How to Make an Office 365-Based Intranet Secure
Microsoft offers a powerful suite of tools to give your intranet additional layers of security. Your organization has the power to fine-tune its controls, even specifying the level of access from a particular device, for a particular user, at a particular location.
OneWindow basically uses the same security rules as Microsoft but makes some adjustments based on the team’s sense of good governance policies. So how exactly do you keep your data locked down when using an Office 365-based intranet?
OneWindow does encrypt and store a small amount of information for registration and tracking purposes, but it doesn’t store customer-specific data such as documents and search results. That information is stored in the underlying Office 365 workloads for the customer. This means a more complicated implementation route but overall allows OneWindow to consume all the same features and security boundaries that are set up by Office 365 itself.
Moving to cloud storage raises a number of issues about privacy and security. Before storing any data in the cloud, you should first contemplate the answers to these questions:
- What specific authentication methods will you offer to your users?
- Who will be using cloud storage?
- How will users access the data? Which devices and which locations are authorized?
- What type of content will be stored in the cloud? How will any sensitive information be handled?
Intranet Permission Schemes
Historically, businesses have taken a free-for-all approach to their intranets. The IT department would provision a set of enterprise sites and give all employees access to create content, without any care or governance.
This led to things spiraling out of control as more and more content was uploaded in a disorganized fashion. Over time, enterprises established additional controls over creating workspaces and sites and uploading content. This led to the evolution of governance models, further restricting users’ actions.
OneWindow tries to keep the issue of permissions very close to the governance decisions that were made while designing the product. In many cases, the actual security setup will be out of sight. For example, if you create a new workspace, OneWindow provisions a corresponding set of groups depending on the access level of that workspace.
Also, private workspaces are set up quite differently than those that have been made private. OneWindow applies the appropriate rules in each scenario, so that end users don’t have to specifically consider any additional security actions.
One thing to note is that OneWindow does allow customers to decide at rollout time if end users can create new workspaces on their own. Some clients have preferred to create a set of established workspaces and get users familiar with the product before letting people request creation of new workspaces. Other clients have chosen to allow anyone to create a collaboration workspace without additional approval.
Beyond this, however, the remainder of the OneWindow security model is baked into the application and is applied directly to the SharePoint content in the underlying Office 365 workload.
No matter what choice you end up with for your intranet solution, be sure that you’ve given careful consideration to the permissions and security settings that you’re enabling for your intranet users. If you’re building your own intranet, you should design governance policies in advance and check to be sure that your intranet settings follow these policies.
If you’re using a premade or ready-to-go intranet, some of these decisions have been already made for you based on standard best practices and are included in the product.