A Growing Bank, Exploding SharePoint Risk

The Challenge

While SharePoint is an excellent tool for collaborating teams, there are some specific issues that make SharePoint a pain point in the Identity Access Management space:

• Granular Access Control: SharePoint allows for highly granular access control at various levels, including sites, libraries, folders, and documents, making it tough to ensure proper access governance.
• User Roles and Groups: SharePoint allows organizations to define custom roles and groups, but managing these while ensuring they align with organizational security policies can be complex. Without proper governance, unnecessary or inappropriate permissions may be granted.
• Document Sharing: SharePoint makes it easy for users to share specific documents with specific audiences, creating document level access points which are a challenge to manage and control.
• External Collaboration: SharePoint often involves third-party collaboration. Managing access for external users while maintaining security can be complex and requires a robust IAM strategy.
• Heavily nested AD Groups: Leveraging heavily nested AD Groups in SharePoint permissions wreaks havoc on the ability to perform accurate entitlement reviews. Often, this can obfuscate the true effective membership and thereby the true entitlements to the owner.

Until this point, SharePoint had escaped the attention of the IT audit team and was not a priority for the bank’s security and risk teams. The new audit schedule exposed SharePoint access issues and its lack of controls. The institution first needed to assess and present the issue, then determine action and budget to deliver a comprehensive remediation program. As SharePoint is a specialty application, the bank’s security team lacked the skills to quickly perform the assessment and subsequent remediation.