Monday, July 6, 2009

The Sharepoint security connundrum

Sometimes going to security conferences can be not as useful. However, I just got back from the Gartner Security Summit - some very interesting presentations and conversations. I like the in-depth analysis that they do - and this time I was intrigued by the Sharepoint security presentation by Neil MacDonald.

A few points I learnt:

  • Sharepoint is the fastest growing product in Microsoft's history! Taking over and replacing many file shares and other collaboration products.
  • Security is a big concern due to the rapid growth - especially when collaborating with external parties.
  • Data is usually not encrypted within Sharepoint - makes it hard to search and index.
Sharepoint is an example of an information-centric approach in an organization - and I think most optimal for a similar information-centric approach for data security. You cannot protect the data by protecting the boxes, encrypting hard drives etc. The protection policies should be with the data and/or enforced by authntication and the right authorization within Sharepoint.

Will be interesting to see how this shakes out - I am excited about the information-centric security approach that Sharepoint will force organizations and vendors to adopt!

No comments: