Microsoft OneDrive Security


With the fast adoption of Office 365 cloud platform, organizations are getting started with MS Exchange online and also achieving OneDrive environment for free. Businesses who are already working with OneDrive might face numbers of data security, governance, and compliance questions. Apart from the robust security features provided by OneDrive, the user-based activities can also put confidential data on unknown risk. The employees of the organizations put or upload the secretive documents on cloud and share them with whomsoever they want. They do not realize that these activities might affect the cloud security and hence, put an entire firm at high risk. Therefore, here we are present with an explanation of OneDrive security best practices for business as well as personal.

Researches state that 15.8% of documents in cloud storage are sensitive wherein an average 9.2% of documents are shared, even though they comprise of confidential information. In the majority of cases, it has been found that 12.9% of files are operated by every individual of the company, which in no doubt becomes one reason for data breach. The average organization keeps 6,097 documents with file name as “salary” and around 1,156 are saved with name as “password”.

OneDrive is a platform where work-related files like Word, Excel, etc., are saved in the cloud. All the enterprises around the world stores and tackles with the data, which is organized by number of industry and national regulations. It is a common practice for schools, healthcare providers, and hospitals to store information related to HIPAA-HITECH in OneDrive. This HIPAA comprises of several requirements not only for data storage purpose but, also for the physical data protection of workstation. The workstation is the one that is having data accessing rights among all the other things, and this type scenarios completely breaks OneDrive Security.

The Level 1 compliance is claimed by Microsoft with PCI DSS for the billing purpose. However, from the perspective of security concern, Microsoft itself says that clients should not make use of MS Office 365 services for transmitting or storing (cardholders) data. This means that enterprises should not store, transmit, or process cardholder information on OneDrive. Readers can consider this tip as one of the OneDrive security best practices for business.

Either it is OneDrive or OneDrive for Business, the security factors are same. It is so because security features are unique among both, with only one aim i.e., OneDrive cloud data security.

User Access Permissions and Levels: The basic practice of OneDrive security begins with allowing and disallowing the file access. OneDrive uses a permission model in which groups or users could be granted with certain set of permissions. ‘Read only’ and ‘read and write’ permissions are provided with this model. By default, only the owner is having right to access the file but, if he/she wants to permit the accessing to other persons as well then, they can do it. Here, one thing needs to be kept in mind that if something goes wrong then, it will be the result of file owner’s decision.

Preventing OneDrive Sensitive Files: Different data types are available that need extra attention for their protection. These are:

  • Financial information protected under PCI-DSS
  • Personal Health Information (PHI) protected by HIPAA-HITECH
  • Data covered under FISMA and GLBA
  • Personally Identifiable Information (PII) such as social security number
  • Enterprises need to exercise following tips and tricks to secure these kinds of OneDrive data:
  • Do not use any of the Office 365 products for saving PCI DSS regulated data.
  • Strictly restrict the external file sharing, generally for the secretive data. This will safe leaking of secretive file links as per the OneDrive security concern.

The file including confidential information should be encrypted in transmission state as well as at the rest state.
Apply the prevention rules of DLP with all possible practices for OneDrive security. This will be preventing data files from unauthorized access and create appropriate rules for remediation.
Strictly limit down the accessing from users of the off network. This can be done by whitelisting only the trusted networks.
Establish just-in-time notification for the users who are unknowingly trying to share any type of file outside the firm.
Immediately terminate the accessing of OneDrive account for the individuals who are no longer working in the organization.
Avoid sharing of files (especially, confidential) with every person of the organization. Instead, adopt the practice of sharing them with a specific set of individuals or groups who will be considered as authorized users of the file.
One of the OneDrive security best practices suggest that businesses should not save files on OneDrive that comprises of account credentials.s
This security feature is only for the organization that uses BYOD policies. These organizations should ensure that the devices connected with One Drive fulfill the requirements of security and compliance.
Measures for Workstations with One Drive Access: Any of the workstation having One Drive access that comprises of confidential information should adopt following One Drive security features:

  • Do not use the open network Wifi and establish a secure connection
  • Keep the anti-virus and malware software updated with latest versions
  • Apply strong and easy-to-remember passwords on the computers


UpSafe Office 365 Backup is a perfect tool to backup and restore your OneDrive data with 256-bit AES encryption

We work for your security

UpSafe Team