Our use of cookies

We use cookies to tailor your experience, gather analytics, and provide you with live assitance. By clicking "Accept" or continuing to browse our site you agree to the use of cookies. For more details please read our Cookie Policy.

How secure is your data in SharePoint On-Premise vs Online?

Over the past two decades, Microsoft has made SharePoint one of the most powerful enterprise content management and team collaboration platform available in the market loaded with massive functionality and state of the art security. Data protection and security plays a key role in deciding which variant of SharePoint to go with especially for organizations with critical compliance and governance regulations.

This brings up the question, how secure is your data in SharePoint On-Premises and Online? This article will help you in analyzing the security and data protection features available in SharePoint On-Premise and Online in terms of authentication types, disaster recovery etc.

AxioWorks SQList allows you to export SharePoint lists & libraries as normalised SQL Server tables, and build powerful reports on SharePoint data using SSRS, Crystal Reports, Power BI, on an other reporting tool.

Authentication Types

SharePoint On-Premise

SharePoint On-Premises provides support for all the major authentications types

Claim-Based Authentication

It is the default authentication mode which uses Claim based identity technologies and infrastructure for authenticating user identity. Instead of User credentials, a security token is used for authenticating which contains user information through a set of claims. It is built on Windows identity foundation (WIF) and works within windows environment and doesn’t integrate with third-party authentication providers.
In order to use this, SharePoint converts all the user accounts into claim identities which generates a claims token. The claims token includes all the information pertaining to user and can be augmented as well in order to add additional claims

Forms-based authentication

Forms-based authentication (FBA) allows the customer to implement their own authentication mechanism which enables them to authenticate non-Active directory (external users) and expose their intranet portal to outside world. It provides custom identity management in SharePoint by implementing a membership provider, which defines interfaces for identifying and authenticating individual users, and a role manager, which defines interfaces for grouping individual users into logical groups or roles. The provisioning of FBA requires a web application with a site collection in SharePoint farm and a membership database for storing user information.

SAML token-based authentication.

It is a type of claims based authentication called SAML claims mode in which SharePoint accepts SAML tokens from a trusted external Security Token Provider (STS). It is commonly used with Single Sign-On (SSO). A user who tries to access a secured webpage is redirected to the external login page of the STS provider, the STS is responsible for authenticating the user and producing the SAML token, SharePoint accepts and processes the SAML token and creates a claims based security token. If you use Active Directory Federation Services (AD FS) 2.0, you have a SAML token-based authentication environment.

Windows Classic Mode Authentication

This is an AD based authentication in which windows credentials are used. This authentication mode was deprecated in 2013 and is no longer supported in SharePoint 2013, 2016 and 2019.

SharePoint online

Single Sign-On with Active Directory

SharePoint Online enables organizations to use their existing authentication setup eg. Active Directory as a mode of authentication for Office 365. By default, SharePoint Online uses Azure AD for authentication and each tenant has their own Azure AD. There are two variants available.

Synchronized identities

This provides synchronizing the accounts in Azure AD and your on-premises AD. Users has given an option to sync passwords as well or use different passwords for both AD. This is an easy and no frills attached setup which doesn’t require any additional settings at Customer’s end.

Federated identities

This allows users to authenticate against the organization On Premises Active directory and requires hosted identity provider to setup. When user tries to login to SharePoint Online, then they are redirected to the login page of your identity provider eg. ADFS which takes care of authentication. Successful authentication then takes user to the SharePoint Online. This is usually a preferred option since it provides seamless integration of SharePoint Online and Internal Active directory however, it does require setting up identity provider in your internal AD.

Multi-factor Authentication

Considered as the most secured authentication mode, SharePoint Online allows setting up Azure Multifactor authentication which requires an additional security item for login along with user credentials. This security item is usually a code generated via text or phone call or some other security device. Login requires both user credentials along with the code generated by the security device.

Disaster Recovery Strategy

It is a way to recover your SharePoint farm from a disaster which makes your farm unusable and defining key parameters of how much time it takes to recover to minimize down time and to what point in time can it be recovered to minimize loss of data. Both SharePoint On-Premises and Online provides various data recovery options in order to the meet the clients Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

SharePoint On-Premises

Standby data center recovery options

This option requires a redundant secondary SharePoint farm at a separate data centers which is used in case of a disaster in the primary data center. There are three types of Standby based on time required for farm availability.

Hot Standby

This is the fastest recovery option available which requires seconds or at most minutes to make the farm available. A failover SharePoint farm is pre-setup in a secondary data center and both data centers continue to run simultaneously and stays up to date but only one serves requests at any time. All the customizations are deployed to both farms and asynchronous mirroring is used for synchronizing SharePoint content databases in both farms. This allows standby farm to be switched on as a production farm as soon as the primary farm goes down.

Warm standby

The strategy is slower than hot standby strategy since it requires minutes or hours to provide availability. This strategy requires setting up a duplicate farm in a separate datacenter and is kept up to date by restoring backups of primary farm frequently. This options allows customers to use virtualization by using Hyper-V to setup a cost effective disaster recovery solution or use Azure Site recovery for hosted disaster recovery and save on infrastructure.

Cold Standby

It is the slowest is recovery strategy which takes from hours to days to provide availability for usage. In this strategy, a new farm has to be setup from scratch in a separate datacenter and then restoring backups either manually or using an automated backup and restore solution like Data Protection Manager. The time depends on your rental contract and the complexity of your farm i.e. a single server farm will be restored a lot faster than a farm with multiple WFE’s and Application Servers.

Azure Site Recovery (ASR)

The standby data recovery options works well but it requires some manual intervention or standby farm setup however if your organization wants an automated disaster recovery strategy and eliminate the cost of additional standby infrastructure then azure site recovery provides is the best way to go. The way ASR works is it creates snapshots of your SharePoint farm environment which can either be a virtual setup or physical servers. Snapshots are created as virtual machines which are available via failure on demand so, when your production environment goes down then they spun up and instantly makes your farm available. In order for it work, all the components of your farm including Active directory and DNS must be protected by ASR as well. This will allow you to recover not just SharePoint but your entire Application stack just by one click.

SharePoint Online

The disaster recovery strategy lies with Microsoft as they perform regular backups of customer data. Microsoft promises 99.9% availability of SharePoint Online and all of its services. However this only tells us about the speed of services availability and usability but what about the data loss which might happen in case of a disaster.

Data Protection from Human Error

Ultimately, the most common cause of data loss lies with the handling of data by humans who are prone to making mistakes by deleting something unintentionally. Sure, restoring a backup can always get back your data but this is by far the most expensive option and there are easier options available in both On-Premises and online for data protection in case of human error.

SharePoint On-Premises

There are options available for safe guarding your data from human errors at several granular level. Document deletion can be protected by using SharePoint versioning and SharePoint recycle bin which allows you to restore your file/item. SharePoint permissions can also be setup to item level to avoid deletion as well. There is also a new feature available in SharePoint 2016 called data loss prevention (DLP) policy which allows you defined policies and identify, monitor, and automatically protect sensitive information across your site collections. This is a great tool to solidify your SharePoint governance and there are several templates with predefined policies available for you to setup.

SharePoint Online

SharePoint Online also provides primary ways of data protection like document versioning to keep older versions of document safe and recycle bins at different levels to safeguard against document or item deletion. First level is User recycle bin where deleted item lasts for 93 days and afterwards moved to site collection recycle bin. However, if someone deleted an entire site collections, then Microsoft will come to the rescue and will help you to restore the site with content. To further safeguard against data loss, there are several cloud to cloud 3rd party tools available which can help you to keep your data safe at an additional cost by synching your SharePoint Online content at a backup location allowing you restore from site collection all the way to item level granularity.

Final Verdict

So, which version provides better data protection SharePoint On-Premises or Online? Well Microsoft understands the ever growing demand of better data protection of their customers and therefore with each new version of SharePoint has improved the data protection architecture. SharePoint On-Premises gives customers a complete control over their farm to setup an authentication mode that integrates well in their existing infrastructure and serves their security needs and at the same time various disaster recovery options with the best being ASR. New features like DLP policies makes data loss protection effortless and automated. With SharePoint Online, Microsoft provides multi-factor authentication mode which is considered as the safest option for security, disaster recovery is the responsibility of Microsoft with a promise of 99.9% uptime and various options are available for data loss protection including 3rd party cloud migration tools.


Latest articles

AxioWorks Newsletter September 2023: An exhilarating month.

30 Sep 2023

Hello Reader, September has been a bustling and exhilarating month for us at AxioWorks, filled with advancements, collaborations, and a whole lot of […]
[read article]

The Collaborative Pathway: Bridging Minds in the AI Ecosystem

19 Sep 2023

In recent days, I found myself immersed in an enlightening conversation with a friend, a fellow entrepreneur steering his ship in the vast sea of […]
[read article]

AxioWorks Newsletter August 2023: A month of milestones and innovation.

28 Aug 2023

Hello Reader, September seems to be a month of unexpected milestones and continued innovations at AxioWorks. As the summer wanes and the autumn […]
[read article]

Use Graph API in Power Automate to read large Excel files from SharePoint

28 Aug 2023

Power Automate, a part of Microsoft’s suite of tools, is increasingly becoming a preferred choice for automating workflows and business […]
[read article]

From Punch Cards to Python: Still Hitting the Keys in my 50s

16 Aug 2023

I spent the entire weekend writing code, not because of deadlines to meet or million-pound dreams, but for the kick that I still get from doing it. […]
[read article]

AxioWorks Newsletter July 2023: Unveiling AxioWorks’s latest successes and exciting innovations

27 Jul 2023

Hello Reader, We hope this monthly update finds you in good spirits. As always, we are eager to share the latest developments and exciting ventures […]
[read article]

AI and Data: The Symbiosis of Interaction and Accuracy

13 Jul 2023

Artificial Intelligence (AI) has rapidly emerged as a revolutionary technology that fundamentally alters the nature of human-machine interactions. […]
[read article]

AxioWorks Newsletter June 2023: SQList v8 Release, Webinars, and New Product Development

30 Jun 2023

Hello Reader, Greetings to all our valued customers and subscribers! We are thrilled to share some exciting updates and developments with you in this […]
[read article]

Safeguarding Secrets with Secure Strings and Environment Variables in the Power Platform

26 Jun 2023

In today’s interconnected digital landscape, safeguarding sensitive information and maintaining robust security measures is of paramount […]
[read article]

Case study: Streamlining Medical Trial Data Analysis in the Pharmaceutical industry

15 Jun 2023

In the ever-evolving landscape of the pharmaceutical industry, conducting medical trials and analysing the resulting data are critical for the […]
[read article]

Get SharePoint and SQL news to your inbox

Stay up-to-date with industry news and trends, SQL and SharePoint innovations and all the latest from AxioWorks by subscribing to our monthly newsletter.

Subscribe to the AxioWorks newsletter