Many organizations are still tackling the questions of how to properly move their expansive on-premises SharePoint instances to SharePoint Online, Microsoft’s Office 365 equivalent.
Even when special care is taken, such projects can easily fail if a company doesn’t apply proper data security controls. Despite the fact that Microsoft’s Office 365 has robust security features, under a shared responsibility model, it’s up to the customer to monitor and prevent risking user behavior.
Larger companies that use SharePoint Online may have thousands of site collections accessed by employees worldwide. Compared with on-premises versions of SharePoint, it’s even easier to provide access to data in SharePoint.
Whether you’ve moved to SharePoint Online, are considering a move or are somewhere in between, we’ve put together five lessons from both successful and failed SharePoint Online projects to help you in your journey to the cloud.
Know Where Sensitive Data Is Located and Who Can Access It
In the average SharePoint Online instance, 17.4 percent of documents contain sensitive data — of which, 9.2 percent contains confidential data, 4.2 percent contains personal data, 2.2 percent contains health data and 1.8 percent contains payment data.
Research shows that the average company has a shocking 143 files stored in OneDrive that contain the word “password” in the filename. It is important for an enterprise to know exactly which sites contain sensitive data so that they can apply proper security and access controls before migrating the data to the cloud.
Know What Data Is Being Shared with External Partners
Office 365 fosters inter-company collaboration. The typical enterprise using Office 365 collaborates with 72 business partners on Office 365, more than any other collaboration platform. What’s clear is that not all of these business partners should have access to sensitive data. While it’s well known that the Target data breach exposed 40 million customer credit cards and ended with the company’s CIO and CEO resigning, what’s less well known is that the breach was caused by a trusted digital connection to a business partner that was compromised.
Analyze User Behavior
All events users perform in Office 365 can be accessed and monitored via a Management Activity API. There are 162 event types that can be tracked. With the help of third-party security tools that apply machine learning, these raw events can be analyzed to identify anomalous activity against a background of millions of routine events that make up everyday cloud usage at an enterprise today.
Enforce Location and Device Access Policies
Employees like to be mobile and Office 365 enables mobility. You can access files stored in Office 365 anytime and from anywhere. But this can create serious security issues. Consider an employee accessing SharePoint Online from Starbucks using an unmanaged device. If the employee turns around for a brief moment, the laptop with corporate data on it could be stolen. Since the laptop is unmanaged, the company has no way of remotely wiping its contents. In this situation, you may want to restrict download permissions or encrypt sensitive data in the cloud while still allowing the employee to preview items in Office 365 online.
Monitor and Control Administrators’ Data Access
Edward Snowden may be the most famous example of a rogue administrator using their privileged role to exfiltrate data, but a more common occurrence is an administrator accessing sensitive corporate data in order to perform insider trading. That’s why it’s critical to monitor and control administrator activity and permissions to ensure they do not excessively access sensitive data outside of policy or their role at the company. Unused administrator accounts belonging to ex-employees should also be closed.
Sekhar Sarukkai is a co-founder and the chief scientist at Skyhigh Networks, driving the future of innovation and technology. He brings more than 20 years of experience in enterprise networking, security and cloud services development to the company.