When you leave for work in the morning, you make sure your home is as secure as possible. It makes sense, right? Obviously, you wouldn’t leave the front windows open, or your back door unlocked. You might even put away your valuables, maybe lock the side gate, and set your burglar alarm. If you go out at night: you might close the curtains and leave some lights on.
Well, the same principle regarding safety should be at the forefront of your mind when maintaining your sensitive data in SharePoint secure. Whether it’s intellectual property, or personal data belonging to your employees and/or your customers, misuse of sensitive data could cause you difficulties that not only harm your reputation but result in heavy fines.
Also taking into account the rise in cybercrime, the steps you should take to protect your organization are getting more and more detailed. With the pace of digital innovation being faster than ever, keeping your data secure has become more than just good practice but an essential priority from a compliance and regulatory standpoint, as well as in the traditional business sense.
Yet for the same reasons – plus the multiple mediums for consuming content and data, from mobile and the Cloud, to portable drives and Virtual Private Networks – it’s become more difficult to ensure that your sensitive information isn’t accessed by unauthorized individuals, accidentally or on purpose.
How quickly could you point an auditor in the right direction if they requested your customer or employees’ private data? How about being able to catch and monitor suspicious activity across your SharePoint environment? Do your employees know when they're working with sensitive information? And what process do you have in place for Data Loss Prevention (DLP)?
More Access, More Problems
The whole point of SharePoint is the ability to share information across your organization with easy access to Intranet, Team Sites, and other, externally-facing web applications. With that in mind, it’s crucial that you have your SharePoint security up to code. Put these tips into practice and you’re sure to be secure and compliant, allowing you to get on with making your business great.
Control User Access with Permissions
SharePoint has built-in security features that, as a Site Administrator, allow you to control who has access to sites and/or specific content – including monitoring exact documents and seeing when they were accessed. Every individual site is part of a Site Collection – a group formed in a hierarchical structure below a top-level site (the root site).
As the Administrator of the site, you have the authority to organize the initial permissions for the collection, which will then carry down the hierarchy – automatically applying to all content within the collection, including the subsites.
You can assign authority for individual sites (and the content within them) to colleagues for access and customization. When doing so, here are some things to consider:
As Site Administrator, you're ultimately responsible for who has access to the sensitive and important information on your company’s sites.
Make sure there are open levels of communication with those who help create the Site Collections and those working within them.
Take Advantage of Audit Reports
Something that should be configured as soon as possible for your SharePoint content is the audit functionality. Using the audit feature in SharePoint, you can track what actions take place on your sites, lists, and other content types – something quite important from a records management and compliance standpoint.
Use this feature to retrieve the history of actions taken by individual users in a specific date range. You can even determine which users edited specific documents and when. This will go a long way to helping you meet compliance requirements and regulations, provide you with data on how documents are being used, and will enable you to keep track of document history.
The SharePoint audit log feature can be set for different levels within your Collection hierarchy – on Site Collection, Library / List, Folders, and Content Type.
Build Rules with Policy Framework
Many security issues would be avoidable if the risk was caught in time, according to a 2011 Verizon Data Breach Report. However, native SharePoint appraisals lack the ability to automatically analyze activity and respond with alerts or blocks. Instead, using a policy framework to design and incorporate rules across your platform – working with web, file, and database components – will identify suspicious behavior and, more importantly, allow you to respond in real time to potential threats.
Put Your Browser on Lockdown
Another aspect missing from native SharePoint activity is web application firewall protection, so filling these gaps is an important step towards a fully secured system. Build customized applications with granular permissions, and team up with Azure Active Directory (AD) to secure your infrastructure.
You should use Secure Sockets Layer (SSL), or other standard encryptions, to solidify your browser security, providing a better defence against common threats like cross-site scripting and SQL injection, and enabling streamlined and automated regulatory compliance, further alleviating data risk.
Use Office 365’s Data Loss Prevention
Data Loss Prevention helps protect your data where it lives, when you have to move it and when it’s shared. This is Microsoft’s Office-wide solution for their cloud-based platforms, designed to assist with protecting your company’s sensitive data.
In fact, you can define what should be considered sensitive, and DLP will scan documents for pre-defined information. 2016 sees a roll out of the latest version of DLP; you'll be able to take advantage of new controls in your Office 365 Compliance Center with updated protection controls and policy tips across Office 365.
All in all, your data is really secure on SharePoint. All it takes is that you set up and parameter what we've covered here to fit your environment's requirements, and you can sleep soundly tonight.
What kind of SharePoint security measures have you got in place already?