The Start: Sharepoint Online Defense

Reading Time: 2 minutes

SharePoint is one of the most prevalent tools available.  It requires management, governance and oversight to ensure effective use of a well-rounded platform.  The security triad (confidentiality, integrity, availability) guides us to insure data is confidential, available when users need access and hasn’t been modified.  The question is; How is your team securing the data stored at rest and in transit?  There are many pieces to this puzzle.  This leaves us with the need to discuss multiple topics including end-point, communication channel and SharePoint Online security to understand the process of implementing defense-in-depth when using SharePoint online.

The first step is device or end-point security which allows content producers and/or consumers to download, read, edit and upload content securely.   Devices need to be managed to provide visibility and assurance that the collaboration channel is secure.  As the modern workforce continues to push the physical boundaries of enterprise infrastructure, the need to manage access to data using what was previously non-standard practice will become the benchmark for access protocol best practice.  This will require Information Technology support staff to support multiple device profiles and compliance levels based on the user that requires access.  In an ideal scenario each device that connects to data in SharePoint Online must have a firewall, virus software, patch management agent and device encryption with an operating system specific secure baseline. Once secure endpoint baselines are available, the Information Technology staff can focus on step two.

The second step is connection security, the goal is to eliminate data leakage and improve adoption.  If SharePoint is complicated to use which typically creates initial calls to the Help Desk prior to users searching for workarounds.  Today, the information technology infrastructure deployed in the enterprise provides access to multiple applications that Often require multiple forms of authentication. In support of a holistic solution that includes SharePoint Online a solution must be in place that reduces the burden of entry through single sign on (SSO), traffic encryption, simple compliance filtration and unified management.  Securing the connection reduces the attack surface and creates a secure tunnel between the endpoint and SharePoint Online.  Once a secure channel is available, the team can move on to securing the cloud infrastructure.

The final step to in this introduction is to ensure security on the SharePoint Online platform where Microsoft has multiple security options which support the defense in depth model and allow layers of security.  As stewards of data, a clear understanding of all available data is critical.  All data is not created equal and must be secured based on sensitivity and need to know.  The sites, files, lists, libraries, calendars and records in the SharePoint infrastructure must be governed using a enterprise level policy that addresses how sites will be provisioned, who will serve as the data owner and who will have access.  Best practices dictate using template profiles and active directory groups as initial tools to secure data.  To extend security to outside of the Enterprise data sharing policies and standards need to outline how data is shared externally.   These policies need to address how data is encrypted and what standards will be implemented. In addition to encryption, authentication and user rights (internal and external) must also be addressed and configured to ensure only authorized content is shared internally and externally.  There are multiple factors that will create secure collaboration in SharePoint Online.  In this post we have discussed very high-level topic areas.

Leave a Reply

1 comment

  1. Anonymous

    Detailed information useful for teaching