OneDrive and SharePoint: How to Keep Your Files Secure?

With the adoption of new work modes (remote work, flexible offices, nomadic work), companies have massively adopted online storage tools included in collaborative work environments.

At the top of the rankings, Microsoft stands out with OneDrive and SharePoint tools. In 2025, more than 200,000 organizations and 190 million people use SharePoint for their intranets, team sites, and content management.

The popularity of these storage spaces is accompanied, however, by a risk that is often underestimated: company employees deposit a wide variety of files from multiple sources. This uncontrolled accumulation can introduce malicious content into the information system.

The danger mainly comes from opening these infected documents: some are not analyzed, or remain invisible to existing solutions such as antivirus, EPP, and EDR, directly exposing users to threats.

So how can companies ensure that their sensitive information, stored on these platforms and often shared on a large scale, remains protected against increasingly complex threats?

It is to address this issue that GLIMPS now offers a dedicated connector for securing these environments.

Learn more with Cédric Gibert, Product Director at GLIMPS.

Following the securing of corporate email through GLIMPS Email Security for M365, GLIMPS continues to extend its protection to the Microsoft ecosystem with a connector for OneDrive and SharePoint products.

It is through the significant increase in the processing capacity of the GLIMPS Malware platform that this connector has been able to see the light of day, as explained by Cédric Gibert: “At the beginning of 2024, GLIMPS Malware analyzed approximately 200,000 files per day. By the end of 2024, this figure reached 500,000, and today we plan to process up to 2 million files per day, representing a 1000% increase in just 18 months. It is this processing velocity that now allows us to address storage spaces with high volumes.”

Indeed, OneDrive and SharePoint are massively used by companies to centralize their information. In this context, a large quantity of files transits daily through these environments with minimal filtering levels.

For companies, the objective is therefore to implement cybersecurity tools capable of detecting any malicious payloads or alterations, which are file-format agnostic, and capable of absorbing such volumes.

While these platforms include native filtering, it is not, however, sufficient: “Traditional security solutions, such as antivirus, prove insufficient today to detect and neutralize modern threats. Malware is becoming increasingly complex, particularly with polymorphic malware whose signature is unique, making their detection more difficult for systems relying solely on signature-based engines.“

To address this problem, companies now use Endpoint Protection Platforms (EPP) and Endpoint Detection and Response (EDR) solutions on workstations in case an employee downloads a malicious file. Unlike traditional antivirus, these solutions analyze the behavior of events and processes occurring on the machine. Through this analysis, abnormal behaviors such as unauthorized execution attempts or suspicious processes are detected.

Unfortunately, as is often the case, cybercriminals’ adoption of evasion strategies allows certain malware to bypass these mechanisms by integrating, for example, into processes already authorized by EDR, making their detection more complex. When these protection mechanisms are circumvented, compromise becomes difficult to prevent.

A striking example is the Babuk variant, a ransomware that recently managed to bypass the protection of certain EDR solutions.

A phenomenon far from being an isolated case, as shown by a study conducted by the CISA (Cybersecurity and Infrastructure Security Agency). The latter showed that 12 ransomware variants managed to bypass EDR in 2024. These ransomware variants use various advanced evasion techniques, which illustrates the difficulty of maintaining a high level of security, even with sophisticated detection systems.

This situation reminds us that, despite a high detection rate, the security of IT environments is never guaranteed 100%. While EDR remains a robust solution, it must be complemented in order to avoid blind spots.

It is precisely to address this issue that GLIMPS Malware positions itself as a complementary tool.

The solution stands out for its ability to detect threats even when they are difficult to spot with traditional tools.

Detection of Advanced, Unknown and Polymorphic Threats

GLIMPS examines in depth the documents present on these storage spaces through static analysis and the Deep File Inspection mechanism. This approach makes it possible to identify polymorphic or latent malware hidden in apparently harmless files, such as PDFs or compressed archives.

Seamless Integration Through API

Another major advantage of GLIMPS Malware lies in its ability to integrate seamlessly into the Microsoft ecosystem. Indeed, thanks to its API connection, the GLIMPS connector for OneDrive and SharePoint works in the background without disrupting the user experience. Files are scanned in real-time with each modification or addition, and any suspicious document is immediately quarantined.

SI administrators can then consult a detailed report in GLIMPS Malware Expert, analyze the threat, and then decide whether to restore the file while placing it on a whitelist if it is deemed legitimate.

Analysis in Just a Few Seconds

The platform stands out for its speed of analysis. While some traditional solutions take considerable time to analyze large volumes of data, GLIMPS Malware is able to process files in just a few seconds. A processing time compatible with a fluid user experience, particularly in spaces like OneDrive and SharePoint, where data volume continues to increase.

By integrating GLIMPS into their cybersecurity strategy, companies can effectively protect OneDrive and SharePoint against a wide range of threats while maintaining optimized performance.