Our Microsoft 365 security experts at IDECSI identify three major challenges which cause organizations to suffer repeated data breaches in the SharePoint environment. Many organizations rely on Microsoft SharePoint to share content and collaborate, whether as part of Office 365 or on premise. The convenience and accessibility are also supported by customisability, where embedded technology and scripts allow flexible addition of functionality (often invisibly).
At the same time, flexibility and function expose an application to attack. Recent Ponemon Institute research showed that one in two organizations has had a SharePoint data breach in the past two years. Twenty-two percent may have experienced a breach but don’t have the ability to know for sure (source: Ponemon Institute research report, May 2017).
This suggests that organizations do not have sufficient control of sensitive data within SharePoint and other file sharing tools. Along with OneDrive, SharePoint must be a top security concern for businesses – it’s certainly a lucrative target for hackers.
There are three key challenges which organizations must address if they are to keep track of and protect their SharePoint data.
Where is the data?
In SharePoint, it is trivial for users to create libraries as required, without visibility to the IT team. Many companies have huge numbers of libraries that they simply do not know about – and therefore have no way of identifying what information is being stored in them – making it impossible to provide security.
Companies need some way in which they can reliably keep track of all libraries in their SharePoint environment.
Who is accessing the data?
SharePoint allows collaborators to share documents widely, and easily – precisely the point of a collaboration platform. At the same time, the Sharepoint sharing happens without visibility to the creators or owners of the data. In fact, SharePoint does not provide a native “owner” who can be responsible for distribution of the data.
Companies must have some mechanism to see when documents are being shared erroneously or maliciously – with the wrong individuals, teams or external users – and report these breaches in real time.
What SharePoint extensions are being used?
SharePoint has a broad set of extensions available (ASPx, workflow packages, hooks, …) allowing code to run in many different modes, invisibly to users. Even when users are aware, they typically do not understand the purpose and context. These extension functionalities are a blessing for hackers who can use them to assign rights, track activity and steal data.
Companies require tools to identify which extensions are being run, and to know when new extensions are added.
With these challenges, it is no surprise that, according to the Ponemon Institute research, so many organizations have experienced breaches resulting from the loss or theft of confidential information from SharePoint – and many others just don’t know.
While additional training for users can help companies address these issues, ultimately they must have tools which will detect address these challenges head on, providing transparent and easy-to-use information regards data sharing and processing.
