Background image

Secure Your OneDrive for Business to Keep Troubles at Bay

default post thumbnails default post thumbnails

OneDrive for Business is one of Microsoft’s most interesting innovations of recent years. However, to really understand OneDrive for Business, it’s crucial to have a little background knowledge in order to understand how it emerged in the first place.

As we know, SharePoint is one of the world’s leading document management platforms, and central to its purpose is file management – i.e. creating, deleting, reading and updating files. It offers a browser based experience from which document management tasks can be executed.

While SharePoint is great, there are two common pain points with its browser-based approach. First, it only works when a user is connected to a network. Secondly, it may not be user-friendly enough for everyone.

Although SharePoint has put a lot of effort into improving the platform’s UI, it can still be complicated when someone just wants to add a new document to the platform. This occasionally puts users off abiding by metadata guidelines and can potentially undermine the usefulness of the platform.

To overcome these issues, Microsoft created “Microsoft Groove” and shipped it with SharePoint 2007. This tool then became SharePoint Workspace in SharePoint 2010, and SkyDrive Pro in SharePoint 2013. Still with us? After the renaming of SkyDrive to OneDrive it is now (finally!) called ‘OneDrive for Business’.

Sync Files with OneDrive for Business

Secure OneDrive for Business

OneDrive for Business allows users to sync files from SharePoint to their local device, and vice versa, using the familiar Windows Explorer. It enables them to create files which are automatically uploaded to SharePoint.

Files are by default private, but users can easily share them with people inside or outside their organization.

The storage space is currently limited to 1TB for Office 365 customers, but this will become unlimited as announced in 2014. This is still in development/roll-out according to the roadmap for Office 365.

OneDrive vs OneDrive for Business

OneDrive for Business requires a SharePoint or Office 365 subscription and is aimed at business users. All files in OneDrive for Business are synced with SharePoint sites, e.g. project sites, or a user’s personal site. It’s essentially the syncing tool for SharePoint / Office 365, where OneDrive is a cloud-storage solution like Box and Dropbox.

Interested in learning more about the differences between the two? Benjamin Niaulin wrote a very complete blog post comparing OneDrive versus OneDrive for Business that can be found here.

Don’t Forget About Security

Secure OneDrive for Business

OneDrive for Business gives your users a lot more flexibility and ease of use – but all this freedom can also throw up some security issues. When sensitive documents are stored on a user’s OneDrive for Business, security policies must be in place to make sure these documents don’t end up in the wrong hands.

So, how can you ensure security in OneDrive for Business?

User Permissions and Permission Levels

Basic security policies start with granting or denying people access to files. SharePoint uses a permission model where users or groups can be granted a certain permission level. A permission level can be “read only”, or “read and write”.

OneDrive for Business works the same. By default, only the owner has access to their own files. The owner can choose to grant permissions to other users, either internal or external.

You can read more about user permissions and permission levels on the Microsoft site, or if external sharing would be a problem, this can be disabled by Office 365 admins. See here for more information.

Apply IRM to OneDrive for Business

Secure OneDrive for Business

Information Rights Management (IRM) in Office 365 allows site owners to apply encryption and security on a document level. When a SharePoint library is IRM-enabled, documents in that library are encrypted, and restrictions are automatically applied. Even when somebody outside the organization wants to gain access to the document, they still may not be able to open it.

The good thing is, IRM is also available for OneDrive for Business, as announced back in 2014. When users are storing sensitive data in OneDrive for Business (or anywhere for that matter), IRM should be part of your security policy.

Data Encryption Minimizes the Risks Even Further

With the introduction of portable disk drives, a major security issue was introduced. OneDrive for Business stores files locally on a disk drive so even when user permissions are set up correctly, someone of a nefarious nature could gain access to certain files by just stealing the portable disk drive containing all the documents.

When files are synced from SharePoint / Office 365 to the user’s OneDrive for Business, the data is encrypted on the way. By enabling disk drive encryption like BitLocker, the data on the disk becomes encrypted as well. If a malicious person wanted to gain physical access to the files, BitLocker would prevent them from being opened.

See here and here for more information about encryption with OneDrive for Business.

Enough Security Features Available for OneDrive for Business

OneDrive for Business is a very popular tool, as it integrates with the familiar Windows Explorer. Even in today’s era of amazing SharePoint portals, users still use Windows Explorer to manage their files. OneDrive for Business fills this gap and enables users to sync files with SharePoint / Office 365 while using a familiar user interface.

Depending on the types of documents stored, different levels of security may be applied. Not every organization requires IRM, but you should definitely think about it. Remember, prevention is better than cure!

How well adopted is OneDrive for Business within your organization?

Recommended by our team

What did you think of this article?

Live Webinar Join us on February 22 for the unveiling of the new ShareGate experience.