SharePoint DLP: Don't Bring a Gun to a Knife Fight

Tuesday, September 13, 2011

Thomas Logan


"You wanna know how to get Capone? They pull a knife, you pull a gun. He sends one of yours to the hospital, you send one of his to the morgue. That's the Chicago way!"

- Officer Jimmy Malone to Elliot Ness in "The Untouchables"

Officer Malone's advice served Elliot Ness well in his battle with Al Capone. However, CIOs should consider carefully what type of fight they are in when securing SharePoint.

Unlike Ness' battle to bring one of the world's most notorious gangsters to justice, you may not need to invest in the "big guns" and in fact find that a more cost-effective "knife" is available that suit your SharePoint DLP needs.

SharePoint is growing like crazy. One AIIM study found that nearly 58% of respondents are using SharePoint, twice as many as were using it just two years ago. Of course, this adoption comes with challenges-namely in the area of security. AIIM reports that 80% of organizations still do not have the confidence in SharePoint's security to use it as a repository for sensitive or confidential documents.

SharePoint finally delivers on the Enterprise 2.0 promise industry analysts have discussed for years. But, its collaborative and content sharing capabilities mean sensitive information can easily, and often accidentally, be put at risk. CIOs need to come up with a solution to this content security challenge, while still allowing the positive business benefits of SharePoint's collaboration capabilities in your organization.

This issue is not unique to SharePoint. Gartner reports that more than 60% of companies still need Data Loss Prevention technologies to protect such information as credit card and social security numbers, customer data, electronic medical record, intellectual property and financial information. However, SharePoint is unique in the potential for more cost-effective approach to DLP within your organization. Let me explain why.

While expansive (and expensive) "enterprise-data loss prevention" (think Gun) technologies exist, Gartner advises that "channel-data loss prevention" (think knife) is adequate for the majority of organizations (~70%).

Gartner defines "channel" in channel-DLP as the communications channel inspected for the sensitive data. If SharePoint is your organization's primary collaboration channel, you should consider the use of a channel-DLP solution to provide the content governance you need to fill the SharePoint security-gap.

The good news is that, unlike most other ECM platforms, SharePoint has entire ecosystem of developers and technology companies anxious to help CIOs address specific needs within the platform-including DLP for the SharePoint channel-while realizing its core benefits.

Channel-DLP for SharePoint means that for many CIOs what may have appeared to be a six figure (or more) purchase to address one significant area (channel) of risk is not necessary.

It may in fact be the case that you are in a knife fight and buying a gun would be over kill.

Possibly Related Articles:
Cloud Security
Information Security
Microsoft Cloud Security Data Loss Prevention Chief Information Officer CIO SharePoint
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.