SharePoint requires another layer of security in the age of cloud computing

SharePoint isn’t going anywhere in the age of cloud-based collaboration and content management, and there continues to be a market for add-ins, including those to bolster security for the connected enterprise.

Metalogix is looking to make security smarter in ControlPoint 7, launched today, with additional embedded security intelligence to detect suspicious SharePoint user activity. Steven Marsh, the company’s senior director of product marketing, said breaches to Microsoft Corp.’s content management and collaboration platform can have a wide-ranging impact as they can even affect employees who have left the organization by exposing stored personally identifiable information (PII).

SharePoint comes with built-in features to assign permissions and manage access to information, and there are a number of offerings that can layer additional security on top. Marsh said MetaLogix has focused on taking an approach similar to that of financial institutions monitoring bank accounts and credit cards for potential fraud; unusual activity by an authorized user might hint that something is amiss, he said.

Many organizations have remote workers accessing SharePoint, such as traveling sales staff. Marsh said the real-time situational awareness would be able to detect a remote worker pulling down massive amounts of company information not related to their role from a location that person isn’t likely to be, for example. This is done through real-time machine learning to analyze and detect suspicious patterns of activity.

ControlPoint 7.0 includes Metalogix Sensitive Content Manager, which monitors SharePoint around the cloud and tracks behavior anomalies and unauthorized access based on geo-location to protect against both internal and external threats.

Logan Harbaugh, senior analyst and validation engineer at Storage/Systems Strategies Now, said the accessibility options in SharePoint that make it easier for remote workers to use are what makes it much more accessible to outside hackers and people of ill intent generally. “There’s need for more security than what Microsoft provides by default.”

He said while most content on a web server is fairly static, the nature of operational information in SharePoint is often dynamic, and the system could potentially house all of an organization’s documentation – all the more reason to have robust security. Harbaugh said what’s interesting about MetaLogix’s latest release is that it takes advantage of artificial intelligence techniques not commonly used to determine what is normal user behavior to in turn determine what might be suspicious behavior that threatens security.

ControlPoint’s security is particularly focused around content, especially sensitive files that include PII or need to be compliant with regulations such as HIPPA, PCI or Sarbanes-Oxley, said Harbaugh. SharePoint continues to be a widely used information-sharing tool despite the advancements in cloud computing and online collaboration tools.

“SharePoint still has a large footprint,” he said. “Companies leave stuff in place until there’s a major problem. They’re not going to replace existing a SharePoint installation unless they have to.”

There are ways to secure SharePoint by using all of its features in combination with Active Directory and a firewall, said Harbaugh, but setting it up, maintaining it, and keeping it secure is more difficult than just installing a third-party tool such as MetaLogix.

The challenge, he said, is how to implement safeguards effectively without interfering with productivity by accidently blocking the wrong people. By making information available, staff can make better decisions, but there’s a bigger chance of that information falling into wrong hands.

“That’s the classic conflict in making anything available online,” he says.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Gary Hilson
Gary Hilson
Gary Hilson is a Toronto-based freelance writer who has written thousands of words for print and pixel in publications across North America. His areas of interest and expertise include software, enterprise and networking technology, memory systems, green energy, sustainable transportation, and research and education. His articles have been published by EE Times, SolarEnergy.Net, Network Computing, InformationWeek, Computing Canada, Computer Dealer News, Toronto Business Times and the Ottawa Citizen, among others.

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now