Keep Your SharePoint As Secure As Your Bank’s

nishthasinghuk profile image Nishtha Singh ・4 min read

No matter how much we have an insatiable appetite for evolution and adaptation; fears remain a significant barrier especially when it comes to moving data into the cloud. Several companies are still figuring out how they will migrate their sprawling on-premises SharePoint environments to SharePoint online. Even after successful migration of the content, chances are there that the projects end in disaster especially if companies fail to apply proper security, compliance and governance controls to sensitive data. A recent study found that 90% of decision makers believe that an increase in cloud services will result in a greater probability of a breach occurring.

Cloud has been around for a number of years, still, a lot of IT pros remain skeptical about the compliance standards of their cloud provider, i.e. the smaller cloud-based tools. Now for those who have no idea regarding the cloud security, must know that it depends mainly on two things-

~ Provider
~ How you manage your company’s access and usage of the environment?

Let’s take an example of Office 365 and SharePoint Online

At Microsoft, the corporation has a pretty good track record for cloud security. Moreover, their trust center keeps you updated with all the latest buzz and information about how the company is managing the cloud. Somehow, responsibility also falls you down as different companies have access to its own compliance center where it can manage as well as change the security settings.

What Are the Main Security Issues Related to SharePoint Online?

SharePoint Online being a part of Office 365 is operated as the ‘cloud version’ of the SharePoint technology. One of the biggest advantages of using any cloud-based solutions is that it reduces the need for you to host and maintain a server in-house. Which means your IT staff will be spending less time on maintenance and more time on operations.

Now while storing a data on the cloud, chances are there that you may lose some control over how those servers are managed and maintained. This could make IT managers a bit in trouble. Well, that doesn’t mean SharePoint online is a risky platform. It is a safe bet to say that Microsoft’s data centers have better firewalls and greater general protection than the servers in the basement of your building.

In addition to this, storing data in the cloud means it becomes easier for anyone with a password to access your environment and take your data, i.e. they don’t have to be physically in the same building as your servers.

So how can entrepreneurs survive and thrive with nerve-wracking challenges and rewarding outcomes?

3 Tips to Manage your SharePoint Online Security

Tip #1 Sharing your SharePoint Online Content with external/third-party users

Tip 1

Before the inception of SharePoint 2013, adding external users to the environment would turn out as a pretty complex process. One required to add them on the individual basis in order to an active directory or consult a well-founded SharePoint development company regarding the same.

With Office 365, things started working better. Now SharePoint content can be shared with external users in one of three ways-

~ Sites can be shared using a Microsoft Office 365 ID or Microsoft Account
~ Individual documents can be shared using a Microsoft Office 365 ID or Microsoft Account
~ A direct guest link can be sent to documents in order to grant anonymous access to the specific ones

Earlier, there used to be a limit on the number of external users within an office 365 site, but Microsoft recently announced that the limit on the number of external users has been removed. Great, isn’t it!

Tip #2 Manage Group Permissions in SharePoint Online

Tip 2

For a long time- security settings in SharePoint on-premises applied either to individual users or to SharePoint groups. One of the major differences is that it’s much easier to manage permissions for groups. For instance, when a number of sites have to be shared with the HR department which can be done either by giving permission to each of the users or by sharing the data with a group.

Now when an HR employee leaves, they need to revoke their permission on the individual basis. Whereas managing permissions for a group, the user simply needs to be removed from that group.

In SharePoint Online, the same logic applies – so just make sure you’re doing this consistently and have a process in place for when an employee leaves the company.

Tip #3 The Office 365 Trust Center

Tip 3

The company is very well aware regarding the fact that perception of trust is one of the biggest problems with storing data in the cloud. Data stored in "on-premises" systems can be secured by internal IT personnel, which allows for a better level of confidence, even if such solution still includes some degree of risk. Which is actually a worrying prospect.

In order to help, Microsoft has created a standalone site called the ‘Office 365 Trust Center’, which covers everything regarding security. This includes:

~ Physical security: Can people walk in and out at data centers? How are the buildings physically secured?
~ Logical security: How are servers configured, what network security is applied, what kind of auditing is implemented?
~ Data security: How is the actual data secured? In case, if someone gains access to the database, will they able to read your data?

End Notes

Security is a major concern for companies using cloud-based solutions such as Office 365. It is considered as the most secure and is almost certainly safer than most companies’ standard firewalls. Of course, it’s true that using SharePoint Online opens you up to different kinds of risks, but the tools it provides mean system admins and users should be able to control data effectively.


Editor guide
bgadrian profile image
Adrian B.G.

I had no idea what SharePoint is until now.

I guess not working in big companies/teams and using google docs for so long has it marks :(

You are right, I think people rely on the cloud/IT "magic" to do their work, they became unaware and clumsy, it's enough for 1 evil website to get its hands on your oauth2 permissions to read all your company documents.