OneDrive for Business Security Tips and Tricks

Philip Robinson by    Published On - 08.21.2019   Data Security

The rate of cloud technology adoption has increased dramatically over the last few years, with file storage generally being the go-to cloud service. That’s because cloud storage enables organizations to keep costs down and made data more accessible, helping to drive collaborations.

Microsoft are responsible for very popular cloud file storage services. Microsoft OneDrive is a non-business product that comes as standard with their email services. OneDrive for Business, on the other hand, is a business-focused solution to cloud storage that is included within an Office 365 subscription.

What is OneDrive for Business?

OneDrive for Business is the evolution of a tool named Groove, which was first introduced to consumers with Office 2007. The original idea behind the tool was to enable collaboration over key files with team members without having to rely on a physical server. It enabled you to synchronize files offline on other devices.

When Microsoft released SharePoint 2013, they released a new version of Groove in conjunction with SharePoint Workspace, and they named it SkyDrive Pro. SkyDrive Pro enabled users to synchronize SharePoint document libraries offline through a desktop installation. Microsoft then later changed the name to OneDrive for Business following a lawsuit.

Why OneDrive for Business Security Matters

If you are looking for a cloud file storage service, there are many factors to consider, including cost, data centre locations, storage capabilities and integrations. However, it is important not to ignore security when you are considering which service to go with. You cannot trust third party providers to take care of data security for you. Instead, you should take it upon yourself to double check the available security controls and understand which platforms would be best for your data security.

Is OneDrive for Business Secure? Key Security Features

Microsoft have included fundamental security features into OneDrive for Business to help you maintain the security of the data you store in the cloud. Since the first iterations of OneDrive for Business, many improvements have been made to these security controls.

Encryption of Data

OneDrive for Business communications are protected using SSL/TLS. What this essentially means is that when you access, move or copy data in OneDrive for Business, there are security controls in place to protect the data.

OneDrive for Business uses both disk-level and file-level encryption of data at rest to keep the actual content secure. The per-file encryption provides each encrypted file with a unique encryption key, and each further update to that file is encrypted using that key.

Access Controls

Configurations, permissions and sharing settings can all be established from the OneDrive Admin Centre, ensuring that your OneDrive for Business environment is operating on a policy of least privilege. You can control, from within the Admin Centre, what sharking links are used by default when users share items; whether you want it to be open to everyone, only to people in your organization or to specific people.

Using OneDrive for Business to Synchronize Content

OneDrive for Business is particular popular because it allows users to synchronize content to multiple devices. Files can be made available online only, locally or they can be made always available. The OneDrive Admin Centre goes even deeper into synchronization settings and, in combination with Microsoft Intune or AD Group Policies, you can impose synchronization restrictions to maintain security.

Improving OneDrive for Business Security: Policies and Practices

With any file storage, whether on-premise or in the cloud, it’s important to ensure that you impose the correct policies and practices that keep security at the forefront of usage. When it comes to OneDrive for Business, it’s a good idea to keep restrictions on the types of content you would like to be stored and shared.

OneDrive for Business actually offers five data protection and data loss prevention policies that you can take advantage of; audit logs of events, data loss prevention policies, preservation policies, eDiscovery and alerts. You should take advantage of all of this and also put in place your own policies to help identify, secure and monitor access to your most sensitive data.

In addition to what OneDrive for Business offers for native data security, you could also ensure that you apply your own stricter data loss prevention policies. You should ensure that access rights are restricted to your most sensitive data – it’s unlikely that there are many people in your organization who need access to credit card information, for example. It’s also a good idea to combine the native auditing features of OneDrive for Business with a more advanced third party OneDrive for Business auditing solution that enabled you to keep more visibility over user behavior with your sensitive data. Such solutions can allow you to locate and classify sensitive data, track permission changes and spot anomalies in user behavior. They can also generate real time alerts and pre-defined reports to help you speed up response to potential security incidents.

If you would like to see how LepideAuditor can help you improve OneDrive for Business security, start your 15-day free trial today.

If you liked this, you might also like...