February 10, 2011, 9:00 PM — From its humble beginnings as a repository for Office documents to its current role as a hulking enterprise-wide information portal, Microsoft's SharePoint Server suite has always been about content.
SharePoint's vast feature set now includes enterprise content management, search, social networking, blogs and wikis, collaboration and business process management. But all parts of the machine depend on content, from training videos to financial reports to confidential legal documents.
However, it is a machine that can potentially wreak havoc if SharePoint is not implemented and monitored effectively by IT.
Storing content in SharePoint is only part of the challenge; securing it is an area where many organizations run into trouble when clear corporate policies regarding SharePoint access and user permissions are not in place.
The risks of keeping SharePoint content safe are not limited to malicious attacks or disgruntled employees leaking confidential information, says Larry Concannon, VP of product marketing at HiSoftware, a Web content and social media compliance software firm.
Slideshow: 10 Things We Love About SharePoint 2010
"The most common privacy breaches are inadvertent," says Concannon, "often resulting from carelessness or lack of awareness by an employee."
The best content security strategy for SharePoint is one that lets employees freely contribute content and collaborate, but enforces policies within departments to keep sensitive documents from ending up in the wrong hands, internally as well as outside the company.
HiSoftware recommends five of the most common ground rules for protecting content in SharePoint.
Make it Clear What Content Is Permissible
Enterprises should create clear, documented policies as part of their SharePoint implementations, says Concannon, including rules about what types of content is permissible.
While each organization will have its own definition of permissible content, the most secure SharePoint implementations are governed by policies that take into account who is allowed to review or publish content, and what content itself is appropriate for storage within SharePoint.