Thursday, September 10, 2015

Are the Ramifications of In-place Office 365 External Sharing Easily Comprehendible?

Theimage external sharing feature of Office 365 fosters the concept of being able to share a document with an external user from wherever the document “lives” in Office 365 SharePoint.   In other words, the feature-set does not natively encourage the separation of “Intranet content” and “Extranet content”.  I call this approach “in-place external sharing”. 

[FYI, I define Intranet content as documents, etc. that are only appropriate for internal employees to be able to access ( for example, a pre-launch product marketing strategy document).  I define Extranet content as documents, etc. that both internal employees AND external non-employees can have access to (for example, a post-launch product reseller fact sheet)].

For the average business user, is it really easily comprehendible that some documents in one of their Office 365 SharePoint document libraries are shared with external users and other documents in that same library are not?
Isn’t there a lot of room for error here given the complexity of Office 365 SharePoint and the skill-level of the average business user?

We’ve been working with companies for many years now to help them deploy on-premises SharePoint-based extranets via our SharePoint Add-in software, Extranet Collaboration Manager.  The norm for almost all of our customers is to first create a new SharePoint web application just for Extranet usage and leave the existing Intranet web application and its existing permissions as-is.  This is the most secure and foolproof way to ensure that Intranet-only content does not get mistakenly shared with external business partners.

When companies set it up this way, it is very clear to the average business user where internal-use-only content is to live, and where extranet-approved content is supposed to live.  One lives in the Intranet site(s) and the other lives in the Extranet site(s).  Everybody knows this and understands.  Its a clear line of separation.

In Office 365 SharePoint, a similar approach is technically possible, by creating distinct sites that are intended for only Intranet or only Extranet usage, but it is certainly not fostered in any way by the service.  Its up to the subscriber to decide to take this approach and make it clear to their users.  I wonder how many subscribers think through it enough to actually set things up this way?
Making it clear to the subscribers users would be much more challenging, I think, for one reason because the URLs to the different sites would not be different enough to help via a visual cue.  On-premises, a company’s Extranet URL might be something like, while their Intranet URL might be something like, making it easy for users to tell the difference.  This is possible on-premises because a distinct URL can be assigned to each of the web applications in SharePoint and IIS.  That’s not possible in Office 365 SharePoint.

I see a lot of potential security nightmares for Office 365 subscribers that choose to make heavy use of the external sharing features.  They are certainly extremely easy to use for the average business user, but do they really comprehend the ramifications of what they are doing every time they do it?   And, is in-place external sharing really a good idea for a business?

No comments: