Microsoft's SharePoint Server 2007 may be taking off in the enterprise, but the software doesn't come without holes, warts and a variety of other issues that need to be addressed in any corporate deployment.
Users will find weaknesses in all six areas that SharePoint focuses on -- collaboration, portal, search, enterprise content management, business process management and business intelligence -- along with custom coding needs, dependencies on other Microsoft products, a weak selection of social networking tools, a lack of offline support, challenges integrating identity management/provisioning, lack of centralized management tools for global operations and trouble finding qualified SharePoint developers and support staff. (Compare collaboration products.)
"Recognize that a really good SharePoint installation is as much organization as it is technology," said Burton Group vice president and research director Guy Creese, who participated in a four hour mini-conference last week. "Be clear what you are expecting from SharePoint -- it might be exactly what you need. But in some cases, SharePoint as shipped can leave huge holes."
The SharePoint evaluation was presented during the annual Burton Group Catalyst conference.
Craig Roth, Burton's vice president and services director for its collaboration and content division, added, "treating SharePoint as an enterprise solution is fundamentally different than treating it as a product, productivity tool or tactical solution."
Creese said it's all constructive criticism and users shouldn't feel compelled to abandon SharePoint, but they should be aware that custom work and additional software may be needed to bend SharePoint for specific needs.
"We have been finding that a highly tuned SharePoint installation needs custom coding and third-party add-ons," he said.
Burton Group analysts said corporate management needs around content and records, and easy-to-use user tools, helped create a perfect storm for the sudden rise of the 7-year-old SharePoint product line.
SharePoint is Microsoft's fastest growing enterprise software in its history and the company already counts 100 million licenses and more than a $1 billion in revenue.
But the numbers clearly don't tell the entire enterprise story.
SharePoint's six core areas of functionality all clearly have cons to go with their pros. The issues range from search features that have not been proven to scale to poor Web 2.0 tools to content management shortcomings.
But the software also has some deployment, application development and resource issues that will need to be addressed during a corporate rollout.
With the software often included in enterprise licensing agreements, SharePoint has grown into corporate networks like a weed. It has created the same IT management and administrative challenges that always come when users lead deployment projects.
Microsoft also includes some 40 templates for tasks such as bug tracking or competitive analysis, but users who want to stray from those paths find themselves with custom coding projects, according to Creese.
On top of that, the SharePoint Designer development tool is not integrated with Visual Studio Team System, which provides an application development workflow and feedback loop.
In addition, SharePoint lacks good access control integration, which is a critical issue when the server begins to take on sensitive data. SharePoint maintains groups in its own database and does not synchronize with Active Directory. While internal users can tap their Windows log-ons to access SharePoint, authentication for external users will require separate tools. And SharePoint access from a Web browser is handled differently than from Office applications such as Word and Excel.
Third-party identity management tools for provisioning, authorization and auditing also will be add-ons that will impact overall deployment costs.
"Everything would be fine if you were not trying to hook up SharePoint with your identity management tools," said Gerry Gebel, vice president and services director in Burton's identity and privacy group. "SharePoint is going to be a critical application and granular access controls will be a necessity and Microsoft's tools are insufficient for all usage scenarios."
Users are trying to work through the issues with integrating SharePoint, but it is a process.
"The goal is to treat SharePoint like any other application," says Tim Callahan, CISO at People's United Bank, which has been involved in an identity management project for the past year. "We want to put SharePoint into our full monitoring process but we are not there yet."
Gebel said the perfect SharePoint environment from an access control perspective is a single department with all its users in one Active Directory domain, but unfortunately that configuration won't support an enterprise rollout.
On the positive side, Gebel said Microsoft is hinting at many changes in the future through Office upgrades, Windows 7, Identity Lifecycle Manager 2.0 and claims-based authentication via CardSpace. Details, however, are scarce.
On top of all that, Roth said IT needs to figure out definitions and policies around SharePoint implementations, including how to drive users to the system, how to govern usage, how to define service levels and how to design the system.
Roth says governance is a critical factor in determining SharePoint success. That includes combining people, policies and processes to determine who can do what, when and how.
All that will minimize confusion, establish goals and help resolve conflicts, he said.
"The real challenge from an enterprise point of view is to make sure you have all that functionality available to users so they can help themselves but also have balance so you can centrally manage," Roth said.
He doesn't claim it is easy, but said, "Microsoft makes some of this more difficult than it should be."