Monday, January 26, 2009

Survey: Despite Increasing Sophistication in Web Threats and Cybercrime, Most SharePoint(TM) Users Are Inadequately Protected

/PRNewswire/ -- There appears to be a void in security around companies' Microsoft SharePoint infrastructure even though SharePoint usage is on the rise. This puts SharePoint servers and employee PCs at risk for data-stealing malware; outside customers, clients, partners, and remote employees who share the same collaboration platform also become vulnerable to the growing complexity of Web threats that can spread silently, but destructively.

A survey conducted by Osterman Research and commissioned by Trend Micro of 269 IT managers involved in overseeing the messaging and collaboration infrastructure of their organizations found that only 60 percent have currently deployed security, leaving 40 percent unprotected. Of those with security, many organizations are still vulnerable -- they are relying upon file server antivirus products, which fail to adequately protect SharePoint content and users.

The survey, which involved companies from North America, France, Germany, Sweden and the U.K., also found that many of these organizations allow external users to access their SharePoint systems: 48 percent of these outside users are contractors, 38 percent are business partners, 30 percent are affiliates, and 20 percent are customers. This leaves endpoint security outside a company's control and increases the potential impact of data loss and compromise.

The survey showed that approximately seventy-two percent of SharePoint users surveyed cite protecting business-sensitive information as the biggest need for SharePoint security, and 43 percent cite preventing malware as their top concern.

Web threats have increased by nearly 2000 percent since 2005 and collaboration systems like SharePoint that enable real-time interaction and information sharing are more vulnerable than ever to cybercriminals who target business-critical information. The sophistication of these threats, many of which are executed through social engineering tactics, demand security that keeps SharePoint repositories free of viruses, worms, Trojans and spyware, as well as protect against data loss.

"While real-time collaboration enables efficient day-to-day business operations, these tools can also increase security risk by opening new pathways for cybercriminals to enter into a corporate network," said Dave Lieberman, director of messaging security for Trend Micro. "Trend Micro encourages all companies to consider solutions that have SharePoint-specific security capabilities such as Trend Micro's PortalProtect(TM), and not rely solely upon general server antivirus products that do not provide complete and adequate protection."

"For many organizations, [we] found that SharePoint security is considered a "nice to have", but that security capabilities deployed at the gateway, server and endpoint level are perceived to be sufficient to protect SharePoint servers from malware and related threats," said Michael Osterman, founder and president of Osterman Research. "However, deploying anti-malware software at the endpoint or on a server does not fully secure the SharePoint environment (the underlying database, Web pages, etc.) Organizations should understand that deploying SharePoint at all layers of the network and on all systems is key to providing complete protection from all threats."

Trend Micro's PortalProtect was the first security solution integrated with Microsoft SharePoint and is built on proven enterprise security technology for reliability and interoperability. It provides a centrally managed solution to effectively secure SharePoint Portal systems and their users. PortalProtect is part of the Trend Micro(TM) Communication & Collaboration Security family, which is powered by the Trend Micro(TM) Smart Protection Network. With the Trend Micro Smart Protection Network, a cloud-client content security architecture delivering correlated, up-to-the-minute threat intelligence, customers get immediate protection across their Microsoft(TM) Exchange, SharePoint and Office Communications Server (OCS) environments.

Other notable findings from the survey:

-- Deployment of SharePoint security is more prevalent in Europe. Among North American respondents, 58 percent of respondent organizations have deployed security on their SharePoint servers and another 27 percent plan to do so in the next 12 months. Among European respondents, 62 percent have done so and 24 percent plan to deploy security in the next 12 months. Globally, there are a variety of reasons cited by organizations for using SharePoint, including improvement of remote or regional communication (74 percent), improvement in the speed of decision making (56 percent), reducing in-person meetings and travel expenses (55 percent) and improving communication with external partners or vendors (34 percent).

-- Where they are deployed, the focus of SharePoint security concerns appears to be much more on protecting sensitive information than on traditional malware and similar threats. There was somewhat more concern about security for SharePoint from an information-protection perspective in Europe which may be related to the stricter information privacy regulations in Europe.

-- Organizations who use SharePoint often allow access to their SharePoint systems to outside partners and vendors, making it difficult for organizations to control security. Among such organizations, 31 percent allow access to affiliates, 38 percent allow business partners, 48 percent allow contractors or consultants and 19 percent allow customers.

-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page

No comments: