To effectively manage your SharePoint platform, you implement an always up-to-date inventory of your applications. What’s more, you have a way to automatically assess their quality. But how do you translate your technical findings and the recommended next steps to your management?
Other blogs in this series:
- Assess what’s in your SharePoint environment
- The dark side of SharePoint applications
- The business impact of your SharePoint applications (this blog)
- 3 tips for efficiently handling alerts about your SharePoint applications
- How often do you scan your SharePoint applications for vulnerabilities?
SharePoint is customization
Every organization in the world that uses SharePoint tailors it to their needs. That’s a fact. By adding applications, employees truly make SharePoint a part of their everyday work and benefit from it to work more effectively. Typically, organizations have several big applications, commissioned and managed by IT. But there is more. Everyone using SharePoint can use their existing skills and add applications they need in their daily work. Whether it’s simple widgets that conveniently show important information, InfoPath forms that simplify data entry or Flows that automated mundane tasks. Everyone customizes SharePoint. I think we all agree with that.
Control the uncontrolled
When SharePoint adoption takes off in your organization and users truly start to use it every day, in no time you will see new applications of all types. Some look like they’ve been hastily hacked together, some are thought through and some are engineered by professional developers.
Implementing an automated inventory to track the applications is a good decision. At all times, you know what’s happening in your platform, what kind of applications are being built and how you can use your resources to help your colleagues get the most out of SharePoint. But now that you know what applications you have and where the room for improvement is, how do you communicate it to the management?
(Mis)communication
You wouldn’t be the first to have bad experiences trying to explain to upper management the state of your platform and what should be improved and why. Especially if you have a technical background, you would defer to using technical terms only to face disinterest or ignorance.
It’s not that your organization doesn’t care about its security and doesn’t want to stay out of the news. Technology is complex and it’s a full-time job to stay on top of the latest developments. The good news is, that you can help everyone in your organization to understand the current state of your platform. Here’s how.
Technical issues to business threats
Imagine you discovered that one of your SharePoint applications loads a third-party JavaScript library from an external server. What threats does that pose to your organization and its data?
If the application doesn’t verify the integrity of the external library, someone could modify its contents and the application could load malicious code into your environment, circumventing its security. Using the SharePoint API, malicious code in the library could access documents in the intranet on behalf of the current user and leak their contents to third parties. This is a high impact data loss threat which is also probable to happen.
Let’s continue. If the server where the JavaScript library is hosted has a different SLA than servers hosting your intranet, it could happen that it will undergo maintenance during your business hours. This could lead to application outage impacting your organization. The impact could vary depending on the importance of the application in your organization.
You see the pattern. By following the above approach, you can translate technical findings to threats that could affect your organization. By understanding the impact and probability of these threats, you can establish a risk profile and help your organization to make an educated decision whether the particular threat should be mitigated or if your organization is willing to accept the risk.
manage SharePoint applications
Looking at technical findings from the business point of view will help you and your peers to make more informed decisions about which risks you’re willing to accept and which you want to mitigate. If you work in an enterprise-scale organization, you will likely find tens if not hundreds of thousands of technical issues of various severities. Manually translating them to business threats will be impossible. So ideally, it should be a part of your automated inventory helping you to spend your time on making better decisions.
