Forum Discussion

saulmarg's avatar
saulmarg
Copper Contributor
Jul 30, 2024

Cybersecurity concerns with building apps in on-premise SharePoint

A friend of mine would like to develop a browser-based  app that will be used by financial institutions. 

I’m evaluating using SharePoint because:

  1. The data to be captured and stored is confidential and the companies will not want the data to be hosted in the cloud
  2. To allay cybersecurity concerns (and avoid bureaucracy) about installing a new app in the corporate IT environment, it has been suggested to build the app on software architecture that is already available
  3. Most large financial institutions already have on-premise SharePoint installations

 

Is the logic behind using SharePoint valid?  Is there less red-tape around deploying an app on an existing SharePoint installation compared to an app on a platform that the company is not currently using?  Do you think there’s a better software platform than SharePoint for this use case?

 

Thanks

Saul

  • IdontKnowMan's avatar
    IdontKnowMan
    Copper Contributor
    I would think it would all depend on the data your app is trying to store.
    To my understanding there are federal requirements for how to properly protect finical information, such as credit card info and i would also guess client info.
    So by trying to go around the IT department you could possibly be setting the company up for legal issues if app wasnt set up properly. This shadow IT area is the bane of cybersecurity because the standard user may not even be thinking of how might this data be exposed.
    Also, Microsoft will say o yeah our product is compliant with the banking industry/healthcare/manufacturing and then in the fine print say, only if you set it up properly. So talking to the legal department or compliance would be better to know if the app should even be built.

    Final note: just because you can do something doesn't always mean you should.

Resources