welcome to XRM blog

Keep in touch with latest CRM/ERP articles

To remain competitive your organisation must be efficient across the business process spectrum. To do so you need to take sound decisions based on a balance between the cost and risk. To do so you will be heavily dependent on your content management in itself needs...

image
Blog

SharePoint Security - Part 2.

By Shreshth Gupta on 3/16/2021

Introduction

In the Previous part of this Blog we took a look into the ways that SharePoint provides us for managing our security needs, so that  we can improve the security of our precious data which is under the constant threat of being misused by the malicious elements of this Digital era. In this second part of the blog we will take a look on the other Security features that SharePoint and Microsoft  offers us that helps us in keeping our data secure.


Other Security Features to Consider

Other than the options of fine tuning the Permissions in the Site and the Document libraries SharePoint also have some other advanced features to help us secure our data.

 

Multi-Factor Authentication (MFA)

Multi-Factor Authentication or MFA is one of the first non-SharePoint security option that springs to mind, MFA not only secure your identity but also gives you a power to keep a check on any misuse of your identity and credentials. There are various options for us to integrate the MFA with few other policies which allows us to limit the MFA for some IP addresses or range of them. MFA can help us keep malicious elements at bay from using our own identities to steel our data. 

 

Data Encryption

Data encryption can be split in two categories – mid-transit and at rest. Both are automatically protected using the most advanced technologies possible, like AES-256 encryption. There are some specific features: data mid-transit is protection using IPsec, TLS/SSL and more; data at rest is taking advantage of BitLocker and a variety of features tied to Microsoft’s Azure cloud storage – TDE (Transparent Data Encryption), Azure Disk Encryption and so on.

 

Encryption of data at rest

Encryption at rest includes two components: BitLocker disk-level encryption and per-file encryption of customer content. BitLocker is deployed for OneDrive for Business and SharePoint Online across the service. Per-file encryption is also in OneDrive for Business and SharePoint Online in Microsoft 365 multi-tenant and new dedicated environments that are built on multi-tenant technology.

While BitLocker encrypts all data on a disk, per-file encryption goes even further by including a unique encryption key for each file. Further, every update to every file is encrypted using its own encryption key. Before they are stored, the keys to the encrypted content are stored in a physically separate location from the content. Every step of this encryption uses Advanced Encryption Standard (AES) with 256-bit keys and is Federal Information Processing Standard (FIPS) 140-2 compliant. The encrypted content is distributed across several containers throughout the datacenter, and each container has unique credentials. These credentials are stored in a separate physical location from either the content or the content keys.

File-level encryption at rest takes advantage of blob storage to provide for virtually unlimited storage growth and to enable unprecedented protection. All customer content in OneDrive for Business and SharePoint Online will be migrated to blob storage.

 

Here is how that data is secured:

All content is encrypted, potentially with multiple keys, and distributed across the datacenter. Each file to be stored is broken into one or more chunks, depending on its size. Then, each chunk is encrypted using its own unique key. Updates are handled similarly, the set of changes, or deltas, submitted by a user is broken into chunks, and each is encrypted with its own key. All these chunks—files, pieces of files, and update deltas—are stored as blobs in our blob store. They also are randomly distributed across multiple blob containers. The "map" used to re-assemble the file from its components is stored in the Content Database. Each blob container has its own unique credentials per access type (read, write, enumerate, and delete). Each set of credentials is held in the secure Key Store and is regularly refreshed.

In other words, there are three different types of stores involved in per-file encryption at rest, each with a distinct function:

-        Content is stored as encrypted blobs in the blob store. The key to each chunk of content is encrypted and stored separately in the content database. The content itself holds no clue as to how it can be decrypted.

-        The Content Database is a SQL Server database. It holds the map required to locate and reassemble all the content blobs held in the blob store as well as the keys needed to decrypt those blobs.

Each of these three storage components—the blob store, the Content Database, and the Key Store—is physically separate. The information held in any one of the components is unusable on its own. This provides an unprecedented level of security. Without access to all three it is impossible to retrieve the keys to the chunks, decrypt the keys to make them usable, associate the keys with their corresponding chunks, decrypt any chunk, or reconstruct a document from its constituent chunks.

 

Virus Detection

Virus detection is an automated feature that checks every file that is saved within a document library or site. It uses a highly sophisticated anti-malware engine to scan files for viruses and other contaminants. If any user tries to download an infected file – they will get a warning message about a possible infection within the file and the download is blocked with a warning message. The user is given a choice to download that file and attempt to fix it with their own standalone antivirus software or discard the download all together. This ensures that any virous or malicious code cannot be inserted into our SharePoint environment to affect the data stored in it.

 

Here are some articles that will allow you to understand the security offerings that Microsoft promises such as encryption, security features, etc.

-        https://docs.microsoft.com/en-us/microsoft-365/compliance/data-encryption-in-odb-and-spo?view=o365-worldwide

-        https://docs.microsoft.com/en-us/sharepoint/safeguarding-your-data

 

Conclusion

 As we have now seen that there are several ways to ensure our data’s security, some of which we can implement and some of them are offered out-of-the-box by SharePoint itself to make it more secure than it already is.

But if you still are afraid of losing your data here is something that can bring you at ease:

 

Your data is secure with Microsoft!!!

 

Microsoft continuously monitor their datacenters to keep them healthy and secure. This starts with inventory. An inventory agent scans each subnet looking for neighbors. For each machine, they perform a state capture.

After they have an inventory, they then monitor and remediate the health of machines. The security patch train applies patches, updates anti-virus signatures, and makes sure that they have a known good configuration saved. They have role-specific logic that ensures Microsoft only patch or rotate out a certain percentage of machines at a time.

Microsoft also have an automated workflow to identify machines that don't meet policies and queue them for replacement.

The Microsoft 365 "Red Team" within Microsoft is made up of intrusion specialists. They look for any opportunity to gain unauthorized access. 

The "Blue Team" is made up of defence engineers who focus on prevention, detection, and recovery. They build intrusion detection and response technologies.

 

Data with Microsoft is Highly available and always recoverable

Microsoft’s datacenters are geo-distributed within the region and fault tolerant. Data is mirrored in at least two datacenters to mitigate the impact of a natural disaster or service-impacting outage.

Metadata backups are kept for 14 days and can be restored to any point in time within a five-minute window.

In the case of a ransomware attack, you can use Version history to roll back, and the recycle bin or site collection recycle bin to restore. If an item is removed from the site collection recycle bin, you can call support within 14 days to access a backup. The Version History not just let us restore the data back but also allows us to keep a track of all the activities and interactions users had with the data present in our SharePoint environment, apart from that the version history also help us to maintain and review various levels of our work as we go forward.

 

So, now you can understand how much secure your data is with Microsoft and SharePoint regardless of the various threats out there to get hold of your valuable data and you can trust SharePoint to fulfil all your security needs for making your data much more secured in each way possible. 

Blog Calendar
Blog Calendar List
2024 Nov  4  1
2024 Aug  5  1
2024 Apr  45  4
2024 Mar  129  4
2024 Feb  229  3
2024 Jan  29  7
2023 Dec  24  6
2023 Nov  353  5
2023 Oct  475  12
2023 Sep  1207  9
2023 Aug  318  6
2023 Jul  47  6
2023 Jun  26  4
2023 May  44  5
2023 Apr  67  5
2023 Mar  183  6
2023 Feb  158  5
2023 Jan  66  4
2022 Dec  95  7
2022 Nov  282  2
2022 Sep  13  1
2022 Aug  32  2
2022 Jun  11  2
2022 May  6  2
2022 Apr  12  2
2022 Mar  2  1
2022 Feb  2  1
2022 Jan  1  1
2021 Dec  4  1
2021 Nov  2  1
2021 Oct  2  1
2021 Sep  14  1
2021 Aug  49  5
2021 Jul  50  4
2021 Jun  1658  5
2021 May  40  3
2021 Apr  2202  3
2021 Mar  208  5
2021 Feb  2560  7
2021 Jan  3775  9
2020 Dec  520  7
2020 Sep  80  3
2020 Aug  767  3
2020 Jul  134  1
2020 Jun  93  3
2020 Apr  89  3
2020 Mar  19  2
2020 Feb  34  5
2020 Jan  47  7
2019 Dec  17  4
2019 Nov  38  1
2019 Jan  23  2
2018 Dec  110  4
2018 Nov  68  3
2018 Oct  18  3
2018 Sep  1222  11
2018 Aug  7  2
2018 Jun  18  1
2018 Jan  70  2
2017 Sep  588  5
2017 Aug  17  1
2017 Jul  17  2
2017 Jun  64  2
2017 May  21  1
2017 Apr  38  2
2017 Mar  138  4
2017 Feb  830  4
2016 Dec  207  3
2016 Nov  917  8
2016 Oct  317  10
2016 Sep  772  6
2016 Aug  39  1
2016 Jun  1883  6
2016 May  112  3
2016 Jan  72  2
2015 Dec  643  6
2015 Nov  4  1
2015 Oct  13  1
2015 Sep  1471  6
2015 Aug  14  1
2015 Jul  129  2
2015 Jun  11  1
2015 May  20  1
2015 Apr  30  3
2015 Mar  80  3
2015 Jan  5344  4
2014 Dec  17  1
2014 Nov  2260  4
2014 Oct  69  1
2014 Sep  107  2
2014 Aug  5319  1
2014 Jul  49  2
2014 Apr  2592  12
2014 Mar  303  17
2014 Feb  222  6
2014 Jan  1510  16
2013 Dec  21  2
2013 Nov  693  2
2013 Oct  256  3
2013 Sep  11  1
2013 Aug  40  3
2013 Jul  214  1
2013 Apr  61  6
2013 Mar  2357  10
2013 Feb  131  3
2013 Jan  350  2
2012 Nov  61  2
2012 Oct  518  10
Tag Cloud
Interested in our services? Still not sure about project details? get a quote