Microsoft SharePoint: 5 tips for keeping content private

The risks of keeping SharePoint content safe are not limited to malicious attacks or disgruntled employees leaking information

From its humble beginnings as a repository for Office documents to its current role as a hulking enterprise-wide information portal, Microsoft's SharePoint Server suite has always been about content.

SharePoint's vast feature set now includes enterprise content management, search, social networking, blogs and wikis, collaboration and business process management. But all parts of the machine depend on content, from training videos to financial reports to confidential legal documents.

However, it is a machine that can potentially wreak havoc if SharePoint is not implemented and monitored effectively by IT.

Storing content in SharePoint is only part of the challenge; securing it is an area where many organizations run into trouble when clear corporate policies regarding SharePoint access and user permissions are not in place.

The risks of keeping SharePoint content safe are not limited to malicious attacks or disgruntled employees leaking confidential information, says Larry Concannon, VP of product marketing at HiSoftware, a Web content and social media compliance software firm.

Slideshow: 10 Things We Love About SharePoint 2010

SharePoint 2010: Five New and Improved Features

Microsoft SharePoint: Three Sleek Social Networking Alternatives

"The most common privacy breaches are inadvertent," says Concannon, "often resulting from carelessness or lack of awareness by an employee."

The best content security strategy for SharePoint is one that lets employees freely contribute content and collaborate, but enforces policies within departments to keep sensitive documents from ending up in the wrong hands, internally as well as outside the company.

HiSoftware recommends five of the most common ground rules for protecting content in SharePoint.

Make it Clear What Content Is Permissible

Enterprises should create clear, documented policies as part of their SharePoint implementations, says Concannon, including rules about what types of content is permissible.

While each organization will have its own definition of permissible content, the most secure SharePoint implementations are governed by policies that take into account who is allowed to review or publish content, and what content itself is appropriate for storage within SharePoint.

Educate Employees

Another key to a secure SharePoint implementation is educating users about the privacy and confidentiality rules set up by IT that protect both the employee and the company.

"On one level this means simple user training," says Concannon. "But it could also mean creating a "terms of service" screen that comes up as users are creating their own My Site, for example."

Use Classification to Guide Behavior

One configuration available in SharePoint that protects content is a classification screen that pops up every time a document is added. These classification screens are based on categories set up by IT to enforce what should and should not be in the system.

"Classification screens will let you know if a document doesn't fall into one of the designated categories," says Concannon. "If it doesn't, don't publish it."

Don't Forget to Enforce the Policies

Once the business rules are in place for SharePoint, says Concannon, IT managers must enforce them and let users know when violations occur. One approach is to provide users with a way to tag content they consider to be "inappropriate."

Automated software is also available from HiSoftware and other vendors to check SharePoint content before it is published to avert the posting of non-compliant content. Features like automated content scans can be used to validate specific regulations in SharePoint that are designed to prevent privacy breaches and confidentiality leaks.

Social Tools: Find the Right Balance

One area in SharePoint that needs to be watched closely is social networking, says Concannon. Social features like blogs, wikis, communities, My Site profile pages and forums have been featured more prominently in SharePoint 2010. While these popular tools can improve communication and productivity, they are potential compliance landmines.

[ For complete coverage on Microsoft's SharePoint collaboration software -- including enterprise and cloud adoption trends and reviews of SharePoint 2010 -- see's SharePoint Bible. ]

To safeguard this new wave of Web 2.0 content as well as plain old documents, HiSoftware recommends a balanced approach where collaboration and information sharing is encouraged, but security regulations are enforced within departments to prevent, say, a legal document about a potential merger from being viewed by the wrong person.

Shane O'Neill covers Microsoft, Windows, Operating Systems, Productivity Apps and Online Services for Follow Shane on Twitter @smoneill. Follow everything from on Twitter @CIOonline. Email Shane at

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsMicrosoftsoftwarecollaboration

More about Microsoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Shane O'Neill

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts