SharePoint remote access is not a one-off consideration. Regardless of the platform, remote access always comes with security considerations. With SharePoint being utilized in so many different environments, it is important to understand the dangers of SharePoint remote access. In addition, knowing how to combat these risks is an important milestone.
I’ve previously talked about how to Deploy SharePoint as an Extranet site. Now it is time to see what dangers you may face, and how to secure SharePoint for remote access.
SharePoint Remote Access – The Problem
The problem with SharePoint remote access is the same that plagues remote access in general: security. With more breaches happening every month, IT administrators must adopt solutions with security considerations as a top priority. Exposing SharePoint for remote access is a popular project, and the problem needs serious consideration.
Who can access What, When, and from Where?
Without thinking, what is the most clamored-for program in any organization? If you said a BYOD program, you are correct! Everyone – from end-users to administrators – wants to be able to use their existing devices to facilitate their necessary duties. BYOD programs make working much more simplistic, and require minimal training on new devices. It’s a win-win!
Except, of course, for when it comes to security. The problem with BYOD is very similar to the problem with SharePoint Remote Access: securing sensitive data and the corporate network against potential attack.
In both cases, it becomes necessary to understand just who is able to access private information on your servers, and mitigate the risk of what may be hitching a ride on that particular access scenario.
Inherent weaknesses in mobile access
Mobility is awesome. That goes without saying. Similar to the risks of BYOD programs, mobile access relies heavily on trusting the devices that end users bring to the table. In an increasingly mobile world, cell phones, tablets and other mobile devices are becoming increasingly viable as both productivity tools and attack vectors.
Malware, Viruses, Trackers – Oh My!
Think of everything that can sneak into your network from the Internet at large: viruses, rootkits, malware, and even data tracking tools that most users don’t even know how to recognize. The risk of SharePoint remote access comes from what will sneak through the open door without your knowledge.
In order to safely deploy SharePoint for remote access, it is important to understand and take steps toward preventing these issues from the front door. As with anything security related, it also helps to prepare for what happens if and when such detrimental software makes it through.
Consequently, it is important to keep one fact in mind: nothing great was ever accomplished without risk. Addressing risk is the nature of security, and mitigation is just as important as anything else.
For every risk factor that SharePoint remote access introduces, there are several practices and solutions that address them head on.
Multifactor and Contextual Authentication Solutions
In order to address risk factors directly, cyber security has turned to more evolved solutions that do not rely solely on a username and password. As the ingenuity of attackers has evolved to take advantage of scenarios similar to SharePoint remote access, the security community at large has developed many secure methods of combatting these attackers on all fronts.
A major boon in cyber security is multifactor authentication (MFA). MFA is a security notion that adopts the basic principles of Two-factor Authentication (2FA) with a larger inclusion of additional factors.
Additional Factors include:
- One-Time Password delivery
- Hardware Tokens
By adopting multifactor authentication, organizations can safely expose resources to the Internet at large without such a high risk of unauthorized access. MFA (and 2FA as well) ensures that the user that is accessing the corporate network or resources is precisely who they claim to be.
Contextual Authentication – a Risk-based Approach
For direct control over unique access scenarios, contextual authentication provides multiple options for dynamically provisioning access to extranet sites. Contextual authentication is a risk-based approach, which typically requires a client-side software installation. As a result, this approach allows an identity provider to observe the authentication scenario and determine access by analyzing various aspects of the login request.
Aspects used to establish a risk score include:
- Date and Time
- Device Type
- Wifi/Internet Security
- And more! (LINK)
Implementing risk scores for dynamic access analysis and provisioning provides organizations with direct control over access to corporate resources. Access is simply denied for requests that do not meet the preconfigured standards.
Other Best Practices
Many different factors affect security for SharePoint remote access. In addition to MFA and contextual authentication, many best practices should also be employed to establish a secure environment.
Best practices such as:
- Establishing Minimum Necessary Access Privileges
- Storing remote users in a separate repository (SQL is common)
- Limiting content that is available remotely
- Implement point-to-point encryption
- Ensuring strong security policies
While SharePoint remote access is not without its risks, that doesn’t mean it is not a viable business strategy. Therefore, it is important to be aware of these risks and address them each in turn. In doing so, deploying SharePoint remotely is a simple, and effective strategy for establishing and maintaining business growth.