this to share about the nuances of a SharePoint deployment:

When you start building and running a SharePoint farm, you will come across dozens of seemingly unsolvable problems that turn out to be merely down to permissions.

He goes on to say,

Best practice is then to use separate accounts for installing various underlying services, databases, and so on…The most tempting option, of course, is to forget best practice and just use one account for running all the SharePoint internal stuff. The upside is that things will work a little better, with fewer permission-related errors. There are two downsides. First, if a hacker manages to penetrate the account he’ll have access to the entire farm rather than just a half or a third of it. Secondly, splitting everything across multiple accounts can actually aid troubleshooting in some cases because, by glancing at the server’s security log, the account that caused the problem will give you a clue as to why things are going wrong.

Schifreen’s topic of security is a valuable one in the world of big data that is continuously growing across on-premise and cloud platforms. Consider a comprehensive out of the box solution, like Fabasoft Mindbreeze, to extend your SharePoint system with the added certified security benefits.

Fabasoft Mindbreeze Enterprise “finds every scrap of information within a very short time, whether document, contract, note, e-mail or calendar entry, in intranet or internet, person- or text-related. The software solution finds all required information, regardless of source, for its users.” Further, Mindbreeze offers certified security and reliability with regular external audits of their relevant standards ISO 27001, ISO 20000, ISO 9001, and SAS 70 Tup II. The solution is worth a second look at www.mindbreeze.com.

Philip West, June 5, 2012

Sponsored by Pandia.com

Security and Compliance Guidance with SharePoint

March 29, 2012

Maintaining security standards and governance compliance in the enterprise is not always easy when trying to minimize risks and maximize access. Mike Fleck addresses the issue in, “SharePoint, Security, and Compliance.” Fleck explains:

“One thing I think that the SharePoint community can easily agree on is that adequately securing SharePoint implementations and meeting compliance obligations are good things. The many capabilities and advantages that SharePoint brings to the enterprise are well documented…Security and compliance are closely related topics. Compliance regulations dictate numerous security controls. Having a strong security posture makes meeting compliance requirements (and proving compliance to auditors) far easier.”

Fleck’s article is the first in a series on security and compliance as related to the collaboration platform. SharePoint architects and administrators may benefit from the read. Some guidance might help as you look to prioritize high level concerns and pertinent questions for increased SharePoint security and compliance.

While information creation and SharePoint adoption continue to grow, you may find the platform is not the complete out-of-the-box solution for enterprise security and compliance needs.  If you need a bit of help with it you might check into Mindbreeze and their dynamic search technologies that bring together security, mobility, and information pairing.

Fabasoft Mindbreeze exceeds relevant international standards, including ISO 27001, ISO 20000, ISO 9001, and SAS 70 Typ II. Here you can read more about Mindbreeze certifications:

“Fabasoft has received ISO 20000 certification for the IT services Folio Cloud and Folio SaaS. This furthers the Austrian company’s strategy of implementing international standards, with it already being ISO 9001 and 27001 certified. Fabasoft is one of just twelve companies in Austria with ISO 20000 certification.”

With strict compliance standards, certified security, and regular external audits, Mindbreeze can maximize your information assets with security reliability.

Philip West, March 29, 2012

Sponsored by Pandia.com

Balancing Collaboration and Information Security in your SharePoint Environment

February 28, 2012

Collaboration technologies and sound security practices can sometimes be at odds. Some of these bad security habits are discussed in, “SharePoint Users Develop Insecure Habits.” The article highlights a Cryptzone study that discovered 92 percent of respondents understood that taking data out of SharePoint made it less secure; however, 30 percent were willing to take the risk stating they were “not bothered if it helps me get the job done.”

To better understand user thoughts about the security implications, the study also found:

When examining users’ handling of sensitive or confidential information, a defiant 45% of SharePoint users said that they disregard the security within SharePoint and copy sensitive or confidential documents from the collaboration tool to their local hard drive, USB device or even email it to a third party. The main reasons for copying documents from SharePoint were either to work from home (43%) or share it with third parties who don’t have access to the tool (over 55%).

Can effective collaboration and sound security coexist? The article touches on both the technological capabilities and the business policies and user behaviors, such as snooping or bypassing security measures to get on with their work, that play a role in the information security system. The survey highlights that this latter user behavior is the dominant. Ease of access can help curb these bad security habits.

To connect your users to the right information they need at the right time, consider Fabasoft Mindbreeze. With unparalleled data processing capabilities, Fabasoft Mindbreeze for Enterprise . . .

finds every scrap of information within a very short time, whether document, contract, note, e-mail or calendar entry, in intranet or internet, person- or text-related. The software solution finds all required information, regardless of source, for its users. Get a comprehensive overview of corporate knowledge in seconds without redundancy or loss of data.

Add in certified security with regular audits for security standards compliance, Mindbreeze connects users to their needed information without compromising information security.

Philip West, February 28, 2012

Sponsored by Pandia.com

Gazing Into the Crystal Ball for SharePoint’s Future

August 20, 2015

As soon as one version of SharePoint is released, speculation begins on the next. After all, it keeps the fun alive, right? While Microsoft has already redoubled its commitment to on-premises versions with its upcoming SharePoint Server 2016, experts still wonder what the future holds. Read more of the predictions in the Redmond Magazine article, “What Does SharePoint’s Future Hold?

The article begins:

“As we sit and wait for the general availability of SharePoint 2016 next year, members of the product team have already started to talk about vNext. Not as far as specific features, mind you, but commenting on the fact that Microsoft will continue to provide an on-premises version of the platform as long as the market demand is there . . . Microsoft recognizes that on-prem will be around for a long time, if not mostly in the form of hybrid environments.”

Users will no doubt be anxious to flesh out what “hybrid” really means in their environment. Additionally, security and ease-of-use will continue to be top priorities going into the future. To stay on top of the latest developments, stay tuned to ArnoldIT.com for an easy to digest rundown via a dedicated SharePoint feed. Stephen E. Arnold is a longtime leader in search, and provides an expert opinion in a one-stop-shop format.

Emily Rae Aldridge, August 20, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

SharePoint Grasps for Relevancy in the Realm of Social

June 2, 2015

Ever since the rise of social platforms, SharePoint has attempted to keep up. While many users would say that these attempts were struggled behind the majority of social technology, Microsoft was making an effort to keep their enterprise heading in the social direction. The battle has been long and hard and Redmond Magazine gives the latest update in its article, “Microsoft Looks To Bring Social Back to SharePoint with Office Graph.”

The article describes how Microsoft is more or less stuck between a rock and a hard place in their game of social “keep-up”:

“Not that an enterprise-class team and document collaboration vendor should try to match the capabilities of what are, more often than not, a collection of unsecure, noncompliant, sometimes untested tools . . . But here’s the rub: if you don’t offer end users the tools they want, and make key features available on the mobile devices (and operating systems) they want to use, all of those security, auditing, compliance, and reporting standards will become irrelevant because people won’t use your platform.”

So Microsoft continues to battle for relevancy. Its latest move is Office Graph, and analysts are optimistic that this social layer may finally be a way for Microsoft to deliver on its promise of personalized and intelligent social solutions. To stay up-to-date with the latest developments in the social world of SharePoint, keep an eye on ArnoldIT.com, in particular his SharePoint feed. Stephen E. Arnold is a longtime leader in search and follower of SharePoint. His reporting offers a succinct insight into the developments that affect productivity and user experience.

Emily Rae Aldridge, June 2, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Expert System Webinar: Sharepoint and Semantics Add Value for Users

April 20, 2015

Expert System offers a system capable of turbo-charging information access in SharePoint installations. The company has developed a fact-based webinar to demonstrate the power of Expert System’s semantic technology.

The company’s Cogito Connected for SharePoint features a document library, complete with metadata enrichment for files to increase their visibility as well as their content. The library will also be retained in SharePoint and be available for use by other files and accurate time and date of most recent tagging will be captured for each file. Users will also be able to process multiple attachments in the Document List and the search function is enhanced with fully integrated Web components.

With Cogito, users can locate content via a custom taxonomy, entities, or faceted search options. SharePoint users can locate needed information via point-and-click, eDiscovery, and traditional keyword search enriched with organization-specific metadata. Expert System’s Cogito allows users to browse content organized by topics, people, and concepts, which makes SharePoint more useful to a busy professional.

SharePoint is one of the most popular collaborative content platforms for enterprise systems, but like many proprietary software programs it has its limits. The good news is that companies like Expert System discover SharePoint’s weaknesses and create solutions to fix them.

Using its patented technology Cogito, Expert System addresses one of the main user concerns when looking for information housed in SharePoint. Cogito sharply reduces the difficulty of navigating and locating content in SharePoint. This problem stems from creators improperly tagging content or not tagging it at all.

In an exclusive interview, Maurizio Mencarini, Expert System had this to say about Expert System’s Cogito Connected for SharePoint:

“Cogito Connected for SharePoint addresses these two areas by providing the power of Cogito semantics to the application of consistent, automated tagging of SharePoint content. With the addition of fully integrated web parts that expose the granularity of content generated metadata, Cogito enhanced SharePoint optimizes the management of content for the SharePoint administrator. For the user, Cogito Connected for SharePoint significantly improves the SharePoint search experience by enhancing the search capabilities beyond the list to include faceted search including category, entity and topic.”

Expert System’s solution delivers a better SharePoint experience for the user and improves work productivity for employees, since they will be able to locate information quicker. Expert System knows what many users don’t realize: the value of being able to locate and recognize content quickly. In this case, Expert System applied this knowledge to SharePoint, but it can be used for other programs in any field. On April 28, 2015 from 12:00 PM-1:00 PM EST, Expert System will host a free webinar called “Implementing a Better Search Experience” where attendees will “learn how to make SharePoint more than a place where you put documents and start transforming your collected knowledge in your collective knowledge.”

Expert System was founded in 1989 and its flagship product is Cogito. Solutions based on the Cogito software include semantic search, natural language search, text analytics, development and management of taxonomies and ontologies, automatic categorization, extraction of data and metadata, and natural language processing. Expert System is working on exciting new developments on everything from enterprise systems to security and intelligence.

Expert System wants to share its knowledge with users so they can have a better user experience, apply the knowledge to other areas, and, of course, make daily tasks simpler.

The new “Implementing a Better Search Experience” will be offered on April 28, 2015, from 12 to 1 pm Eastern Time. You will learn how you can transform your organization’s collected knowledge in actionable collective knowledge.

Sign up for the April webinar at http://bit.ly/1FalGjH.

Stephen E Arnold, April 20, 2015

Next Page »

  • Archives

  • Recent Posts

  • Meta