- 10 Microsoft research projects
- 10 kitchen gadgets for the geek gourmet
- Verizon trounces competition
- Smartphone smackdown: Storm vs. iPhone
- FBI warns of holiday cyber scams
Microsoft SharePoint has many fans these days, but Andre Koot isn't among them.
Koot, information security manager at the Unive Verzekeringen insurance company in the Netherlands, says implementing it is a lot like getting a tooth pulled.
"The concept of SharePoint is okay, but every implementation is hard and miserable," he says. "SharePoint is the contrary of a Ferrari - great to own, bad to use."
The business world has enthusiastically embraced SharePoint, a collaboration platform that lets organizations host Web portals to shared workspaces and documents, including wikis and blogs. The problem is that it's an absolute bear to manage, according to some IT security pros. One of the biggest problems, they say, is configuring it in a secure manner.
That discomfort persists even though third-party vendors like Epok and Captaris have developed security add-ons for SharePoint Server 2007 that close some of the holes.
Complexities they don't understand Brendon Taylor, a director and principal consultant for Business Aspect Pty Ltd. in Australia, tries to help clients get a handle on their risk environment, find the right security strategy and develop procedures around it. Asked about the SharePoint difficulties he has come across, Taylor offered up four examples:
1. The unintentional or unplanned devolving of security administration away from the traditional skilled and knowledgeable user administration groups within IT out to business users or administrators who do not understand the complexities of roles, role group changes and authorization.
2. Transactional workflows built into Sharepoint that incorporate the problem above as well as business administrators changing delegations of authority for workflow approvals and the like.
3. Admin-level access to sites and generally poor permissions on sites affecting numerous sub-sites.
4. The habit of organizations to ignore Sharepoint updates and service packs.
Those problems are consistent with what Burton Group VP and Service Director Gerry Gebel comes across when talking to clients. Part of the problem is that it's difficult to automate user administration because SharePoint isn't designed for that kind of provisioning, he says.
"Because of that, most people rely on this loose connection between Active Directory and SharePoint and try to provision accounts and group membership to Active Directory directly," he says. "But it requires manual intervention to make all of that work well, and that can be painful."
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment