[NEW] DETOX to get rid of M365 risky sharing and data accessLire l'article
22 August 2023
Document sharing is a common activity among Microsoft 365 users. Misconfigured shares, external and obsolete shares, guest access, inactive users, overly permissive rights: in companies, data shared via collaborative cloud applications raises questions relating to information system security, data protection, integrity and often increase the risk of cyberattacks. M365 solutions therefore offer great flexibility for sharing information both internally and externally, so Microsoft 365 data protection and security are essential.
Indeed, managing access and sharing becomes more complex on cloud and collaborative environments such as Microsoft 365, so how do you identify misconfigured or risky shares, and eliminate dangerous shares for data?
Open shares have always been considered problematic since they pose a risk, in particular, of data leaks. At Forvia (automotive equipment manufacturer), for example, 80% of industrial site compromises are linked to open sharing or uncontrolled access to file servers. And the information system is opened, the traditional perimeter increasingly dissolves.
According to a recent study, 10% of the average company's cloud data is accessible to each employee via SaaS* solutions.
Identifying and reducing the scope of data exposure in the cloud is key. So what is the potential damage if a user is compromised? Where is sensitive data located? How is it shared? Who can access it?
Microsoft 365 link sharing can result in accidental data exposure, when a user sets too broad, inappropriate permissions while sharing. For example, an O365 account user can use the "Copy link" option to share a document with someone. If the link is forwarded to someone else or shared publicly, anyone with the link can edit the document.
Thus content sharing can be considered dangerous, when users share sensitive information with unauthorised people or when permissions are not appropriate or are no longer appropriate.
5 risks posed by misconfigured shares:
What’s more, one share can hide another. Sharing has technical implications (adding guests, identities, objects, duration in time, etc.)
Each access, each right (sharing link, overly permissive rights, etc.) therefore becomes a potential entry point into digital environments containing strategic data. To minimise the risk, access rights should be regularly reviewed and reduced in the cloud according to the least privilege principle (principle of granting the minimum rights necessary).
8 steps to staying in control of shared data and M365 sharing links
One of the main difficulties lies in the fact of not being able to have 100% control over security, compliance and governance policies, in particular due to deviant behaviour, which is often due to human error, poor configuration, poor knowledge of the environment and tools.
In each app, users can choose settings for shares, view or edit permissions, and grant these permissions to "Anyone with the link", "Specific people" or "Only people in your organisation" (only for professional account users).
What is the user's role in controlling shared data?
How can the user succeed in deleting these misconfigured, potentially dangerous shares, non-legitimate accesses, inappropriate permissions, in a "simple and effective" way on an environment in perpetual motion, and in which the user is almost the "master" of his own management?
After all, isn't the user the key?
Each employee should only be able to access the information they really need for their professional activity. At least that’s the ideal in this collaborative world. When information is shared, the responsibility for its protection is extended or distributed. Each collaborator should be made responsible for the sharing they make of the data, particularly over time, and should be involved in reviewing this sharing.
It is essential to make users aware of any of their shares that are too open, permissive, considered dangerous for the company with the possibility of correcting, modifying these shares.
Data must be at the heart of the security strategy. Traditional security approaches, however, have their limits. This is why security needs to be rethought. Cybersecurity can be collaborative, participatory, and so proactively involve the owners of shared data so as to limit these accidental exposures and the risks posed by shared data.
IDECSI has launched DETOX for M365, a device that allows you to audit data that is shared internally and externally within the M365 tenant. The solution displays all the sharing, access and rights links and highlights to the owners any aspects that require correction thanks to MyDataSecurity technology.
Subscribe to our newsletter and receive new contents every month