DEV Community

Cover image for Strategies to Securing Sensitive Documents in SharePoint
Bala Madhusoodhanan
Bala Madhusoodhanan

Posted on

Strategies to Securing Sensitive Documents in SharePoint

Intro:
In today's digital age, protecting sensitive information is more critical than ever. SharePoint, as a powerful collaboration and document management platform, is widely used by organizations to store and share important data. However, with great power comes great responsibility. Ensuring the security of sensitive documents in SharePoint requires a strategic approach that encompasses both administrative controls and user best practices.From implementing robust tenant-level security measures to leveraging advanced SharePoint features, we will provide you with actionable insights to safeguard your data.

Image description

Here are few examples illustrate the potential risks associated with irresponsible use of AI and large language models (LLMs), highlighting the importance of implementing robust safeguards and maintaining human oversight.

Theme Description Stories
Data Privacy Breaches There have been instances where AI tools inadvertently exposed sensitive information. For example, in 2024, a vulnerability in Microsoft 365 Copilot allowed attackers to steal users’ sensitive information through a sophisticated exploit involving prompt injection and ASCII smuggling Microsoft 365 Copilot Flaw Exposes Sensitive Information
Misinterpretation An AI system used for legal document review misinterpreted key clauses, leading to significant errors. For instance, a child protection worker in Victoria used ChatGPT to draft a report, which contained inaccuracies and downplayed risks to the child Vic Case Worker Used ChatGPT to Draft Child Protection Report
Compliance A financial institution faced regulatory scrutiny after using an AI tool that failed to comply with specific legal requirements. This incident illustrates the potential legal risks and the importance of ensuring AI tools are used in compliance with relevant regulations Robodebt Government Fights to Keep Secret Documents
Over-Reliance In a healthcare setting, over-reliance on an AI diagnostic tool led to missed diagnoses, as healthcare professionals deferred too much to the AI's judgment. This scenario highlights the risk of users becoming overly dependent on AI tools and neglecting their own expertise New York City Teacher Over-Reliance on AI Diagnostic Tool
Ethical Concerns Ethical concerns about bias and transparency arose when Meta's AI model, Galactica, generated racist and inaccurate scientific literature Meta Pulls Demo of AI Model That Writes Scientific Papers

Some Strategies:
From implementing robust tenant-level security measures to leveraging advanced SharePoint features, we will provide you with actionable insights to safeguard your data. Whether you are an admin responsible for managing your organization's SharePoint environment or a user looking to protect your documents, these strategies will help you maintain the confidentiality, integrity, and availability of your information.

Image description

Strategy Description URL
Block Co-Pilot at Tenant Level Prevent Co-Pilot from accessing any documentation based on sensitivity labels. This ensures that sensitive documents are not analyzed by Co-Pilot across the entire tenant.
But it means at enterprise level you need to enforce a policy to force user to label document when created.
Prevent completely
Block Co-Pilot at SharePoint Level Disable Co-Pilot for specific SharePoint sites, preventing it from accessing documents within those sites. This is useful for protecting sensitive information at a more granular level.
But then you need to be sharepoint admin
Set-SPOSite -Identity https://yourtenant.sharepoint.com/sites/yoursite -DisableCopilot $true
Default Sensitive Document Folder level and remove indexing Create a document folder with sensitivity labels and remove it from index search. This prevents Co-Pilot from indexing and accessing sensitive documents stored in that folder. default Label
Indexing

Best Strategy:
Image description

I couldnt replicate the second one as I do not have Sharepoint admin user role

if you implement the 3rd strategy you would get "Copilot can't generate high-quality content here"

Image description

By implementing these strategies, you can control the level of access Co-Pilot has to sensitive documents, ranging from least privilege (minimizing risk) to no control (increasing risk)

Top comments (0)