Know your insider security threats
As more organizations are storing more sensitive business content and data, security becomes a top concern. Most deal well with hacks from outside the organization, via encryption, preventing data from being downloaded onto mobile devices or moved via e-mail, and many other techniques. Those same organizations, though, have a difficult time assessing vulnerabilities from threats that originate inside the organization.
Metalogix this week has announced the creation of an Insider Threat Index, designed, the company says, to "assess SharePoint security against nine key best practice metrics.? The idea is to give organizations insight and visibility into the risks of exposure from people within the organization.
Those threats are not always malicious; in fact, most of them come from carelessness or thoughtlessness. For instance, someone might download a document and then share it with someone who should not have access to that document. Or someone might have it sent to their mobile phone to work in the field, though the phone does not have protections.
Among the best practices to mitigate vulnerabilities, according to Metalogix's threat vulnerability checklist, are:
? Assigning direct permissions to users
? Correct use of all authenticated user groups
? Isolation of managed service accounts
? Knowledge of Active Directory "blind spots?
? Keeping farm administrator duties for management of the farm, not the content
"Collaboration platforms like SharePoint provide tremendous workforce productivity by allowing for the sharing and editing of content across the organization very rapidly. With this increased collaboration and productivity comes a significant risk for inadvertent and intentionally malicious insider threats and leaks if organizations leave their content inadequately secured,? said Steven Murphy, CEO of Metalogix, in a statement announcing the index.
The Index is being offered by Metalogix as a free desktop download-no server components required-and the results can be presented via dashboard or turned into a PDF for distribution among security stakeholders.