The uncomplicated sharing of documents is one of the most significant advantages of the Microsoft cloud, but at the same time, one of its greatest dangers. To ensure the security of sensitive data despite the quick and easy release, companies must do one thing above all: keep an overview. The Microsoft 365 cloud platform is so popular that internal communication without services such as teams and OneDrive has become unthinkable in many companies. In the past few years, in particular, use has increased enormously: To make it easier for employees to work together even in difficult times and over long distances, companies have moved enormous amounts of data to the cloud.
During this phase, data security questions understandably took a back seat to business continuity and productivity. But postponed does not mean lifted: Since the state of emergency has long since become the new normal, it is high time for companies to put these short-term implemented solutions on a clean, safe and orderly footing. The advantages of Microsoft Cloud for internal and external exchange are beyond question. But what are the risks of sharing data freely, and what possibilities does the platform offer to adequately secure shares?
Never Neglect Cloud Security
Without adequate controls, necessary approvals become security risks over time.
Step one for the secure operation of MS 365 is to use the options provided for protecting the platform as much as possible. Even if specific tools and functions are tied to premium licenses or separate subscriptions, the Microsoft cloud offers a variety of basic security features that organizations should activate here. The bare minimum includes:
- Using multi-factor authentication (MFA) for all access.
- Setting up session timeouts and rules for conditional admission.
- Filtering malware and phishing to protect your users.
At the same time, companies must be transparent about one thing: There is no such thing as 100% security, not even in the cloud. Even with the best preparation, one suspicious attachment, one careless click, is enough for a user’s account and all the data accessible to him to fall into the wrong hands.
The cybersecurity company Proofpoint recently gave an example of how such an attack, including the encryption of cloud documents, can take place.
It must, therefore, also be part of the security strategy to prepare for the worst case by adhering to best practices such as least privilege access. Because the fewer shared documents a user has access to, the less data is at risk in the event of an attack on his account. The damage is therefore limited to a minimum, and further spread is prevented as far as possible.
Weakness Of Transparency
The problem is that to restrict access to documents in a meaningful way, an organization must first know which data its users share, where, and with whom. But while Microsoft 365 makes it very easy to create new releases, it is hardly possible to track them later with the platform’s standard tools. For users, it is a frequent stumbling block that documents are stored in a different service depending on the communication channel chosen – Exchange in the case of emails, OneDrive for team chats, and SharePoint for files in teams groups. MS 365 does not offer a good overview of shared content for admins.
Those responsible can either go through the releases for each directory and user individually or export a collected CSV in which all SharePoint or OneDrive permissions are listed unfiltered. So, either a lack or an excess of information, but not a suitable middle ground that focuses on relevant areas and effectively highlights possible problems (such as different authorizations of individual users). So what can companies do to continue reaping the benefits of Microsoft 365 while keeping an eye on shared documents and ensuring data security in the cloud? As with almost all security-related topics, raising employee awareness forms a vital basis here: education about dangers and the correct handling of data helps to improve compliance with security guidelines in the company.
To minimize the risks posed by file sharing, additional restrictions can be made, which can be implemented via internal policies or settings in MS 365, including blocking individual domains as link recipients for documents or general blocks for external shares. The catch with such rigid guidelines is that they severely restrict the usual functionality of the cloud tools. This contradicts the actual purpose of easier exchange and increases the risk that employees will share data via other channels such as private chats and end devices, i.e., switch to shadow IT.
Track Approvals Effectively
The productive and, at the same time, safe use of Microsoft 365 cannot be guaranteed either through uncontrolled proliferation or far-reaching bans but only through sensitive restrictions, ongoing controls, and informed decisions that reconcile business purposes and data security. Just as with resources within one’s network, the question of who needs access to cloud files (and for how long) cannot be answered in general but only based on the respective context. Accordingly, only the separate specialist department can assess which file releases are appropriate and which are not.
However, to enable them to make this judgment, data controllers need clear information about who has access to which documents, both inside and outside the organization. Instead of just approving the sharing of a copy initially, companies must keep an eye on the entire life cycle of file sharing since the context of access decisions is constantly changing. Otherwise, legacy issues in the form of unnecessary accesses open the door to data misuse. Given the limitations that Microsoft 365 offers in evaluating file shares, external access rights management solutions are the best way to create the necessary overview for informed decisions.
In addition to the other advantages that the central control of local and cloud rights brings, the clear and understandable documentation of the Microsoft 365 releases significantly contributes to creating the necessary transparency for compliance with security principles such as Least Privilege Access. Only an automated solution guarantees the complete breakdown of all relevant rights and the ongoing control of all releases in the Microsoft cloud: Tasks that, with manual support, will sooner or later lead to errors and security gaps, even under the best possible circumstances. This insight into using Microsoft 365 is crucial to separate necessary approvals from potential risks and guarantee cloud data security in the long term.
Also Read: Microsoft Teams: The Benefits Of Using It
