SharePoint: Enable Collaboration, Don’t Compromise Security

May 31, 2017 |
Image of file identity properties including custom attributes, site permissions, location, author and date

There are two fundamental approaches that organizations use to secure content in SharePoint today: restrict user access and apply file encryption.

1. Restrict User Access – User access tools allow administrators to juggle inherited permissions, maintain multiple user groups or create unique silos for specific sharing scenarios. User access can be restricted to completely secure files to the point of rendering collaboration impossible.


Restricting user access also results in several SharePoint administration problems:

  • Difficulty to manage and maintain users belonging to hundreds of groups
  • Too many permissions requests and the need to handle exceptions
  • Users bypass security to work around burdensome restrictions
  • Complicated inter-rule interactions can yield unforeseen outcomes


2. Apply File Encryption – File encryption tools are used to protect sensitive files that must not be mishandled. When user access has been relaxed, organizations can encrypt the files to ensure that the data is safe when it is being used.

When too many files are encrypted at rest, however, usability is often sacrificed:

  • Files are not indexed or searchable, so they can be difficult to use
  • Files cannot be scanned for content, so they may be inappropriately categorized
  • Key management and revocation requests can overload IT and inhibit sharing

User access restrictions and file encryption, combined with complicated permissions and exceptions, make it difficult to have secure and collaborative environments.

Decorative Image of SharePoint security checks

Static Security is a Problem

Microsoft offers quite a few tools to help, but they are static.

  • User access permissions are static – they do not change as the user moves between networks, devices, and even countries.
  • File encryption templates are static – they are generally applied to all files of a certain classification, regardless of how the content changes over time or how that file is used.

Static access permissions and file encryption templates do not work in the modern dynamic, ‘always on’ workplace and with today’s evolving SharePoint environments especially when considering:

  • User mobility, BYOD, and unsecured devices
  • A large number of users and groups
  • Mixed or legacy SharePoint environments with inconsistent security tools
  • A complex matrix of overlapping permissions such as security clearances or project teams
  • Regulations that vary by country or data transmission methods


What’s Missing is Dynamic Security.

Dynamic security is a policy-based approach that evaluates a range of constantly-changing attributes in real-time about users and files. As user and file contexts change, different policies are automatically applied that are appropriate for both the user and the file’s context. This capability addresses the weaknesses of static user permissions and static file encryption templates.

This dynamic and policy-based model provides a much more fine-grained security approach that is simpler to administer and dramatically reduces the need for exceptions handling.

The key to dynamic security is combining both user and file attributes to create sophisticated policies. If any of these attributes change, appropriate policies respond in real-time.

A New Model for SharePoint Security

Get the white paper that proposes a new model for SharePoint security that enables collaboration without compromising security. It shows why dynamic security is so important to secure SharePoint. By reading the paper, SharePoint administrators will gain a better understanding of how they can apply user and file context to drive dynamic policy-based SharePoint security.

Dynamic-Security-in-SharePoint - Protect SharePoint and Office 365 files beyond what Microsoft can do - Download the whitepaper

Back to Blog Home

Diana South

As Senior Product Marketing Manager, Diana South is responsible for Cryptzone’s data loss prevention and digital accessibility solutions. Diana brings over 20 years of experience with enterprise software to help organizations provide equal and secure access for their users, delivering products that become integral to the customers' business.

Leave a Reply

Your email address will not be published. Required fields are marked *