A recent article in Fierce Content Management entitled “Survey finds many users blow by SharePoint security” reveals how cavalier some Microsoft SharePoint users are about maintaining security within the widely used Enterprise collaboration and content management solution. According to the SharePoint security survey conducted by Cryptzone, an IT threat mitigation company, 92% of respondents said they knew that taking content out of SharePoint created a security risk; still 30% were willing to take that risk for the sake of convenience. Even more eye-opening was that 43% took sensitive content out of SharePoint to work at home and 55% said they did that to give material to someone without access to SharePoint.
There’s a clear need to be able to share files externally from SharePoint that is not currently being addressed in many organizations.
To effectively collaborate today, users need to easily share content securely within their organization and with external partners across the firewall. But in order to securely share data with outside parties, organizations need to create a secure file sharing system within their SharePoint environment. Unfortunately, it is not easy or inexpensive to build an external-facing SharePoint server farm.
In order to open up content in SharePoint to external users, IT needs to provision a license and also set up external facing SharePoint servers on the DMZ. This is an expensive proposition. So organizations usually bypass setting up external SharePoint servers. This often leads employees to create work-arounds rather than taking the time to put in IT requests. However, this is a data breach waiting to happen. Once a document leaves SharePoint “illegally” the ability to track and manage the file is compromised. This is particularly important in industries subject to HIPAA and other regulatory compliance.
There is a solution to this problem for organizations who want to make the most of their SharePoint investment. Accellion offers a plug-in for SharePoint that enables users to quickly, easily, and securely share any size file from within the SharePoint Document Library to both internal and external recipients. The plug-in not only makes it easy to share files across the corporate firewall but also provides easy-to-use file tracking and reporting required to meet industry and government regulations such as HIPAA, SOX and GLBA.
So if your organization has made an investment in SharePoint but you haven’t yet implemented external sharing of SharePoint documents for your users please give us a call. As the Cryptzone survey illustrated if a solution isn’t provided for external file sharing from SharePoint then users will come up with their own solution and security isn’t typically top of their list of requirements.
Related posts:
- Observations from SPTechCon Feb 2011 – SharePoint Technology Conference
- From Network World: Microsoft security expert warns over SharePoint data at risk
- Private: 3 Easy Steps to Secure File Transfer Nirvana – a.k.a. why IT and users love appliance solutions
Tags: Accellion, Collaboration, File Sharing, PlugIn, SharePoint
TWITTER
FACEBOOK
LINKEDIN
YOUTUBE
How does Accellion secure the file being transmitted to the external user? What would prevent them from downloading the file and doing what they please with it? E.g., printing, forwarding to a competitor, posting on a site, etc.
– Users can easily share files by sending stakeholders a secure link to a file in their
Accellion Secure Workspace. Users can decide if the file can be downloaded by only the recipient
of the email, if the recipient can forward the file to others, or if all authenticated users can download
the file. They can set file link expiration dates. Users automatically get return receipts when files
are downloaded.
Files are stored within the Accellion system on an encrypted partition using AES 128-bit
encryption. Additionally, each file can be encrypted with a unique key. The file encryption key is
also not stored on the server, so even if the server is compromised, the decryption keys for stored
files cannot be obtained on the server itself. Data is also encrypted in transit using SSL/HTTPS.
Accellion’s security mechanisms guard against malicious access:
o File names are de-referenced when stored on Accellion to ensure that files are
inaccessible.
o Files may be stored encrypted for added security.
o Data can be accessed only through the file URL embedded in the email.
o Each URL call is authenticated individually.
Thanks for the response. I’m not sure how this prevents unauthorized forwarding. If someone uses Accellion to send a link to a document to me, I’ll be able to download that document, correct? Then what would stop me from taking that document and sharing it with a third party?