Many organizations who use SharePoint struggle with keeping track of the applications they have in their environment. And it’s not surprising. There are many ways in which users can tailor SharePoint to their needs: from embedding a few-lines-of-code-widgets to adding bespoke applications built by professional developers. No matter their proficiency with technology, everyone can tweak SharePoint to their needs so they can work more efficiently. Unfortunately, SharePoint doesn’t offer an easy way to keep track of how users extend SharePoint beyond what’s available out of the box. And that’s a problem.
Other blogs in this series:
Typically, SharePoint applications use existing building blocks, like third-party JavaScript libraries. When loaded into your environment, these libraries get access to your data. And while you might have invested in keeping bad actors out, these applications are already in your environment and there is nothing preventing them from calling out and sharing your data externally.
Data loss is not the only risk related to SharePoint applications. Many organizations struggle with modernizing their environment or migrating it from on-premises to the cloud. As the migration proceeds, they come across more and more applications they knew nothing of and try to understand what they are along the way. It unnecessarily leads to increased migration costs and duration.
In our assessments of enterprise SharePoint environments, we discover tens of thousands of SharePoint applications. Many of them are built over years but have never been upgraded because they just work. Some of them use deprecated technologies, some of them use libraries with known vulnerabilities. Not one person is aware of it, because, on the outside, everything seems to be working just fine.
Don’t get me wrong. The fact that your users are building applications is a good sign. In fact, it’s a compliment to you and your organization. It means that SharePoint adoption succeeded and people are comfortable with using SharePoint to simplify their every days work. But there is another side to it as well. One, that many platform owners don’t realize.