This article provides a security overview of the SharePoint/OneDrive integration with Showell
In this article
1. Introduction
Improve your content management workflow with Showell's SharePoint/OneDrive integration. This allows you to seamlessly sync assets to Showell, saving you time and enhancing content governance.
You can also customize your syncing process with validation and filtering options based on metadata. Sync metadata such as keywords, categories, and product types, and create custom Showell search criteria based on this information.
Ensure secure content access in Showell by granting authorization based on roles or teams. Support for multiple languages and translations is also available to cater to your global audience.
The SharePoint/OneDrive integration with Showell is designed with security as a fundamental aspect, utilizing OAuth 2.0 for secure authorization, employing strong authentication, encryption, and data handling practices. While this overview provides a comprehensive look at the security measures in place, further details can be obtained through direct contact with Showell support.
We take Technical and Organizational Measures (TOM). These include data minimization, purpose limitation, accuracy, retention time, and integrity and confidentiality to protect personal data. Compliance is ensured through strict access controls, regular security training for personnel, and stringent cloud service security standards.
More information:
- Showell's commitment to security
- Technical and Organizational Measures (TOM) for the Protection of Personal data
- Microsoft 365 Integrations: Setup Guide
2. Authentication and Authorization
Authentication between Showell and SharePoint/OneDrive is managed through OAuth 2.0, ensuring secure and streamlined access.
During the authorization process, Showell requests full access to the files that the authenticated user has access to on SharePoint/OneDrive. This allows Showell to securely sync and exchange data on behalf of the user. The obtained tokens (both access and refresh tokens) are encrypted to ensure security. These OAuth tokens enable our backend to retrieve data as the authenticated user, with limitations to prevent unauthorized actions after the initial authorization is completed.
3. Data Encryption
Data security is a top priority, and the integration uses robust encryption methods to protect data both in transit and at rest.
Data transmitted between Showell and SharePoint/OneDrive is secured using HTTPS, ensuring encrypted traffic to prevent interception. Data is encrypted using AES-256 encryption, a standard that meets industry guidelines for securing confidential information.
Encryption keys are managed according to Showell’s Encryption Key Management policy, ensuring they are periodically reviewed and upgraded as necessary.
Our server infrastructure is hosted on AWS in Europe, ensuring compliance with European data protection standards.
4. Data Handling and Privacy
The integration between Showell and SharePoint/OneDrive involves specific data handling practices to ensure privacy and compliance:
- By authorizing the connection between Showell and SharePoint/OneDrive, you, as the end user, allow the Showell server to access and read SharePoint/OneDrive data on your behalf.
- Showell does not handle any personal data
Compliance with privacy regulations such as GDPR, CCPA, and ISO 27001 is maintained. Users can exercise their data subject rights (access, rectification, deletion) by contacting Showell support.
Data minimization is practiced, processing only the minimum amount of data required for service functionality.
5. Tracking and Logging
Showell does not collect data from SharePoint/OneDrive. It only gathers tracking information within the Showell App to monitor usage and improve service quality.
Showell servers are authorized to access and sync SharePoint/OneDrive data (See point 4). Tracking information is stored within Showell's infrastructure and is accessible to authorized personnel only. This information is protected through encryption and access control measures to ensure it remains secure.
Error messages are logged with Sentry.io, helping to identify and address issues promptly without collecting personal data.
For more information on Share Analytics: analyze your shared content
6. Security Measures
Additional security measures are in place to safeguard the integration:
Regular Security Audits and Penetration Testing: Conducted in compliance with ISO 27001 standards, including regular monitoring and logging to check the effectiveness of procedures and controls. Important logs are reviewed monthly, and violations are reviewed within one business day.
Secure Development Practices: Adhered to throughout the development lifecycle.
Certifications and Standards: Compliance with standards such as ISO 27001 to ensure robust security practices.
7. Incident Response
In the event of a security breach, Showell has a comprehensive incident response plan:
- Identification: The incident is detected, reported, and verified by the Security Response Team (SRT).
- Assessment: The SRT examines the incident, logs details, evaluates risks, and categorizes the incident type.
- Response: The SRT acts to control the incident, secures evidence, and reports to law enforcement if necessary. Post-incident analysis is conducted to prevent future occurrences.
The SRT, composed of the CTO, CISO, senior management, customer support, IT, and Product Development team members, is responsible for investigating and responding to incidents. The team ensures compliance with relevant laws and conducts post-incident reviews to implement remedial actions.
8. Contact Information
If you have any questions or concerns about this security overview or the handling of your information, please contact your Showell contact person or Showell Support.
💡 Summary (TL;DR)
The integration allows seamless synchronization of SharePoint/OneDrive content with Showell, improving productivity and content management.
Authentication and Authorization:
Managed via OAuth 2.0, ensuring secure access.
Showell requests full access to files the user has access to.
Tokens are encrypted to ensure secure data exchange.
Data Encryption:
Data in transit is secured with HTTPS.
Data at rest is encrypted with AES-256.
Hosted on AWS in Europe, complying with European standards.
Data Handling and Privacy:
Showell accesses and syncs SharePoint/OneDrive data with user authorization.
Showell does not handle personal data.
Data minimization practices are in place, processing only the minimum data required for service functionality.
Complies with GDPR, CCPA, and ISO 27001.
Tracking and Logging:
Showell collects usage data within the Showell App to monitor and improve service quality, without collecting personal data from SharePoint/OneDrive.
Error messages are logged via Sentry.io, without storing personal data.
Security Measures:
Regular security audits and penetration testing.
Adherence to secure development practices and ISO 27001 standards.
Incident Response:
Comprehensive plan with identification, assessment, and response by the Security Response Team.