The interesting existence of data in SharePoint Online
One of the great features of cloud computing is eliminating hardware and having instant access to applications and services wherever you may be. Many of our clients have migrated from on-premise SharePoint to SharePoint Online. Their users can access, collaborate on and share files from any browser or device. But have you ever wondered what happens to all that data being shuttled about the cloud? It turns out to be a pretty interesting story.
Why should I move to SharePoint Online?
A reason SharePoint Online is becoming an increasingly popular choice for many organizations is the native security baked in. All files that exist in SharePoint Online have built in security measures. Each file has assigned to it a unique set of keys that SharePoint Online uses to encrypt the file as the file makes the journey from device to Azure. When the file is downloaded, it leaves Azure and passes through SharePoint Online again, which again uses the unique keys to decrypt the file for the user.
This process of encryption and decryption takes place completely within SharePoint Online. While the file is stored in Azure, it merely exists there. Azure doesn’t, nor can it, decrypt files or understand customer data. Applications like Microsoft Teams and OneDrive for Business store files in SharePoint Online. Our team is often asked about the security of data stored in SharePoint, especially by folks making the leap to a cloud-based environment. What happens to files stored in SharePoint Online? Well…
SharePoint Online: Behind the Scenes
The first thing a file goes through when being stored in SharePoint Online is it’s broken down into pieces. These pieces are then themselves encrypted, again with each piece now getting its own unique key. The pieces are then flung randomly across Azure, landing in what Microsoft affectionately calls blobs. Then, the blobs themselves are also encrypted. Meanwhile, the keys to decrypting blobs and the files that comprise them are stored in the Azure Key Vault. Separately, a map is created that is used to extract files from the blobs and assemble them for download. These maps, you can probably guess, are themselves stored in a separate content database.
All of these repositories for blobs, keys and maps are stored in physically separate locations. The result is that data stored in any one place, or two places, is unusable. All of this happens with every file stored in SharePoint Online. It’s a remarkable journey that takes place millions of times every day.
Certainly this has been an abbreviated explanation of just a few of the data security measures that take place within SharePoint Online. But for many who come to Kiefer looking for help migrating to the cloud, they do so, rightly, with some trepidation about data security. There are a host of other security measures that exist in Microsoft 365 that make working in the cloud a highly secure experience. And as we find ourselves in uncertain times, knowing more about how your data is secured goes a long way toward peace of mind.