Posted on April 19, 2022 by Dan May
For companies switching to a hybrid workplace, with remote and office-based staff, using a software like OneDrive or SharePoint is a simple solution! This is also true if you’re looking to save files in a location other than on desktops.
For those with initial reservations that their files won’t be as safe online as they are on a computer, ramsac has created this blog to help reassure you, as well as provide answers on encryption in OneDrive.
What is encryption?
Encryption is the jumbling up of a document’s content to protect it from anyone who isn’t supposed to see it. You’ll use encryption on a daily basis, whether it’s on WhatsApp when you send a message to someone, or when you use a password protected file.
Encryption started back around the year 100 BC, in Egypt, with the Caesar cipher. It has developed over the years to the advanced technology we use now, whether it’s encrypting our internet connection or a phone line.
How does encryption work with OneDrive?
When a file is uploaded to OneDrive it gets encrypted, both when you change the file location or share the file, and when it’s sitting happily in its folder. These are called data in transit and data at rest, and both are approached separately.
Data at rest encryption in OneDrive
Data at rest is when a file is sat in a folder, saved in OneDrive, not moving around. Microsoft uses a ‘key’ to lock down that file and keep it safe. People who have access to that file are the only ones who have a ‘key’.
In encryption, a ‘key’ means you can access a file legally and see the correct version of documents inside.
If someone tried to ‘break in’ to your document, they’d see a jumbled-up version and wouldn’t be able to use the information within. Like if someone broke into your home, they wouldn’t know where to go or what to look for, and there would be a mess from a broken window or similar.
Microsoft uses an AES 256 key for every file at rest within OneDrive. An AES (Advanced Encryption Standard) 256 key has 256 bits (a bit can be thought of as one character, or one single element) and goes through 14 rounds of security to secure it. So far, the best performing attack only managed to get through 9 rounds on AES 256 before it could get no further.
Data in transit encryption in OneDrive
When data is moving around is when it’s most at risk. Microsoft uses TLS to secure data that’s moving around.
TLS stands for Transport Layer Security.
But what does this encryption protocol do?
TLS helps to protect data as it moves around through a series of ‘handshakes’. ‘Handshakes’ mean that the person sending the data and person receiving the data are in an understanding. Like when you give someone a handshake in real life to agree something or to greet someone, data in transit does the same thing.
What happens with data in transit is that the computer sending the data extends a hand with a secure key on it, and the computer receiving that information has the perfect lock for that key. If these two hands don’t align, the person sending the data won’t be able to do so, and the handshake doesn’t happen.
How can companies use OneDrive safely?
There are many ways companies can use OneDrive safely. Depending on the size of your company, you may want some staff to see more documents than others, or you may want to restrict access to documents on a user-by-user basis. Some simple tips to keep your OneDrive secure are:
- Only share documents with email addresses or people you know. If someone requests access to a document and you are not sure who they are, question it. It’s better to ask than to allow someone access to confidential information.
- Create user groups in OneDrive who have different levels of access. Rather than giving everyone access to everything, create user groups that allow access on a folder basis rather than a whole area basis.
- Practice good folder hygiene. Ensure that people only save in relevant folders, and regularly clean up folders to ensure that every file is where it should be. This way it’s easy to find stray files that could pose a security risk.
If you want assistance in creating a OneDrive system that benefits your business, get in touch with ramsac. We’re experts in Microsoft and our jargon-free support means that everyone in your company can understand their IT.
