SharePoint Defense in Depth

A community site for SharePoint security and compliance issues

About this community

SharePoint Defense in Depth is an open community site and resource for those interested in security, defense in depth, compliance, and SharePoint. This community site provides a place to pose questions to experts, and to learn how best to tackle your SharePoint security challenges.

For access to resources including a SharePoint Content Scanner, and SharePoint Risk Assessment, please create a login. Note that to limit spam and non-useful content on this site, we require either a valid corporate e-mail domain, or a legitimate LinkedIn profile for registrants before approving access.

Our simple goal is to provide the SharePoint community with tools and resources that enable you to more effectively secure your SharePoint environments. We encourage you to engage, and post your own tips, tricks, and resource to help make SharePoint sites more secure. If you have ideas as to how we can make the SharePoint Defense in Depth site a better community resource, please contact us on:

Blog Posts

Video demonstration of the content scanner

Posted by Mike Fleck on July 18, 2016 at 9:53am 0 Comments

If you came to SharePointDefenseInDepth looking for complimentary access to the data discovery tool (Content Scanner), you can request your copy by reaching out to If you'd like to learn more about how to use the scanner and what it can locate check out this video on Vimeo. The first minutes minutes is background material so don't worry if you heard the audio but the video doesn't seem to be moving. …


Understanding file encryption in Office 365

Posted by Mike Fleck on March 8, 2016 at 12:01pm 0 Comments

In early 2015 Microsoft started rolling out per file encryption for SharePoint Online and OneDrive for Business in Office 365. Prior to that, the file encryption capability in Office 365 was simple BitLocker storage encryption. The newer approach, often referred to as Fort Knox, involved breaking files into fragments and encrypting each file fragment with a unique encryption key. Microsoft sometimes refers to this fragmenting of files as “shredded storage.” The fragment encryption keys (FEK)…


Reimagining a New Security Model for SharePoint

Posted by Peter Bradley on January 6, 2016 at 5:00pm 0 Comments

SharePoint's old security model was conceived in a different era. Let's imagine what a new security model might look like.

In my last post, we looked at the humble beginnings of SharePoint as Microsoft Tahoe, and pointed out that the security…


The free SharePoint Content Scanner is back

Posted by Mike Fleck on December 18, 2015 at 12:57pm 0 Comments

CipherPoint is once again providing free access to the content scanner.Yes, Office 365 has Data Loss Prevention but there are few reasons why you would be interested in this tool vs. the one from Microsoft.

  1. The CipherPoint scanner lets you create custom patterns to find.
  2. The CipherPoint scanner can search for sensitive content in on-premises AND Office 365 at the same time.
  3. The CipherPoint scanner is a lot easier to use.

To get the scanner you…





Take the CipherPoint's Annual State of Collaboration Security Survey

Started by Mike Fleck in General security topics Jul 14, 2014. 0 Replies

Each year, CipherPoint conducts a survey to understand businesses’ top security concerns relating to file…Continue

Government Agencies Deploying SharePoint Despite the Lack of FIPS 140-2 Level Validation

Started by K Nahbrha in Industry compliance. Last reply by Mike Fleck Dec 6, 2013. 1 Reply

How are government agencies deploying SharePoint 2010 despite the fact that SharePoint does not support FIPS 140-2 level validation as required by NIST?The operating system that hosts SharePoint must…Continue

Tags: DISA, Cryptography, NIST, 2010, SharePoint

Securing SharePoint

Started by Site Admin in General security topics Aug 16, 2013. 0 Replies

A reader posted this response to a blog we posted on the Snowden breach, and the SharePoint connection. What do you think...can SharePoint be securely deployed?JimOur blog is here:…Continue

Is anyone using RMS and SharePoint 2013?

Started by Mike Fleck in General security topics. Last reply by Kirk Hasty Jul 22, 2013. 1 Reply

One of our members just posted the above question in his status. Is anyone here using Windows Rights Management (or third party RMS provider) with *any* version of SharePoint? If so, please post your…Continue

Tags: 2013, sharepoint, management, rights

Insider Threats, SharePoint, and the Snowden and Wikileaks Security Breaches

Cross post from

At a high level, the Snowden and Wikileaks security breaches both highlight the insider threat to sensitive information. The “insider threat” has been well understood (for a very long time) to be very serious (significant impacts are likely from insider security breaches). Also well known is the difficulty in implementing controls that fully mitigate the threat.

If you’re wondering how insiders can access sensitive information in SharePoint, here’s a link to a video demo showing how easy it is for a maliciou.... Note that this problem is not specific to SharePoint. Any technology can be compromised by a malicious individual with administrator privilege.

While both PRISM and Wikileaks involved government entities (a national intelligence agency and the DoD), the threat from insiders and system administrators is a universal one. Every year, we see numerous stories about insiders from a myriad of different companies and industries walking off with sensitive or valuable data.

A few key takeaways regarding the insider threat and SharePoint:

-       SharePoint security should start with understanding the information assets that exist on your SharePoint sites. It’s fundamentally not possible to assess risk without this understanding. At CipherPoint, we talk with many SharePoint users, and it’s frankly alarming how many have no real idea if there’s sensitive or regulated content stored on the platform, or where it exists. If you’re in this boat, have a look at our content scanner video.
-       Any organization with sensitive or valuable information in SharePoint is at risk. Certainly this includes defense and intelligence organizations, but it also includes commercial organizations with high-value IP, trade secrets, financial information, M&A information, Human Resources information, and many other categories of valuable information.
-       In any given organization, controls aimed at fully mitigating the insider threat will likely need to include both technical controls, and administrative controls. Most IT platforms do not provide native security controls capable of preventing administrators from accessing information for which they have no “need to know”. This is obviously true for SharePoint deployed with out-of-the box security controls implemented on-premises. It’s also true for cloud collaboration platforms such as SharePoint Online, Office365, Box, and others. For all of these platforms, 3rd party security controls (such as CipherPoint’s security products for SharePoint, file servers, and cloud collaboration platforms) can fill this gap. In addition, technical controls will need to include a mix of preventive controls (access controls and encryption), and detective controls (audit and reporting).
-       Platforms like SharePoint can be used in high security applications. Solutions like CipherPoint’s can enable businesses to expand their use of SharePoint, and to bring the benefits of collaboration to new use cases involving sensitive and regulated data (while maintaining security, even against malicious insiders).

If you have sensitive information stored in SharePoint, file servers, or in cloud collaboration systems, and would like to learn more about CipherPoint’s security solutions, please check out our informative whitepapers, request a trial, or contact us.

Here’s a few external articles involving security breaches where malicious insiders were the source of attack:

- Interview with Robert Bigman, ex-CIA CISO, on preventing insider security breaches.

Slashdot article on preventing insider breaches

- Information Week article on preventing insider security breaches

The folks at Carnegie Mellon US CERT have done some good work in characterizing insider threats and attacks. See their resources here.


By Mike Fleck

CEO, CipherPoint

Views: 113


You need to be a member of SharePoint Defense in Depth to add comments!

Join SharePoint Defense in Depth

© 2020   Created by Jim.   Powered by

Badges  |  Report an Issue  |  Terms of Service