Re: Sensitive Data on SharePoint

["Sherry, Cathy" <csherry () UMASSP EDU>]

I recently received the following whitepaper information related to
SharePoint that may be of interest:

 

TITLE: "Seven Questions to Ask Yourself about Your SharePoint
Environment"

URL: http://go.techtarget.com/r/4304643/4848419/8

PUBLISHER: Quest Software

TYPE: White Paper

 

I have not had a chance to read the whitepaper yet but the summary
sounded interesting.

 




:: Catherine Sherry, CISSP, CISA - Principal Security Specialist
:: University Information Technology Services (UITS)
:: University of Massachusetts President's Office


:: 508-856-1547
:: 508-856-4844 Fax
::  <mailto:csherry () umassp edu> csherry () umassp edu

University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA
01545 :  <http://www.massachusetts.edu/> www.massachusetts.edu

 

  _____  

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Alex
Sent: Tuesday, August 26, 2008 10:08 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Sensitive Data on Sharepoint

 

I wanted to find out if anyone is using Microsoft SharePoint to house
confidential or sensitive information.

I have some concerns, mainly at a fundamental level since I am not a
SharePoint expert.

It seems that SharePoint is really more about collaboration than
security and I have concerns about misconfigurations.

If anyone is doing this, do they have two seperate instances (secure and
insecure) or do they share an instance?

For storing sensitive data, we have pretty rigorous requirements.

I guess its a question about what is the risk of using SharePoint versus
some other method (secure file server).

 

Sincerely,

 

Alex Everett, CISSP

ITS Security Engineer

University of North Carolina at Chapel Hill

919.445.9390