3 Challenges of Managing SharePoint Access and Security

SharePoint is an excellent platform for collaboration. The problem is with so many security requirements across an organization, it is nearly impossible to keep up with all the demands for file permissions without impacting collaboration flexibility. Everyone is looking for a more effective way to address SharePoint access and security without overburdening IT staff or overly restricting end users. It’s a balancing act between ensuring information is secure without slowing down collaboration.

SharePoint Security Approaches Today

There are two fundamental approaches that organizations use to secure content in SharePoint today: restrict user access and apply file encryption.

Approach 1: Restrict User Access

User access tools allow administrators to juggle inherited permissions, maintain multiple user groups or create unique silos for specific sharing scenarios. User access can be restricted to completely secure files to the point of rendering collaboration impossible.

Restricting user access also results in several SharePoint administration problems:

• Difficulty to manage and maintain users belonging to hundreds of groups
• Too many permissions requests and the need to handle exceptions
• Users bypass security to work around burdensome restrictions
• Complicated inter-rule interactions can yield unforeseen outcome

Approach 2: Apply File Encryption

File encryption tools are used to protect sensitive files that must not be mishandled. When user access has been relaxed, organizations can encrypt the files to ensure that the data is safe when it is being used.

When too many files are encrypted at rest, however, usability is often sacrificed:

• Files are not indexed or searchable, so they can be difficult to use
• Files cannot be scanned for content, so they may be inappropriately categorized
• Encryption key management and revocation requests can overload IT and inhibit sharing

User access restrictions and file encryption, combined with complicated permissions and exceptions, make it difficult to have secure and collaborative environments.

What SharePoint Access and Security Capabilities are Missing?

SharePoint offers some native tools to help, but they are static, leading to other challenges.

1. User access permissions are static – They do not change as the user moves between networks, devices, and even countries.
2. File encryption templates are static – They are generally applied to all files of a certain classification, regardless of how the content changes over time or how that file is used.
3. Identification of sensitive content is limited – While advancements have been made with Microsoft’s cloud-based offerings, there are still limited out of the box (OOTB) options for identification and classification within SharePoint on-premises.

Static access permissions and file encryption templates do not work in the modern dynamic, ‘always on’ workplace. Coupled with a lack of insight into nature of the information within files makes securing content within today’s evolving SharePoint environments especially challenging when considering:

• Remote work, BYOD, and unsecured devices
• Large numbers of users and groups
• Mixed or legacy SharePoint environments (on-premises, cloud, hybrid) with inconsistent security tools
• A complex matrix of overlapping permissions such as security clearances or project teams or external collaborators and guest users
• How the sensitivity level of content changes over time
• Regulations that vary by country or data transmission methods

What’s missing is dynamic security.