Let’s face it. Your organisation’s SharePoint environment contains sensitive corporate data. From employee personal details to confidential project plans, there’s plenty of information in SharePoint that you’d rather not share with unauthorised third parties.
The fact that SharePoint provides controlled access to this data is one reason why it’s a valuable collaboration and information-sharing tool. It’s also why organisations should take SharePoint compliance and security seriously.
Both SharePoint and SharePoint Online (Microsoft’s cloud-hosted SharePoint offering) are secure products, but there are a few things you can do to ensure that your organisation’s data is compliant and safe from prying eyes.
We’ll outline some of these steps later in this post. But first, let’s take a look at how Microsoft protects your SharePoint data in the cloud.
How safe is SharePoint Online data?
While security is a key concern when running SharePoint in the cloud or as a hybrid solution, it should not deter organisations from pursuing either deployment method.
In our experience, SharePoint Online is more secure that what many organisations can achieve through their own on-premise security investments (i.e. mobile device management and intrusion prevention and detection layers).
This is particularly true for organisations that use tools such as Box and Dropbox to store and share files. These consumer cloud services just aren’t as secure as corporate managed platforms like SharePoint.
The good news for SharePoint Online users is that Microsoft does cloud security better than almost any other provider. From hardware, software and data centres to verification by independent auditors, Microsoft’s security measures are thorough and effective. You can read more about Microsoft’s cloud security policies in its Office 365 Trust Centre.
Microsoft can’t share or sell your data
Your organisation owns all information stored in its SharePoint environment, regardless of the deployment method.
Microsoft will not share, sell or view SharePoint Online data. Though it hosts your data on its servers, it can’t share this information with others, even when requested to do so by law enforcement bodies. If this does occur, Microsoft will ask the authorities to contact you directly.
The only way Microsoft can pass on data to anyone else is if subpoenaed by a federal court, the same as if the data were stored on-premise.
Permissions, permissions, permissions
The last thing any organisation wants is for a third party to access sensitive corporate data without authorisation.
However, if you’re slow to lock down user access, are too generous with user permissions or assume that a default SharePoint deployment will give you the most appropriate security configurations for your organisation, you’re already one step behind.
Each new SharePoint version has improved authentication and security models to make sharing content inside and outside of your organisation more secure. Understanding the authentication and authorisation process can help visualise how, when, who and why users are accessing content.
SharePoint compliance and security checklist
Whether you’re setting up a brand new SharePoint environment or want to keep your existing deployment safe, here are a few ways to stay secure and compliant:
- Set clear, defined processes for authenticating and authorising users
- Grant only the necessary user permissions
- Identify areas where sensitive data might be used so you know where to focus your security efforts
- Consider additional security such as two factor authentication, SSL and other encryption measures to protect sensitive information
- Enable custom audit trails to monitor user behaviour
- Add reporting dashboards to develop a better understanding of how your organisation’s SharePoint data is being used
This list is certainly not exhaustive. However, it can help protect your organisation from potential hackers and help you meet auditing and compliance requirements.
You can read more about Professional Advantage and SharePoint here.