Users Breaching Security Policies

Tuesday, April 22, 2014 @ 06:04 PM gHale


It is tough enough to create a security plan much less have people follow it and one study found at least 36 percent of SharePoint users are breaching policies, and gaining access to sensitive and confidential information to which they are not entitled.

The study came from attendees at last month’s Microsoft SharePoint Conference in Las Vegas. At its core, SharePoint integrates intranet, content management and document management.

RELATED STORIES
Execs Not Seeing All Security Facts: Report
9 Attacks Cause 92% of incidents: Report
DDoS Techniques Changing
SQL Injection Attacks Still Fierce

This study also found of the 19 percent of respondents whose organizations do not allow sensitive information to end up stored within SharePoint environments, nearly a quarter of them later confessed they knew of individuals who had accessed content they were not entitled to, demonstrating that users were ignoring this directive.

In addition, the majority of administrators perceive their “permission” to be unrestricted – responding with comments anecdotally that included “I am entitled to see everything” and “Administration access is God mode.”

“Of the people spoken to during our survey, 19 percent recognize there are risks and try to limit them by banning sensitive information from being stored within SharePoint,” said Hakan Saxmo, CTO at Cryptzone. “I say ‘try’, because it turns out that just 18 percent actually use technical controls with 73 percent instead relying on a written policy or an ‘understanding’ with their workforce. And we all know how many people actually ‘do as they’re told.’”

The study found there was an increase in accessing types of employee details other than salary – from 15 to 22 percent. Valuable data assets — such as insider information and intellectual property, also saw significant rises of around 50 percent.



Leave a Reply

You must be logged in to post a comment.