Is my stuff secure in SharePoint and Office 365? It is a valid question as organizations offload gigabytes of content, which used to be behind the firewall, into the cloud. Let me try and answer this for you.
Just like there are two sides to the coin, there are two components to this answer.
1. Security measures by Microsoft
The first component of security lies in the safety and integrity of your data. This step relies primarily on the owner of the Office 365 solution – Microsoft®. Things like server backups, data encryption, protection against hackers and malware are what matters here. You can read about advanced measures Microsoft is taking to assure data safety here. I also recommend that you check out this excellent post and infographic by ShareGate as well.
One thing that is pretty important and hopefully clear here is that you have no control over any of these – essentially you put your trust into the hands of a 3rd party. With that being said, we do so freely with all of the other content, by providing 3rd parties like Google, Salesforce, Facebook, Quickbooks with other, very private information.
Related to the above, quite often I hear SharePoint on-premises users telling me they will never go to SharePoint Online/Office 365 because it is not secure. You could not be further from the truth. This is fake news as we like to call it these days. The users who say that SharePoint Online is not secure are the same users who already use Gmail, SalesForce, DropBox, QuickBooks – all the tools running in the cloud already, by the way. Look, I am no security expert and I do not work for Microsoft, but if you think that your small business or nonprofit can create a more secure network and environment than Microsoft – then you must be smoking some good stuff (tell me what it is so we can escape the reality together). :-)
2. Security measures by your organization
The second component of security is what you, as an organization are doing to assure the security of your own content. Just because the stuff is in the cloud and encrypted and backed up by Microsoft, does not make it secure. That’s your job! I am talking about basic features like site security and administration, governance, external sharing, offline sync.
- If you do not set up external sharing properly, you open up a backdoor for external users to potentially access content they don’t need to.
- If you allow your users to sync docs to the laptop using OneDrive sync client, you potentially carry the risk of your intellectual property ending up in wrong hands should the laptop be stolen.
- If you give users more access/permissions than what they need, they can potentially cause harm (unknowingly and unwillingly)
- If you fail to do end-user training, your users might not know basic features like Version history and Recycle bin, causing unnecessary loss of data.
So as you can see, this second component is entirely under your control. And there is a lot that needs to be done on your part, with setup, training, governance, to make the data secure! So next time you have a question “Is my stuff secure in SharePoint and Office 365?” – I will be looking for you to answer it!