THE HIDDEN DANGERS
IN SHAREPOINT
NO VISIBILITY. NO OPTIONS. NO CONTROL.
Lack of visibility within SharePoint
You won’t notice the monster hiding under your bed
You can’t tell if users have permissions they shouldn’t. SharePoint attackers can:
- Conceal access by hiding it within complex and obscure folder arrangements HOW?
- Conceal access by placing it inside groups within groups. HOW?
- Conceal “full access” rights by disguising them with false permission levels. HOW?
- Conceal entire document libraries to duplicate and exfiltrate confidential files. HOW?
Lack of options to do damage control if you got hacked: You can’t get rid of the monster
Even when you identified a cyber attack, SharePoint makes it almost impossible to remove access rights.
AI makes it easier to fall for phishing emails. It can generate believable texts in any language with real employee data in no time. Plus, Human error is still the main factor for cyberattacks being successful.
- SharePoint has very poor visibility, but it is even more difficult to remove the permissions that pose a risk to your business.
- The default M365 settings are not secure; they generate anonymous sharing links for sharing Teams files.
- The M365 sign in block can be very slow in removing access rigths from disgruntled employees.
Excessive & growing permissions obstructing compliance goals: Stopping the monsters is impossible
Even when you identified a cyber attack, SharePoint makes it almost impossible to remove access rights.
A company with about 400 employees can have 2 million files in SharePoint, and likely over 100,000 distinct access rights.
- Identifying which users have access to what in SharePoint is exhausting
- Literally no one within your organization is able to monitor this jungle of access rights; following that it is ever increasing and opening the doors widely for cyber criminals.
- Managers can’t see which users are in what group, leading to potentially wrong assumptions of data security.
The Issue? People have the ability to expose your company data to external parties. Even if you detected it and wished to stop it, you probably lack the time and resources to do so. This can result in business data and secrets being compromised, financial losses and image reputation harm that is – in most cases – irreparable.
The problem of hiding in SharePoint
SharePoint has many options to give file permissions. But were you aware that bad actors, like hackers or rogue employees, can actually expose all your company secrets in SharePoint? And that you would have no clue?
Folders conceal many items.
SharePoint does not have hierarchical views. When you open a folder, there may be many more folders and files inside. You have to go through every folder and file, to locate what you need, and each one of these has its several screens and tabs that you need to access to comprehend permissions.
Hidden accesses of users.
If you think about permissions or access rights? You don’t get any info at first glance. You need to click and click again to get the info. When you do find some, SharePoint still is not transparent about user numbers. Imagine finally finding the access rights. And you’re just making sure that the site is only shared with 4 Persons. But if you click again, it’s actually 5?
Hidden accesses behind groups
If you check a permission with a group in it, SharePoint does not show you the group members by clicking on it. Who is a member of WeLikeBananas?
The Active Directory (Entra) of M365 has the group info. The problem is: not everyone can access it. So only an M365 admin can get the info they need. Let’s check another group, which is called SUPA SECRET. Let’s find it in AD (Entra).
It doesn’t show up. Why? Because groups are in two places: M365 AD (Entra) and SharePoint Groups from the old-world permissions. To see SUPA SECRET, go to advanced permission settings of that specific Site in SharePoint. Not Modern SharePoint, but old UX. But STILL YOU HAVEN’T FOUND THE MEMBERS OF SUPASECRET?!
The only thing you see is an email address that makes you suspect that there’s an M365 group inside a SharePoint group as a permission on a folder. See how complicated this is getting? And once you get there, you find out, that there’s another guest, that was hidden behind these nested groups.
Hiding full access rights behind permission levels
Permission Levels can also be set by admins. The malicious actor can create a level which is called “read” – but with full control, which will make the members assume it’s actually “Read”.
When you check the permission level to view the actual permissions, SharePoint displays the genuine “Read” permissions, and not the false “read”! This leads the user to think that the “read” permission level is harmless.
Using document libraries to exfiltrate data
Admins can make document libraries that are secret and locked, so they are invisible and unreachable to other SharePoint members. . This lets them copy all files from a company into a concealed library.
A guest user can then be given full hidden access to the library. Without anybody noticing.
THE SOLUTION
GET BACK CONTROL AND ELIMINATE RISKS – WITH THE 365 PERMISSION MANAGER
If you’re a M365 Admin or even a CISO our 365 Permission Manager is exactly what you need to identify and eliminate falsely given permissions. It helps you elevate your compliance, monitor violations and makes admin tasks a breeze, giving you an easy overview on hidden permissions.
FIND THE MONSTERS UNDER YOUR BED WITH MORE VISIBILITY
REMOVE THE MONSTER
WITH MORE OPTIONS TO ACTION
DON’T LET MONSTERS IN WITH FULL CONTROL
FOLDER TREE VIEW
A tree view of SharePoint folders. You can easily see all the folders and their permissions, so there are no hidden accesses.
A simple view to show all the permissions for any file/folder and who can access them.
BULK ACTIONS & REPORTS
365 Permission Manager lets Admins see what the users can see. If a user’s account is compromised, all the permissions can be removed easily from one screen with just one click.
The default time for M365 to offboard a user is a few hours. This could be risky if the user’s account is misused. The Permission Manager has a feature that prevents the user from accessing anything until the offboarding is done.
You can also create reports to investigate what files a user can access AND full permissions across all your sites/OneDrives.
COMPLETE OVERSIGHT &
COMPLETE AUTHORITY
All features of the 365 Permission Manager are designed to be clear, giving you as a CISO or Admin complete authority over PRESENT and FUTURE permissions.
Joint accountability: As a CISO you’re establishing your own compliance policies that follow your companies’ rules and national requirements
By engaging employees via Audit & Reporting functions to individuals, lowering the CISO workload and as a result: Having employees with more awareness about permissions, while having more authority.
LEARN MORE ABOUT THE 365 PERMISSION MANAGER
READ OUR EDUCATIONAL ARTICLE
As with many Microsoft technologies, the focus on backwards compatibility has proven to be a strength when it comes to enterprises for decades. Imagine an organization with a large investment in SharePoint Server on-premises, with thousands of busy sites and Terabytes of data, migrating this to SharePoint online – this compatibility is a requirement.
However, it also has scary security implications – the reality today is that many businesses might be compromised, with bad actors exfiltrating data at will from your most precious intellectual property, with very little chance of discovery.
LISTEN TO OUR PODCAST
As more organizations embrace remote work, collaborate with external freelancers, and rely on tools like Microsoft Teams and emails for sharing files, the need to manage permissions has become crucial.
Tune in to this episode to learn about the complexities of SharePoint and discover ways to regain control over your access management.
Send a request now!
REQUEST A FREE TRIAL NOW AND ELEVATE YOUR COMPLIANCE.
Effortlessly manage Microsoft 365 permissions, enforce compliance policies, and monitor violations with our easy-to-use GRC service. Make admin tasks a breeze!