The study found that interest in salary details had dropped, by over 50%, in 2014 to just 22%, but there was a marked increase in accessing other types of employee details – from 15 to 22%. Valuable data assets - such as insider information and Intellectual Property, also saw significant rises of around 50%. Håkan Saxmo adds, “While it is unclear why there’s less interest in what others earn, one hypothesis is that the recent economy has encouraged people to consider changing employment, and are therefore looking for information that could prove useful securing a new role.”
With compliance high on many organizations’ agendas, it’s perhaps surprising that 36% of organizations do not audit their system, and therefore can’t be sure if they’re putting sensitive and confidential data at risk or not. Interestingly, a higher percentage of organizations undertake an internal compliance audit of their SharePoint environments (53%) than an external compliance audit (28%) – of which 25% perform both.
Findings this year show that a greater percentage of organizations no longer allow third party access to their SharePoint environment. While it is unclear why this appears to have tightened, it could be related to the high percentage of organizations (79%) storing sensitive and confidential information in their SharePoint environments and the fear of exposing it to others. Over half of respondents (56%) reported that mobile access to SharePoint applications and data is an issue within their organizations.
Håkan Saxmo concludes, “There are three key take-aways from this study – firstly, there needs to be a separation of duties, so that SharePoint administrators are only responsible for performing normal administrative functions in SharePoint: setting up sites, libraries, content types, meta-data columns, access rights and configuring page layouts, etc. They should never have full visibility to all content, as it presents compliance issues and a security risk. Secondly, employing technical controls that enforce information security policies automatically, without changing the user experience, is fundamental to the rules being maintained. Users won’t follow the rules, just because they are there! And finally, with the proliferation of mobile devices (smart phones and tablets), having a secure solution for mobile users who need access to SharePoint and other web-based applications is a critical issue for the majority of organizations today.”