Blog

SharePoint Tutorials: SharePoint Security - Part 2

By Cathy Dew on June 20, 2017

Internal and External Sharing: The Pros, Cons, and Risks

One of the main goals that SharePoint achieves for most enterprises lies in its ease of document sharing. Teams within your organization can easily use SharePoint to share and collaborate on documents and files for different clients, projects, or operations. In fact, you can use SharePoint to collaborate both internally and externally—though doing so requires some tinkering with the software’s permissions system. Read on to learn more about how you can use your SharePoint intranet to share documents with both internal and external uses—as well as the pros, cons, and risks of doing so.

Setting up SharePoint Document Sharing

If you use SharePoint primarily as an online document repository, then it goes without saying that you are going to want to share SharePoint documents—at least on an internal basis. Many SharePoint sites are setup to promote sharing, allowing different users to share documents with groups, with team sites, via email, and more.

To disseminate a SharePoint document—either internally or externally—you will need to first set up permissions in SharePoint to decide who has the privilege to access what. Permissions in a SharePoint intranet can be customized as you please. Generally speaking, though, you will have an “Owners” group (local administrators who have full control over the target SharePoint site), a “Members” group (team members who don’t have full control, but can still add documents, edit certain documents, and more), and a “Visitor” group (who can view documents, but can’t add or edit them). “Visitor” access will permit the users in that group to download documents and keep them locally.

Enable SharePoint external sharing to easily collaborate with people outside your enterprise.

 

Internally, you will want to have these permissions in place for different groups. You can get as general or as granular as you want with your permission levels. (You are not limited just to Owners, Members, and Visitors, in other words.) Since most of your full-time team members would fall in the “Members” group—able to add or edit files, but not given total unrestricted control over a SharePoint site—you might create different permission groups to regulate document sharing further.

SharePoint has tools like permissions administration, permissions checking and audit tracking let you control who sees documents, as well as monitor what those users are doing when they access any given file on your SharePoint intranet. Especially internally, these controls work to help you safeguard your files and prevent leaks or unauthorized sharing.

A Word on the External Sharing of SharePoint Documents

Externally, sharing documents via SharePoint is a bit more complicated. Unfortunately, most organizations will eventually have to face these complications. Whether the external user is a client, a contractor, a vendor, a partner, or a customer, the time will come when you need to send a SharePoint document to someone outside of your enterprise. These people may or may not use SharePoint in their own organizations. How can you share files externally without sacrificing convenience or security?

SharePoint Online does offer a few ways to share content with external users. You can control external sharing by going to the SharePoint Online admin center and clicking “Sharing.” From there, you can choose one of the options described below:

  • “Don’t allow sharing outside your organization.” This option prevents internal users from sharing any SharePoint documents, sites, or other contents with external users.
  • “Allow sharing only with the external users that already exist in your organization’s directory.” This option allows you to share with external users, but only if they are in your user directory already. A user would be in your directory if you have previously invited them to view content. Also, your Office365 Administrator can add external user account to your Azure Active Directory for you so you can then find them and share targeted content with the external user.
  • “Allow users to invite and share with authenticated external users.” Speaking of invitations, this option allows users with full control permissions to invite external users to view SharePoint documents or sites. Each invitation expires after one use. However, if you enable this option and the option above, internal users would be able to share any content with invited persons going forward. Invited users must log in before they can view content.
  • “Allow sharing to authenticated external users and using anonymous access.” This option allows more flexibility with external sharing. Site owners can decide if external users will need to authenticate themselves before viewing content or if it’s possible to send the content via “anonymous guest links,” which don’t require a login. If you choose the anonymous guest link option, external users may be permitted to edit a SharePoint document or forward the link to other people. You can also set expiration timelines for anonymous links, to maintain some level of security and control. This is the least secure of all the sharing methods.

The Dangers of External Sharing in SharePoint

Enabling external sharing makes it easy to transmit key information to people outside your enterprise. Depending on the external sharing option you choose from the list above, you will be able to share up-to-date content and collaborate in real-time with external users. Therein lies the major benefit of external sharing: you don’t have to download a file and send it to an external user separate from SharePoint. Instead, you can use SharePoint to host the file, which makes sure everyone is on the same page and helps with collaboration.

The drawback to external sharing, though, is that it can quickly sacrifice security. Sharing anonymous links, for instance, eliminates virtually any semblance of security that you assign to a SharePoint document and the information it contains. Anyone can share, edit, or view the document, and you have limited means to track what those users are doing or why they are doing it. Even allowing users in your enterprise to share with anyone in the directory can limit the oversight you have over your files, especially if you frequently invite new external users.

Discover which version of user interfaces best fits your prefernce. Explore our blog to see what both Modern and Classic UI can do for you.

The best practice is to be vigilant about what you share and how you share it. Don’t use anonymous guest links unless the information contained in those links is not sensitive or confidential on any level. Additionally, think twice about using the directory option unless you make a point of updating the directory frequently to delete external users no longer associated with your organization. If you need more guidance on the best practices of external sharing, 2Plus2 can help. Go online to schedule a free consultation with our team or call 510-652-7700 today.

Sources:

Cathy Dew
Cathy Dew – CEO + Information Architect
Cathy focuses the company on our mission – Real results. Every time. Information architect and strategist, Cathy is passionate about making software work well – the function, the feel, the result.