SharePoint Security

What is SharePoint?

SharePoint is a web-based collaboration application developed by Microsoft that is being used by many organizations as a file storage and sharing platform. SharePoint allows users to store data in the cloud, providing the ability to access files from anywhere.

What are the risks associated with using SharePoint?

As with any web-based or cloud application, there are always associated risks. A few of these risks include:

Improper Data Classification
Poor Access Control
Unauthorized Access
Data Loss

How to establish a secure SharePoint experience

Ensuring that your SharePoint is secure requires a combination of administrative and technical controls. Implementing these controls will help to reduce the risk associated with your SharePoint.

Planning is a key component when establishing a SharePoint site. Some questions to take into consideration while planning for your SharePoint site:
What data will be stored on SharePoint?
Who will be using SharePoint?
Is sharing files with external contacts allowed?
Access Control encompasses who has access to SharePoint and what they have access to. Critical information should only be provided to users on a need-to-know basis.
Multi-Factor Authentication (MFA)
is a technical control that provides additional access control security. MFA requires a user to perform an additional verification step, instead of just requiring a username and password. Additional verification steps can include entering a One Time Password (OTP) or providing a biometric such as a fingerprint.
Administrative Access to SharePoint should be provided to as few users as possible. Users with administrative access can perform actions such as changing user permissions and access. It is important to limit the number of users with these privileges.
User Training is another key component of SharePoint security. Your organization should have policies in place for acceptable use, and users should be trained on what their responsibilities are when working in SharePoint.