300.000 organizations world-wide customize SharePoint to make the platform an even better fit for their needs. What they don’t realize is that customizations can leak their confidential data. But does that mean you should completely stop customizing SharePoint?
SharePoint, for everything
Over the years Microsoft SharePoint became known as the organizational swiss army knife. Organizations use SharePoint for virtually everything. Project teams use SharePoint to collaborate. Marketing and communication departments build highly-branded portals where they share the latest corporate news and announcements. Organizations use SharePoint as an application platform to host business-critical solutions. The list goes on and on.
And while SharePoint offers rich capabilities out of the box, it’s by customizing it, that organizations truly benefit from SharePoint’s full potential.
A brief history of customizing SharePoint
Originally SharePoint was a server product that organizations hosted on their premises. Only later, with the announcement of BPOS and later Office 365, customers could subscribe to SharePoint hosted by Microsoft.
When organizations were hosting SharePoint themselves, they could deploy customizations to their servers. But this is not an option in the cloud. In Office 365, multiple organizations use the same SharePoint server. If one of them would deploy assemblies to the server, these assemblies could degrade the performance for other customers and even potentially access their confidential data. This is not acceptable.
Using SharePoint’s powerful APIs developers can do everything from retrieving data stored in lists to searching for confidential documents and downloading complete documents. It’s also possible to change user permissions using SharePoint APIs, giving all employees access to confidential data in the organization.
The risk is real! There is not a single organization out there that uses SharePoint and doesn’t use jQuery or other script hosted on the internet. In many cases, they have no idea what’s inside the script they are loading on their corporate pages and who has the access to update these scripts. The hundreds of thousands of dollars spent on security are pointless because of this. A convenient weather widget, live traffic report or a fancy organization chart web part can without any effort bypass all advanced security, multi-factor authentication, enterprise-grade firewalls and threat detection systems and leak confidential data, just like that.
Trust, but verify
Through the recent investments in SharePoint customization capabilities, Microsoft gives the control back to administrators. Still, as long as organizations don’t review the scripts they are using in their solutions, they could be leaking confidential information without even knowing about it.
Regaining control over the security of your confidential data stored in SharePoint is a tedious process, but you can’t afford to not do it. The reputation of your organization and its success are at stake. The longer you wait, the bigger the risk.
Rencore’s Governance and Risk Prevention solutions help you minimize risks by continuously analyzing and monitoring your customizations. Find out how to take back control of your organization’s customizations today!