Using SharePoint and OneDrive for secure file sharing
Have you ever taken the time to ask yourself about the choice of collaborative work technology tools that you use in your company? What if we told you that not all software offers the same possibilities when it comes to managing security?
SharePoint and OneDrive, part of the Office 365 suite, are securely configured solutions for internal and external collaborative work and document sharing.
What is SharePoint?
SharePoint is a document management tool developed by Microsoft that is integrated with Teams. Documents shared in Teams automatically end up on a SharePoint site, allowing users to share files with their colleagues and make changes to them collaboratively. This solution can help you centralize document management. As for security options, SharePoint provides features that allow you to control access to the platform, block file downloads, and provide limited access rights. This can be very advantageous if you need to invite external users to collaborate on certain documents.
To use SharePoint securely, there are some best practices that need to be implemented, including the following:
- Disable the creation of Anyone links that give access to the document to anyone with the link.
- Allow only guests registered in the directory (AD) to access a document. Access requests must be approved based on the organizational access management process.
- Allow only a limited group of administrators to create SharePoint sites.
- Restrict access and rights when an employee or guest logs in from a computer that is not managed by the company. The download, sync, and print functions must be blocked.
- Prevent guests from sharing files that are not their property.
- Classify sites and documents according to the sensitivity of the information.
- Configure data loss prevention features to prevent sensitive documents from being disseminated outside your organization.
What about OneDrive?
OneDrive is a file management and backup solution that enables file sharing between employees or with external collaborators. The security controls available in OneDrive are similar to SharePoint, but some differ.
To use OneDrive for business securely, here are some practices that must be implemented:
- Block file synchronization features for computers that are not standardized by the organization.
- Allow file sharing only with internal users. Guests must be registered in the directory (AD) following a formal access request that is approved by administrators.
- Block suspicious files, such as executable files (Exe, MSI, Bat, etc.), from being imported into OneDrive.
- Enable automatic file backup for all users.
- Classify data in OneDrive (sensitivity label) and use data loss prevention features to prevent data exfiltration.
Note that OneDrive has inherited some controls from SharePoint, including the management of sharing links. The configuration of SharePoint, OneDrive, and Teams should be planned according to this particularity.
What are the risks of file sharing?
File sharing is never without risks, especially when using tools available for free without setting them up. However, their use is widespread, even in professional contexts. One of the poor practices in file sharing is giving downloading access from a simple hyperlink, which different solutions allow. Attackers are actively monitoring the Internet to gain access to these insecure links.
Furthermore, if you don’t already have infrastructures in place that make it easier for employees to share documents, employees may turn to what is known as shadow IT, a term that refers to the use of computer systems, software, or applications without the IT department’s explicit approval. Free versions of software such as Dropbox and Google Drive offer few of the security controls that are needed to protect information.
Another source of risk for file sharing is application vulnerabilities. As recently as last August, a major security flaw was discovered in Google Drive. This flaw allows you to share a file of any type and then to change it into malware that embeds itself in the computer of the person to whom you sent it. Be careful if you receive a document to download from someone you do not usually communicate with. Similarly, if you give full control of certain files to people outside your organization, they could modify the document and compromise your security.
That’s why it’s critical to clarify with your work teams that certain software has been chosen for the company because using them ensures its IT security. If you have a file-sharing solution or plan to acquire one, Fortica is a partner who is available to help you set up and use these solutions securely.