Using SysKit Point to fulfill legal and compliance requirements
Office 365, and in particular SharePoint Online, has historically been central to storage for unstructured data, which is at the same time the main repository of private data, that is difficult to control. While some companies will curse Office 365 and SharePoint for that data, with a few simple steps and tools, they can make SharePoint Online help them in the identification and removal of GDPR-relevant data.
Personal data and information that is stored in system fields of SharePoint lists and SharePoint libraries, as well as permissions and user actions, have been proven to be more difficult to identify and/or remove. We need to identify all the content that a user has permissions to, has been working on, and all the actions that the user has been performing. Or, we need to identify who has accessed the personal data of a user and if that data has been leaked. When using only Office 365 / SharePoint Online native tools, this is difficult – and often impossible – to achieve.
This is where SysKit Point can help: with a number of reports, targeted to discover and identify personal data, and with a powerful audit log analyzer, it is fairly easy to achieve the required level of compliance and get all the necessary reports.
We can see at a glance what permissions a user has – on the site collection level, on a list, or even on every single document or list item. We can audit user actions and see which documents the specific user has been accessing. In the same way, we can audit which users have had access to a specific document or one with sensitive information. All this does not take more than a few clicks.
If we think about ISO Certificates, companies will want to review the information security system on an on-going basis, and with SysKit Point they can automate those activities, and in that way support and automate the procedure implementation. They can review tenant security changes, track high-risk activities, perform regular reviews of users and administrators, track the activities and content that has been shared with them, and way more.
How can SysKit Point help?
By using SysKit Point, companies can easily configure and run the following Office 365 reports, which provide the comprehensive information needed to fulfill the legal and compliance requirements.
- Permissions report for one selected user
This report will perform a full user screening, providing the answer on which content the user has permissions.
- Permission matrix for one selected SharePoint Site or Teams Site
When a lot of direct sharing and permissions breaking take place, it is important to have an overview of who exactly has which permissions on one Office 365 site, regardless if its SharePoint or Teams. This report provides a comprehensive yet easy-to-read and understand matrix with that information.
- Unique permissions over one selected site
This report provides information about unique permissions within a Teams or SharePoint site – those are the permissions that are different from the main permissions on that site.
- Group memberships overview for all sites
This report provides comprehensive information about the membership of the groups used on a site, regardless if those are SharePoint Groups, Office 365 groups or Security groups. The mixture of those three types of groups having permissions on one Office 365 site can be very confusing – this report sheds light on that confusion.
- Security Auditing report for one selected SharePoint site
This report, based on the analysis of audit logs, gives comprehensive information on all security-relevant activity that happens with a SharePoint site: sharing, permission changes, bulk downloads, etc.
- Security and Activity Auditing report for a group or team
Similar to the SharePoint Site, the Office 365 security audit report can be performed on a Microsoft Teams or Office 365 Groups generated site. The output information is similar, companies will have comprehensive information on all security-relevant events. It can also provide a comprehensive activity report for a selected team or group, and thus help companies trace and reproduce content-relevant actions.
- Activity Auditing report for one selected SharePoint site
It is often needed to discover if a document, folder or library has been deleted or edited, who has deleted it and when. The auditing report for the SharePoint Activity answers those questions and provides comprehensive insights into the site activity.
- Externally shared content for one SharePoint Site or Team
Within SharePoint and Teams sites it is not possible to get a comprehensive view of which content has been shared externally, with whom, by whom, and if there are any anonymous sharing links. SysKit Point provides this report, which is often necessary for providing required insights.
Be in the know if your data is leaking: Using SysKit Point as an Office 365 auditing tool
We don’t think about problems until they happen to us. Data leakage? Unauthorized access? It’s usually not our problem – until it is.
There is a number of potentially dangerous data leakage and unauthorized access scenarios in Office 365 and SharePoint Online. Especially since sharing has been made very easy, companies are losing a grasp on who has shared what, with whom, and which users – external and internal – can access sensitive content. Early warning mechanisms – for example, when employees who downloaded a bulk of sensitive data just before leaving the company – are seldom considered in companies, and even more seldom implemented.
But, it doesn’t have to be that difficult and painful. SysKit Point has been created from scratch with forensics in mind. When implemented and configured properly, SysKit Point will help companies set up forensics and early warning procedures in the main fields:
Controlling and auditing Office 365 guest users and externally shared content
Since it has become very easy to add Office 365 guest users to your content and to share content with a number of known or unknown Office 365 guest users, SysKit Point can help companies easily get a grip on this. With only a few clicks you can find out which Office 365 files – regardless if it’s from SharePoint, Microsoft Teams or OneDrive – have been shared with Office 365 guest users and who has shared them. If someone has created sharing links, you can also easily find that out.
Security-relevant Office 365 activity auditing for Office 365 internal and guest users
Sometimes it is important to recreate a user’s steps and determine what a specific Office 365 user has been doing with the content. That can be content-related actions, such as open, read, edit or delete, or security-related actions such as content permissions changes. These are the situations when companies want to find out who has been given permissions to sensitive data to guest users, or if an employee who is leaving the company has downloaded hundreds of documents – everyone hopes that it will never be needed, but it hurts when it happens, and if there are no tools and methods in place that can provide that info. This is where SysKit Point helps: all of this information can be retrieved within a few mouse clicks.
Permission and admin role changes
A very important aspect of data and access forensics is knowing when admin privileges and content permissions change. This is crucial security information for every company: who are the admins, on which levels? Who has promoted them to admins, and when? Did those admins change any content permissions, and if yes, then when?
All of this is easily achievable with SysKit Point. When configured properly, it is the ultimate governance platform for companies to be in-the-know, to keep in control, and to provide evidence for any security-relevant situations on top of Office 365.
How can SysKit Point help?
By using SysKit Point, companies can easily configure and run the following reports, which provide comprehensive information needed to fulfill all forensics requirements.
- List of all Office 365 guest users in all sites and teams
Providing a comprehensive view of all Office 365 guest users in SharePoint or Teams sites is a crucial requirement for any security screening. SysKit Point provides this report with one click.
- Overview of all externally shared content in SharePoint and Teams sites
Companies want to have a comprehensive overview of the content which has been externally shared, and SysKit Point can deliver that within a few clicks.
- Overview of user access for Office 365 guest users
Companies typically want to review the access rights for Office 365 guest users, and SysKit Point delivers a comprehensive report on which content Office 365 guest users have access to, who has shared that content with them, and when the content has been shared.
- Security-relevant activity auditing for one or more Office 365 guest and internal users
Companies typically want to review the audit trace of Office 365 guest (and internal) users – what content they have been working on, what did they download or delete. SysKit Point can provide a complete Office 365 audit trace for a user, regardless of external or internal, which helps companies detect and prove potential leaks and problems.
- Security-relevant Office 365 activity auditing for one or more SharePoint and Team Sites, and personal OneDrives
Companies want to perform an Office 365 security audit of a SharePoint or Teams site, or even a personal OneDrive, to prove and evaluate security-relevant activities such as file sharing, content downloads, or content deletions. SysKit Point delivers a comprehensive report which helps achieve that.
- Document Sharing in SharePoint and Team Sites and OneDrives
Companies will want to know for which content (documents, folders, libraries) an anonymous sharing link has been created. SysKit Point provides a comprehensive report which offers that information at a glance.
- Permission and security changes in SharePoint and Teams sites
Companies will want to know when content permissions change – when one admin or privileged user gives access to content to other users or groups. SysKit Point provides a comprehensive report based on audit logs, where all the permission and Office 365 security changes are visible.
Enabling transparency: SysKit Point will tell you what is going on with an Office 365 analytics report
While SysKit Point excels in tasks of compliance and legal regulations on top of Office 365, and forensics on Office 365 data and user actions, most companies are using it without “outside pressure”, just to enable transparency, and to be in-the-know.
Why is it important? SysKit Point gives companies answers on some crucial questions:
- Which content is used, and which is not? The answer to this question can help companies improve their Intranets and focus on what is important.
- Which users are active, and which are not? The answer helps companies promote champions and increase Office 365 adoption.
- Which content is orphaned or dead? The issue of orphaned content happens when people who have created it have left the company, and nobody else has received effective access to that content.
- Which content is being shared with the outside world? The answer to this question can help companies better understand how their employees are working with partners and customers.
Office 365 adoption is one of the major topics with each Office 365 implementation. When companies understand their content and their users, it’s easier for them to emphasize content which is being used and improve content which isn’t. When they know the behavior of their users, they can easily tailor the content and internal procedures to accommodate that behavior.
Of course, Office 365 governance is an important piece of that puzzle. The content that is stored in Office 365 – in SharePoint Online, in Teams, in OneDrive – will grow, and it is very important to prevent something that used to be called “SharePlosion” back in the SharePoint Server times. Now we could maybe call it something like “SharePointTeamsOneDrivePlosion”. The collaboration world is becoming more and more complex, but the challenges remain the same: companies need to know which content they own, who is using it and how, how it is being used, and to correct the anomalies and potentially dangerous situations during that use.
By using SysKit Point, companies have one, ultimate, company-wide platform to do exactly that.
How can SysKit Point help?
By using SysKit Point, companies can easily configure and run the following reports, which provide comprehensive insights into content, users and usage:
- The most accessed content in a SharePoint or Teams site
Using the Audit Log-based reports that SysKit Point provides, companies can analyze content usage in their SharePoint and Teams sites and based on that optimize or improve the content, which leads to increased Office 365 adoption.
- The most active Office 365 users in a SharePoint or Teams site
SysKit Point also provides information about the most active users, based on the Audit Logs. In that way, companies can analyze user behavior, promote users to champions, and in that way support user adoption.
Externally shared content in a SharePoint Teams site and its usage
One of the key points for companies in understanding how they work with external partners and contractors is knowing which content has been shared with external partners, and how it is used. SysKit Point can, by combining the external sharing and guest user activity reports, help companies get an insight into their work with external partners.
- Group membership in SharePoint Sites or Teams
With different types of groups that are present when using Office 365, Teams and SharePoint Online, it is sometimes difficult for companies to have full insights in site users and their activities. SysKit Point provides comprehensive and simple-to-use reports with that information presented at a glance.
- Orphaned files and libraries
Orphaned content is considered as content that nobody has access to. This usually happens when users leave the company, or when they are removed from the system for another reason. Such content cannot be identified directly from Teams or SharePoint Online, but it can be easily detected with SysKit Point, which provides a range of reports that help companies in that regard.