Another key to a secure SharePoint implementation is educating users about the privacy and confidentiality rules set up by IT that protect both the employee and the company.
"On one level this means simple user training," says Concannon. "But it could also mean creating a "terms of service" screen that comes up as users are creating their own My Site, for example."
Use Classification to Guide Behavior
One configuration available in SharePoint that protects content is a classification screen that pops up every time a document is added. These classification screens are based on categories set up by IT to enforce what should and should not be in the system.
"Classification screens will let you know if a document doesn't fall into one of the designated categories," says Concannon. "If it doesn't, don't publish it."
Don't Forget to Enforce the Policies
Once the business rules are in place for SharePoint, says Concannon, IT managers must enforce them and let users know when violations occur. One approach is to provide users with a way to tag content they consider to be "inappropriate."
Automated software is also available from HiSoftware and other vendors to check SharePoint content before it is published to avert the posting of non-compliant content. Features like automated content scans can be used to validate specific regulations in SharePoint that are designed to prevent privacy breaches and confidentiality leaks.
Social Tools: Find the Right Balance
One area in SharePoint that needs to be watched closely is social networking, says Concannon. Social features like blogs, wikis, communities, My Site profile pages and forums have been featured more prominently in SharePoint 2010. While these popular tools can improve communication and productivity, they are potential compliance landmines.
[ For complete coverage on Microsoft's SharePoint collaboration software -- including enterprise and cloud adoption trends and reviews of SharePoint 2010 -- see CIO.com's SharePoint Bible. ]
To safeguard this new wave of Web 2.0 content as well as plain old documents, HiSoftware recommends a balanced approach where collaboration and information sharing is encouraged, but security regulations are enforced within departments to prevent, say, a legal document about a potential merger from being viewed by the wrong person.
