Skip to main content
< All Articles

Is SharePoint Secure?

Posted on November 18, 2024
SharePoint

This is definitely one of the most frequent questions users ask when migrating to SharePoint and Microsoft 365. Especially if companies are moving from traditional on-premises file servers, I will try to answer this question for you in this article. I want to preface this by saying that I am not a Data or IT Security expert. So, this won’t be a point-by-point comparison of the security features of SharePoint compared to the other applications. Instead, I would like to briefly explain what are, in my opinion, the three major ingredients that make SharePoint secure, based on my SharePoint consulting experience and incidents of breaches I observed over the years.

In my opinion, Security consists of three variables:

  1. Microsoft’s security of its data centers
  2. Company’s Governance
  3. User Training

Microsoft’s Data Centers

The first component is Microsoft’s (the vendor that provides SharePoint Online/Microsoft 365) ability to secure its data centers from unauthorized access, hackers, bad actors, natural disasters, man-made catastrophes, etc. In my opinion, this is the same as trusting any online service you might use in your daily life (i.e., Online banking, CRM, Email, etc.).

Company’s Governance

The more critical factor in the equation is the Company’s ability to secure its data via proper Governance Policies. By default, out of the box, permissions are pretty loose in SharePoint. Everyone can create sites, external sharing is enabled by default, there are no retention policies, which means everyone can freely add/edit/delete any content.

Companies must develop, configure, and apply specific governance policies within the organization to prevent certain actions. In my earlier article, I shared several examples and best practices.

User Training

Last but not least is User Training. Despite the most stringent Governance policies, users can still cause chaos if they have no idea what they are doing. For example, users need to understand how sync works and its limitations, how to generate sharing links properly, delete and restore content, and so on.

Summary

I trust that Microsoft, with its vast resources, can secure its data centers and build proper redundancy and backups in case of a disaster. However, on the other side of the equation, we have Company Governance and user Training, which are ten times more important than what Microsoft is doing. So next time your boss questions SharePoint’s security, it is probably a good time to look in the mirror. 😊

About Me

I’m Greg Zelfond, a U.S. based SharePoint consultant, and I provide affordable out-of-the-box SharePoint consulting, training, and configuration assistance to small and medium-sized businesses all over the world.

Need help?
Looppermissions 1912299922

How Loop Permissions Work

As with most content within the Microsoft 365 eco-system, the first thing that comes to mind is security and permissions. Whether you organize your documents and other information in SharePoint,…

Read More