SharePoint and OneDrive content security

In today’s day and age, it’s becoming increasingly easy for strangers to access your content and data without you wanting them to. Indeed, by not taking the necessary precautions, your data and content can be at risk. Fortunately, SharePoint and OneDrive have built-in solutions that enable you to protect their content! Below are several types of security measures that SharePoint and OneDrive use to ensure that your content is protected:

Physical Security
In order to make sure that your data will not be tampered with on a physical level, datacenters have limited access. Indeed, not only are they restricted to essential personnel, these essential members also have to go through multiple authentication factors (smart cards, biometrics, and the like). What’s more, on premise security officers, motion sensors, and video surveillance add an extra layer of physical protection, dissuading intruders from attempting to get to your data.

Logical Security
From a software standpoint, SharePoint and OneDrive have built-in antivirus and antispam protection, which are sophisticated enough to protect against most external threats. Furthermore, they incorporate several levels of scans that prevent or detect any malicious access. If that wasn’t enough, there are teams dedicated to threat management that are ready to anticipate, prevent, and mitigate malicious access.

When it comes to your files, they’re all encrypted with a unique key. Particularly large files will be stored in parts, with a unique key per part. What’s more, your content is encrypted both while in transit (between you and the service, and within service data centers) and at rest. On your end, you can use Azure Rights Management (Azure RMS) to encrypt your secret data before uploading it to SharePoint or OneDrive, which enables you to do so from virtually any device, and protects your information both within and outside of your organization.

Customer Lockbox
At this point you might be thinking that although your content is safe from external threats, what’s stopping engineers that work at the datacenters from accessing your content? Simply enough, engineer accounts do not have access to content, as they do not use service account credentials to perform tasks. Keep in mind that intrusion detection monitors who accesses your content, and you’re the one calling the shots; access can only be granted after approval, and is time bound. In order to ensure more control, all access activity is logged and is available for auditing.

Master Key
Your own master key is used to encrypt or decrypt specific file encryption keys. If the access is revoked, or if the key is removed, SharePoint Online can no longer decrypt your content (keep in mind that while it is enabled, it does not limit or restrict SharePoint Online functionality). You have complete control over this feature. You are the one who gets to upload the master key to Azure Key Vault and grant access to the Office 365 service, and you can remove it or revoke access to it at any time.

Wrapping your head around the levels of security integrated in SharePoint and OneDrive can be overwhelming. Managing the amount of control that you have over who can or can’t access your data can be tough, and keeping track of everything that’s going on is no walk in the park either. That being said, you shouldn’t fear for the security of your content, as SharePoint and OneDrive do a stellar job of protecting it.


Popular Posts