SharePoint and Security: A Survey of SharePoint Stakeholders

Transcription

1 SharePoint and Security: A Survey of SharePoint Stakeholders December

2 Key Findings Non-employee access to on-premise SharePoint desirable 76% have had requests to grant non-employee access 72% say requests for non-employee access are increasing 86% say cloud collaboration is driving demand for non-employee access External access granted, in spite of concerns 97% have security concerns about non-employee SharePoint access 76% grant non-employees access to SharePoint, although only 5% grant full internal access Only 7% run audits of external SharePoint access at least weekly Microsoft hosted SharePoint (Office 365) not a magic bullet 82% concerned about hosted SharePoint Top concern is documents being copied outside of controlled systems 2

3 METHODOLOGY AND PARTICIPANTS 3

4 Goals and Methodology Research Goal Methodology Participants The goal of this survey was to evaluate current approaches, experiences and opinions of SharePoint security. An online survey was sent to independent databases of technology and business professionals responsible for SharePoint. Dell was not revealed as the survey sponsor. A total of 202 individuals participated in the survey. All had responsibility for administration, technical oversight, or business ownership of Microsoft SharePoint. All worked at companies with more than 500 employees. 4

5 Participant Demographics Company Size Role with SharePoint More than 5,000 employees 26% 500 1,000 employees 27% Business stakeholder 24% SharePoint admin reporting to IT 24% 1,000 5,000 employees 47% IT manager or executive 39% SharePoint admin reporting to the line of business 13% Role with SharePoint Security I have no responsibility for security 25% Security is a significant part of my job 43% Security is a small part of my job 32% 5

6 Participant Demographics (con t) Industry Manufacturing 19% Technology 16% Financial Services 15% Healthcare 14% Services 7% Energy and Utilities 7% Transportation 7% Other 4% Retail 4% Federal or State Government 3% Telecommunications 3% 0% 5% 10% 15% 20% SharePoint Hosting On-premise Hosted by Microsoft (Office 365) 21% 91% Hosted by someone other than Microsoft 4% 0% 20% 40% 60% 80% 100% 6

7 DETAILED FINDINGS 7

8 SharePoint access frequently requested for non-employees Have you ever been asked to give non-employees (i.e. consultants or partners) access to your on-premise SharePoint environment? n = SharePoint hosted on-premise No 24% Yes 76% 8

9 Requests for non-employee SharePoint access are increasing How have requests to grant access to your on-premise SharePoint environment changed in the past three years? Less requests 5% n = SharePoint hosted on-premise for more than 3 years, have had requests for non-employee access The same 23% More requests 72% 9

10 Cloud-based collaboration increases requests for non-employee SharePoint use In your opinion, has the increased in requests to grant access to on-premise SharePoint environments been impacted by experiences with cloud-based document collaboration such as Dropbox, Box, and Google Docs? No 14% n = requests for non-employee SharePoint access increased in past three years Yes 86% 10

11 97% have security concerns about granting non-employee access Do you have any concerns about the potential for security breaches when granting non-employees access to on-premise SharePoint environments? Choose all that apply. n = SharePoint hosted on-premise Read-only documents can still be copied and transferred via Ongoing maintenance of external accounts (i.e. termination, renewal) Inadvertently lax security exposes sensitive data 60% 63% 69% Properly identifying outside staff and responding to service requests 50% Introduction of malware 40% Increased exposure to Denial of Service attacks 33% I have no concerns 3% 0% 10% 20% 30% 40% 50% 60% 70% 80% 11

12 Access to SharePoint granted in spite of security concerns, but with limits Do non-employees currently have access to your on-premise SharePoint environment? n = SharePoint hosted on-premise No 24% Yes 29% Limited access to a subset of SharePoint sites 47% 12

13 Only 5% grant full internal SharePoint access to non-employees What level of information access do you allow non-employees access to your on-premise SharePoint environment? n = SharePoint hosted on-premise, allow non-employee access Targeted access to select project/team site 82% Departmental access 46% Personal/Team/MySite 36% Corporate/Intranet/HR-only access 18% Full internal access 5% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 13

14 Only 39% publish guidelines for non-employee access Does your organization have consistent, published guidelines for allowing non-employees to access on-premise SharePoint? n = SharePoint hosted on-premise, allow non-employee access Yes 39% No 61% 14

15 Only 36% monitor external SharePoint access Does your organization have consistent, published guidelines for on-going monitoring of external access to on-premise SharePoint? n = SharePoint hosted on-premise, allow non-employee access Yes 36% No 64% 15

16 Only 42% audit external user SharePoint access Does your organization audit external user access to on-premise SharePoint? n = SharePoint hosted on-premise, allow non-employee access Yes 42% No 58% 16

17 Only 7% run SharePoint access logs at least weekly How frequently do you run access logs of external users of on-premise SharePoint? Choose the one answer that most closely applies. Weekly 4% Daily 3% n = SharePoint hosted on-premise, audit external access logs No set schedule 29% Monthly 64% 17

18 82% concerned about security of hosted SharePoint Do you have any concerns about the security of Microsoft's hosted SharePoint (Office 365)? Choose all that apply. Information "leakage" as files are copied out of controlled systems Exposure of sensitive data Unauthorized access 59% 62% 65% Overly restrictive security leads to lack of adoption Overly restrictive security causes collaborative 'friction' (takes too long, duplicate content, e.g.) Increased risk of malware or similar destructive activity Easier for government to subpoena users and data Functional constraints keep critical data away from platform and out of management No security concerns 18% 18% 31% 29% 24% 24% 0% 10% 20% 30% 40% 50% 60% 70% 18

19 Partners and general public cause most concerns about unauthorized access What types of individuals are you concerned about unauthorized access of Hosted SharePoint? Choose all that apply. General public 71% Partner 69% Customers 50% Employees 29% 0% 10% 20% 30% 40% 50% 60% 70% 80% 19

20 88% see value in SharePoint social capabilities Do you see value in the social capabilities available in SharePoint for example tagging, sharing, and commenting on documents? Easier engagement with non-employees 55% Easier engagement with mobile staff 48% Integration with other cloud offerings 30% Functional advantages compared to on premises Treating IT as operating expense over time, rather incur high one time capital expenditures 27% 26% Reduce cost of on premises data center operations 21% We don't see any value in SharePoint's social capabilities 12% 0% 10% 20% 30% 40% 50% 60% 20

21 86% have concerns about the security of using SharePoint social Do you have any concerns about the security implications of using SharePoint social? Choose all that apply. Inadvertent disclosure of the existence of privileged data (e.g. mergers and acquisitions) 61% Increased security complexity caused by sharing breaking inherited permissions across the environment 59% Social can be used to widely distribute privileged information 46% Security complexity slows down the speed of accelerated collaboration 42% No concerns 14% 0% 10% 20% 30% 40% 50% 60% 70% 21

22 APPENDIX 22

23 Few companies use SharePoint as their only collaboration solution Does your organization use any of the following for collaboration? Choose all that apply. Microsoft SharePoint 100% Google Docs 72% DropBox 58% Box.net 38% Yammer 26% 0% 20% 40% 60% 80% 100% 23

24 For more information About Dimensional Research Dimensional Research provides practical marketing research to help technology companies make smarter business decisions. Our researchers are experts in technology and understand how corporate IT organizations operate. Our qualitative research services deliver a clear understanding of customer and market dynamics. For more information, visit About Dell Software Dell Software helps customers unlock greater potential through the power of technology delivering scalable, affordable and simple-to-use solutions that simplify IT and mitigate risk. The Dell Software portfolio addresses five key areas of customer needs: data center and cloud management, information management, mobile workforce management, security and data protection. This software, when combined with Dell hardware and services, drives unmatched efficiency and productivity to accelerate business results. For more information, visit 24