You may have put a SharePoint security policy in place for your organization and rightfully so, it’s important to stay in control of what you have. These policies will help guide you and your users in using SharePoint while making sure the right people have access to the right content. They’ll also help ensure that you can manage the security groups and access to the various objects you have there. But what happens when there is a mistake, an error, or a break of security? What can you do and what’s at your disposal?
Know what’s in SharePoint to help you stay in control of your security
SharePoint is secure by default, meaning nobody has access to anything. It’s as you add people and grant them rights to things that the mistakes start happening, and when someone may access what they are not supposed to.
I remember being a culprit myself at one of my previous jobs, something showed up in my search results that I was pretty sure I wasn’t supposed to see. Do you think I just left it there or do you think I opened it to see its content?
Experts say that nearly 75% of security breaches are “inside jobs” – and yes I know, not in your organization, right? Still it’s important for you to be able to verify.
Here are some of the things you can do in SharePoint:
- Audit changes to user permissions
- Audit regularly who does what in SharePoint
- Hide users in the people picker
- Look for and find sensitive information stored in your content
- Protect your content with IRM
- View the Search Logs to find queries with malicious intent
- Monitor Applications used in your tenant
Audit changes to user permissions in SharePoint
If someone changes the pre-configured permissions on anything in SharePoint, whether it’s a site collection, site, list or library, and even documents themselves, you should know about it.
In an ideal world, permissions do not frequently change and, instead, people follow the policy and use the groups available without changing the rights to an object.
However, chances are that changing permissions on a document or folder will happen. So how do you stay on top of these changes to make sure no one is granting unnecessary access?
SharePoint, as well as SharePoint Online, has a built-in audit feature, but it’s disabled everywhere by default. Enable it and set it to track changes to user permissions, then you’ll be able to query the Excel file report generated and be well informed.
Audit regularly any changes to your SharePoint content
Who viewed the documents, modified them or deleted them as well as looking at edits to your content types and columns? We use SharePoint as a platform to build what we need for our organization and then place very important content within it. So it’s important to keep track and audit what’s going on in there.
As mentioned earlier, it is disabled by default and needs to be activated before any report can be generated.
Hide certain users or groups from the people picker
Sometimes you want to prevent certain users or groups to be displayed or prevent people from searching for others in high-security or isolated environments.
Using PowerShell and a command Set-SPOTenant you’ll be able to hide some of them from being displayed. One I like to remove is the “Everyone” group to make sure users use “Everyone Except External Users” instead and limit potential breaches from outside.
Data Loss Prevention in SharePoint helps you look for and find sensitive data
Included with SharePoint 2016 and available in SharePoint Online through Office 365, the compliance center will help you look for and find content with possible sensitive data.
If you just look for content shared externally, you may not notice that important information about your business is being shared outside of your organization because all you’ll see is the title of the document.
Using the DLP features however, you’ll be able to set pre-determined queries and look for documents with sensitive information such as credit cards or social security information.
Even better, Microsoft includes a number of templates based on countries and their regulations.
Protect your content with IRM features in SharePoint
Information Rights Management is nothing new in the file management space with RMS for File Shares being available for many years now. The idea is to add a layer of management of the rights given to content as they are shared throughout your organization and outside of it.
Easily allow users to prevent those that receive the document from printing it for example or to modify a downloaded copy. For those of you working with SharePoint Online and external users, the self destruct after an x amount of time can definitely add an extra layer of security.
Look through the search query logs for suspicious queries
If you give access to your SharePoint to external users or just anyone in general, do you know what they are searching for and if they find it?
By looking through the Search’s logs, you can look for the queries typed and identify potential breaches or those that intended to. Remember that the SharePoint Search engine is very powerful, but only shows what you have access to. This is great, but what if they have access to things they were not mean to? In the days of file shares, it wasn’t as much an issue given the performance and how difficult it was to find content. But now, you need to be sure that not only they have access to the right content and that they aren’t looking for anything they are not meant to.
Monitor access to your SharePoint by applications
Some applications can connect to SharePoint and add a lot of value to it, but can also cause damage if in the hands of the wrong person or connected to the wrong location. One of these applications is none other than SharePoint Designer.
Using the Activity API and looking for the User Type property, we can identify if the request comes from an application and what their behavior is in our environment. Granted this will require some development, but will help you stay in control and know what’s going on in your environment.
There are also many third party tools out there that can help you easily manage and monitor SharePoint security throughout your environments by giving you an instant, comprehensive, actionable, and clear bird’s eye view of what your permissions hierarchy looks like, as well as any actions taken in your sites by exactly which users. Staying actively on top of the security of your documents will not only help you prevent breaches, but it will also help you act quickly in the event of one in order to minimize the consequences.