Shifting to a More Secure SharePoint Experience

By Tim Boivin

More than 200,000 organizations and 190 million people use SharePoint to collaborate today, according to Microsoft, with 81% of that collaboration happening in the cloud. What is stopping the rest from migrating their SharePoint deployments to the cloud? Security concerns lead the list, which 36% of organizations cite as the biggest drawback.

Getting control over who has access to your collaboration resources is a security imperative. Unfortunately, SharePoint was not originally designed for the cloud world of today, and thus still presents significant security challenges.

That’s why leading organizations today rely on Total Access Control (TAC), a Zero Trust Access solution that powers a much more personalized and secure SharePoint experience for both local and cloud deployments. TAC also offers a level of secure SharePoint file sharing that hasn’t been possible with the leading collaboration tool until now.

The Authentication Challenge

One of the biggest security concerns surrounding SharePoint is the level of authentication that is done prior to granting access to users. Although Microsoft offers its own multi-factor authentication (MFA), only 11% of enterprise Office 365 accounts today bother to turn it on.

The challenge today with SharePoint is the same challenge with many other applications, whether they are hosted on premise or in the cloud: organizations are being hacked with their own credentials obtained through phishing, brute force attacks or other common methods. Stolen or misappropriated credentials are used in more than 80% of reported hacking-related breaches, by far the most common technique for gaining unauthorized access.

On the other hand, if your users try to access SharePoint through TAC, they undergo an extensive authentication examination that can include device validation, your choice of multi-factor authentication, a compliance check, and whether the full context of that access request aligns with the organization’s own security policies – not just Microsoft’s.

For instance, TAC checks to make sure the endpoint’s antivirus is current. It can even limit the use of your users’ ability to upload and download links through SharePoint to only managed corporate devices. That prevents malicious software from being transported from that infected machine to your network.

TAC’s granular security policy enforcement also enables you to block unauthorized users from clicking on or downloading files from SharePoint (or any other application, for that matter) if the user’s context of access raises any red flags.

TAC also provides your organization with a comprehensive audit trail. This gives you greater assurance that the files and documents being shared over email go only to people with valid credentials for the network where the SharePoint instance is hosted – local or cloud.

Managing Massive Installations

Your organization can accomplish this elevated level of security through TAC without having to modify your SharePoint deployment or making the lives of your end users more difficult. That’s important, because many organizations have massive SharePoint installations, with many different instances each serving different user communities – and each with a different SharePoint instance.

When your users log in to TAC, they will see only those SharePoint instances that apply to their role within the organization. If you have 80 different SharePoint instances but only five of them apply to a given user, that user only sees those five.

The same goes for using SharePoint to send links to third parties who are not inside your infrastructure. SharePoint was originally intended only for internal use within an organization, allowing employees to easily store and share documents. As such, links to SharePoint documents don’t have public IP addresses, only internal ones. If your user passes a link to a SharePoint document to someone outside your organization, the address will be broken and the remote user won’t be able to access the document.

TAC’s gateway uses host address translation to turn that internal link into a public one. But that public link doesn’t connect directly to your SharePoint application. Instead, it terminates at the TAC gateway, which first ensures the remote user is authorized to view and/or manipulate the document. If approved, TAC resolves the public address to one that SharePoint understands and allows the third-party user access to the document. If the traffic is malformed or contains an attack, TAC detects this and drops the traffic, so it doesn’t reach your application server.

In the end, TAC’s policy engine enables you to define very specific requirements for collaboration through SharePoint. The rules – your rules – are highly granular and provide an amazing level of control over each and every resource users access through SharePoint. TAC changes the SharePoint experience, making it even more collaborative while providing greater security across your infrastructure.

Tim Boivin is the Marketing Director of PortSys. He can be reached at