January 19, 2012, 3:14 PM — Even the users and administrators who work most closely with and are most responsible for installations of Microsoft's SharePoint document-sharing application either don't know or don't care enough about security to use the security features built into SharePoint themselves or encourage others to do so, according to a new study.
All but 8 percent of respondents to the survey understood that removing a document from the SharePoint server made it less secure, but 45 percent had done it anyway; 18 percent do it "regularly."
That means taking secure documents off the SharePoint server and copying them to either local hard drives or flash drives so the user can take the docs along when they leave, or even email secure documents to other people. Those who were willing to violate security in so obvious a way wouldn't hesitate to do it, either, if it "helps me get the job done," according to the study sponsored by Swedish risk-mitigation software developer Cryptozone.
Another 34 percent said they never think about the security of SharePoint documents and 13 percent said protecting the data or documents is not their responsibility.
The study itself comes with a couple of caveats, one of which actually makes that last point more disturbing.
Caveats about study make results even more disturbing
First, Cryptozone sells software designed to add security to SharePoint itself, so it's not exactly objective in its analysis, or in the choice of questions or respondents.
The sample size is also way too small to be statistically significant; the report is based on a survey of 100 attendees of a SharePoint Saturday conference in Nottingham, U.K. in November.
On the other hand, the only people who would go to a SharePoint Saturday meeting are either total newbies sent there for training, or they're the user administrators and IT people most responsible for security, maintenance and all the other systemic flaws IT people continually have to drill into end users to keep them from writing top-secret passwords on Post It notes or leaving security doors unlocked while they run to pick up a pizza.
Though respondents didn't identify their roles clearly, 51 percent said they don't assign access rights within SharePoint and 69 percent said it's the in-house IT administrators who do that.
So the sample size was split about evenly between end users and IT people.