SharePoint Defense in Depth

A community site for SharePoint security and compliance issues

About this community

SharePoint Defense in Depth is an open community site and resource for those interested in security, defense in depth, compliance, and SharePoint. This community site provides a place to pose questions to experts, and to learn how best to tackle your SharePoint security challenges.

For access to resources including a SharePoint Content Scanner, and SharePoint Risk Assessment, please create a login. Note that to limit spam and non-useful content on this site, we require either a valid corporate e-mail domain, or a legitimate LinkedIn profile for registrants before approving access.

Our simple goal is to provide the SharePoint community with tools and resources that enable you to more effectively secure your SharePoint environments. We encourage you to engage, and post your own tips, tricks, and resource to help make SharePoint sites more secure. If you have ideas as to how we can make the SharePoint Defense in Depth site a better community resource, please contact us on:

Blog Posts

Video demonstration of the content scanner

Posted by Mike Fleck on July 18, 2016 at 9:53am 0 Comments

If you came to SharePointDefenseInDepth looking for complimentary access to the data discovery tool (Content Scanner), you can request your copy by reaching out to If you'd like to learn more about how to use the scanner and what it can locate check out this video on Vimeo. The first minutes minutes is background material so don't worry if you heard the audio but the video doesn't seem to be moving. …


Understanding file encryption in Office 365

Posted by Mike Fleck on March 8, 2016 at 12:01pm 0 Comments

In early 2015 Microsoft started rolling out per file encryption for SharePoint Online and OneDrive for Business in Office 365. Prior to that, the file encryption capability in Office 365 was simple BitLocker storage encryption. The newer approach, often referred to as Fort Knox, involved breaking files into fragments and encrypting each file fragment with a unique encryption key. Microsoft sometimes refers to this fragmenting of files as “shredded storage.” The fragment encryption keys (FEK)…


Reimagining a New Security Model for SharePoint

Posted by Peter Bradley on January 6, 2016 at 5:00pm 0 Comments

SharePoint's old security model was conceived in a different era. Let's imagine what a new security model might look like.

In my last post, we looked at the humble beginnings of SharePoint as Microsoft Tahoe, and pointed out that the security…


The free SharePoint Content Scanner is back

Posted by Mike Fleck on December 18, 2015 at 12:57pm 0 Comments

CipherPoint is once again providing free access to the content scanner.Yes, Office 365 has Data Loss Prevention but there are few reasons why you would be interested in this tool vs. the one from Microsoft.

  1. The CipherPoint scanner lets you create custom patterns to find.
  2. The CipherPoint scanner can search for sensitive content in on-premises AND Office 365 at the same time.
  3. The CipherPoint scanner is a lot easier to use.

To get the scanner you…





Take the CipherPoint's Annual State of Collaboration Security Survey

Started by Mike Fleck in General security topics Jul 14, 2014. 0 Replies

Each year, CipherPoint conducts a survey to understand businesses’ top security concerns relating to file…Continue

Government Agencies Deploying SharePoint Despite the Lack of FIPS 140-2 Level Validation

Started by K Nahbrha in Industry compliance. Last reply by Mike Fleck Dec 6, 2013. 1 Reply

How are government agencies deploying SharePoint 2010 despite the fact that SharePoint does not support FIPS 140-2 level validation as required by NIST?The operating system that hosts SharePoint must…Continue

Tags: DISA, Cryptography, NIST, 2010, SharePoint

Securing SharePoint

Started by Site Admin in General security topics Aug 16, 2013. 0 Replies

A reader posted this response to a blog we posted on the Snowden breach, and the SharePoint connection. What do you think...can SharePoint be securely deployed?JimOur blog is here:…Continue

Is anyone using RMS and SharePoint 2013?

Started by Mike Fleck in General security topics. Last reply by Kirk Hasty Jul 22, 2013. 1 Reply

One of our members just posted the above question in his status. Is anyone here using Windows Rights Management (or third party RMS provider) with *any* version of SharePoint? If so, please post your…Continue

Tags: 2013, sharepoint, management, rights

SharePoint Security Impacts From Snowden and Wikileaks Breaches

Cross post from

The biggest security story that we’ll see this year is the Snowden – NSA – PRISM leak. The biggest security story in the past couple of years prior to PRISM has clearly been Wikileaks. Common threads obviously run through these breaches, starting with the use of SharePoint by both organizations and the attackers in both cases compromising the confidentiality of information therein. The UK newspaper The Register reported late last week that the Snowden breach involved information obtained out of SharePoint servers. There are so many different angles to these security breaches, and they are so important, that we’ll address them in a series of blog posts over the next few weeks. Topics for these blogs include:

1)   The increasing importance of security controls that aim to keep system administrators honest or from mistakenly putting the organization at risk. While both Snowden and Wikileaks involved national intelligence agencies and the DoD, the threat from insiders and system administrators is a universal one. Every year, we see numerous stories about insiders from a myriad of different companies and industries walking off with sensitive or valuable data or just accidently making information publically accessible. This article will describe the insider threat, and will discuss challenges to securing IT systems against insiders that are common to many organizations and IT platform

2)   It is well documented at this point that some leaked Wikileaks data came from SharePoint sites. NSA has also very recently admitted that data relating to the PRISM breach was obtained from SharePoint servers. It is now clear that the Edward Snowden a) was a system administrator, b) had system administrator privileges across a variety of systems, and c) did not have “need to know” for the information that was stolen and subsequently leaked, and d) obtained much of the information that he’s now leaking from a SharePoint server. This article describes specific challenges relating to securing information in collaboration platforms against system administrators, with specific focus on premise SharePoint sites. To many in the SharePoint world,  “SharePoint security” is synonymous with “SharePoint permissions” and the Snowden breach is a great example of how permissions are a single point of failure and do not (in and of themselves) equate to a proper security architecture.

3)   Solving the SharePoint insider threat issue. Protecting data in SharePoint requires the right mix of security controls, and the right architectural approach. Data encryption and access controls at the application layer are critical.

4)   In defense of SharePoint…Both the Snowden and Wikileaks breaches involved SharePoint. This doesn’t mean, however, that SharePoint is inherently flawed from a security standpoint. It does mean that a defense in depth approach needs to be taken with SharePoint, as with any other IT platform. This blog will explore what a rigorous defense in depth security architecture for SharePoint looks like. The key takeaway…SharePoint farms can be adequately secured to store even the most sensitive data, from a multitude of threats, including privileged insiders.

5)   Security of data in cloud services has been a big issue since cloud first emerged. From the perspective of the PRISM program, and the data collected, both enterprises and consumers using or planning to use cloud services have to be seriously concerned about their data in cloud services. You have to approach cloud services at this point by assuming that your data is being looked at by third parties, including cloud systems administrators, and by governmental agencies. This article will look at cloud data privacy and security issues in light of these developments.

6)   If you accept that cloud data is at great risk, you have a number of different ways to approach securing the data. Data encryption is the primary security tool to employ, and there are big and important choices to be made, including where to insert the encryption (on a client, in a proxy, in a SaaS service, or on the cloud computing infrastructure itself), and how and by whom your encryption keys and encryption routines are managed. This article will explore encryption implementation issues related to securing cloud data.

A final thought, and we believe an important one. This is not solely a SharePoint security issue. This is a gross generalization, but most IT platforms, and particularly collaboration-oriented platforms, are challenged to adequately secure against rogue systems administrators and insiders. The solution to securing SharePoint and other IT platforms against insiders will always boil down to careful application of security controls, including ones that are native to the platform, and 3rd party controls that further lock down the platform and data.

An analogy we use at CipherPoint: if your house gets broken into, but you like the house, keep the house and buy a security system. People love SharePoint for the collaboration efficiencies the platform brings to the enterprise. Add to SharePoint the right set of administrative and technical security controls, and you’ve got a winning combination. It is possible to use the SharePoint platform for use cases involving highly sensitive data! If you’re using SharePoint and have concerns about security against insider threats, please reach out to us, we’d love to talk with you.

By Mike Fleck

CEO, CipherPoint

Views: 78


You need to be a member of SharePoint Defense in Depth to add comments!

Join SharePoint Defense in Depth

© 2020   Created by Jim.   Powered by

Badges  |  Report an Issue  |  Terms of Service