2016's most important SharePoint takeaway: Hybrid environments are going nowhere, fast
Hybrid environments are here to stay and will be for a long time. Microsoft’s release of SharePoint 2016, with its hybrid features and functions, is a significant proof point.
Yet as hybrid environments are put to use, compliance challenges don’t change. Distributed workforces, unstructured content and heavily regulated sensitive data call for the same security on-premises, in the cloud and everywhere in between.
Factor in worldwide government and geographical requirements to which each unique public or private sector company must adhere, and it’s no wonder we can’t go two news cycles without some organization, somewhere being breached.
The approach of building a wall around infrastructure is unrealistic because it limits collaboration. In hybrid environments, security has to be a dynamic, real-time strategy that considers context—how each user can access and use a particular piece of data, from where, when and for what purpose.
Balancing enterprise security with user flexibility is critical
Users are smart—they want to get their jobs done as quickly and easily as possible, which demands collaboration tools. However, if IT teams can’t maintain a yin/yang balance, users will find a way to bypass security to do their job. When that happens, enterprises have an internal threat, whether the intent to harm is there, or not.
Microsoft is making great strides to enable collaboration and is beefing up RMS encryption and classification
Employee negligence including unintentional loss of data is becoming more commonplace. It’s as easy as someone gaining, or being given, authenticated user access to restricted information, accidentally attaching the wrong file to an email, or unintentionally filing a document in an incorrect location.
Traditional data security relies upon group user permissions and encrypting data at rest, but this does not accommodate the flexibility granted by cloud applications, or the ever-changing collaboration needs of global mobile users.
Safely adopting SharePoint/Office 365 for increased collaboration
SharePoint and Office 365 demand a real-time, dynamic security approach that controls user access to data—who can see it, what they can do with it, how they can share it and when—and must address the connectivity and collaboration needs unique to each situation, user, department, company, third party, etc. In addition, expanding the hybrid attack surface for internal and external hackers requires a company to be even more nimble and enforce dynamic controls, in real-time, in a matter of milliseconds.
The continuously improving features of SharePoint and its ability to leverage data through OneDrive and Office 365 for advanced collaboration should scare IT managers, but not to the point of resistance to adopt. It should elevate the importance of security and the need for new, progressive strategies that empower companies to tackle security in different, more effective ways.
Beware: Don’t rely on employees
How do you ensure that users know that the data they’re working with shouldn’t be shared or used? The reality is, you can’t.
Too frequently, companies classify and encrypt data and then rely upon users to properly interpret and respond to that classification. While there is a time and place for empowering employees and continuing education to increase personal and professional value, matters of SharePoint and Office 365 security are not one of them. It’s not possible to thoroughly educate everyone that accesses data to the point of 100 percent confidence in their ability to grasp the endless security requirements involved.
Companies continue to struggle with data security policies and the abilities of their human resources to comply. Whether security is just too massive, or the proper motivational tools for good behavior aren’t in place, is irrelevant. Companies have to be sure now, as they don’t have the luxury of trial and error when security is at stake.
Therefore, any SharePoint strategy should focus primarily on the data and security of it, and security should not be the sole responsibility of the people who touch it.
A prediction for 2017 and beyond
Microsoft is making great strides to enable collaboration and is beefing up RMS encryption and classification. Companies will continue to adopt these new technologies, while having some amount of data in various places that require more agile SharePoint security strategies.
Certainly the mobility of people, data and business is not changing—nor is a company’s willingness to abandon those hefty capital investments already made in still depreciating on-premises servers. Soon enough, however, a complete move to the cloud is likely eminent.
Companies are continuously assessing what data they have, where it should reside, who is using it, why and for what; tackling the relationships between certified and uncertified systems; and reevaluating legacy strategies like staticencryption, and new best practices like dynamic access control.
Throughout all of this, IT Teams are taking into account compliance and data security policies for privacy and confidentiality, intellectual property and trade secret protection, data loss prevention, enterprise social communications, PII and PCI compliance, HIPAA requirements, accessibility guidelines, and more.
To what end?
Companies remain committed to using a centralized, cost-effective data security solution for SharePoint that’s balanced to their unique needs, and to ensure compliance as well as protection against breaches to mitigate risk.