Blog IDECSI

SharePoint and security: no one likes an overshare

Written by Mona Piquet | Jun 11, 2019 12:13:00 PM

SharePoint and collaboration tools allow us to engage with our peers, our partners, and the wider world, but they also allow us to overshare corporate information that we really shouldn’t be exposing.

Overshare: what are the consequences?

According to the dictionary, overshare is defined as “to tell people too much personal information about yourself” (1). And it’s not attractive. No-one wants to know too much about the detailed effect of your food poisoning last week – no matter how sympathetic your friends may be.

No, I haven’t gone completely off the rails here.  Unfortunately, in our busy and cloud‑enabled world, oversharing has an entirely new and more worrying meaning.

“49% of companies had at least one confirmed data breach in the SharePoint environment in the past two years.” (2)

I might add that :

“79% don’t believe existing tools are “very effective” at protecting sensitive content from accidental exposure or a targeted breach.” (2)

While companies are continuing the fight against malicious sharing of their data – be that internal or external – they are increasingly concerned about the unintentional sharing of data. Concerns regards oversharing is the most oft cited reason I hear for not rolling out SharePoint widely.

SharePoint increases and facilitates sharings

It’s incredibly simple in SharePoint (and other similar tools) to share with “anyone in my company” or “anyone with this link”, when you intended to share with a smaller group.  There are more complex group permissions options, and there are methods of advertising sharing which don’t involve emails popping up, but instead alerts through SharePoint websites – all of which have led to unintentional sharing or visibility.

But there is a further step here which is even more worrying.  SharePoint, and similarly Teams, allow you to share something with your team, and then have members of that team share with others, and so on.  How on earth can you keep track of who is looking at what?  The person who overshares may do it deliberately, not recognising the sensitivity of the document or library, and sharing inappropriately with internal groups or external organisations. And you as the owner of that document or library may never know.

SharePoint power users may be yelling at their screens right now that there are of course tools within the platform to see who has permissions to what.  And there are various settings that can be used to reduce risk.  But the fact is, these are power users who can navigate the complexity of the relevant interface.  SharePoint is a mass-market tool for everyone – most of whom are certainly not power users.

How to prevent oversharing?

One of the key tools used to prevent oversharing – restricting external sharing – puts barriers in the way to SharePoint usage, and push users to shadow IT.  For example, some organisations require individual site collections for external sharing, with whitelisting of the external organisations which can see it.  Technically, a robust solution.  Practically speaking, it means significant delay from deciding you want to share to having the ability to share, and guess what, Dropbox is instant, so I’m going to drift into the IT shadows.

This is another of those cases where regular readers will recognise that I have a solution up my sleeve: it just so happens to be the IDECSI technology for monitoring O365 activity and intelligently identifying misuse – including miss‑sharing.  By learning the normal usage of each site collection, OneDrive for Business, Microsoft Team space, etc, IDECSI can determine what is unusual or suspicious sharing. Sharing that is likely unintentional or malicious is immediately communicated to the owner of that library, so they can instantly fix it.

However, there’s a bit more. This same approach allows us to provide a really simple and clean way for a library or document owner to instantly see who has permissions to look at it, and who is looking at it.  While some of this data may be buried deep in your SharePoint system, I am willing to bet that only a tiny fragment of users would have the wherewithal to dig into the relevant webpages to find what they need.  Visibility is king, and IDECSI ensures it is right in front of the user, and easy to absorb.

A few words about Ben Miller

Ben Miller is an experienced technologist and entrepreneur with a background in mathematics and software engineering. He is focused on bringing new technologies to market, which change conventional thinking. Within cyber security, we have long been used to complaining about users, and driving more work into the security team. Ben’s particular focus today is technologies which challenge this approach and instead make user empowerment a key part of the cyber discussion.

(1) Cambridge Dictionary - Meaning of overshare

(2) Cision PR Newswire "One in Two Organizations Have Had a SharePoint Data Breach, According to New Study" - May 04, 2017