Published On: June 29, 2022

Encryption of documents in MS Teams: Part 1 – Types of encryption

How safe are collaboration platforms?

Over 25% of company data is confidential and needs to be protected

We all know the general rule that any information that is created, transmitted or stored is potentially at risk. Therefore, most security topics in the IT sector address the protection of information or data from its destruction, unauthorised or improper use.

The pandemic has accelerated digitalisation, moving more and more data entirely to the cloud, be it email communication or collaboration platforms such as Teams, SharePoint, OneDrive, etc. As email remains the most used channel for hacker attacks, many mechanisms have been diligently developed for years to protect it. But what about collaboration platforms, where thousands of files are exchanged and stored every day? These are not only textual or graphical documents, but also Office files, videos or audio files.

In this article we take a closer look at handling data in Microsoft Teams.

Confidential data at risk

Most data administered in IT systems is not confidential and can thus be stored in Microsoft Teams without any concerns. According to an analysis published by Microsoft, about 15% of all data in a company is confidential, in particular personal data, and may only be read and processed by authorised persons. A study by McAfee even indicated that around 26 % of company data stored in the public cloud is confidential.

Another 5 % of the data is deemed to be strictly confidential data. This is, for example, financial data that provides information about the economic and financial situation of the company and could be included in internal reports that are also stored in Microsoft Teams. It is of crucial importance that such data is not disclosed to third parties. Therefore, it is necessary to implement special access protection.

Protecting sensitive data poses a particular challenge for companies. To prevent data from falling into the wrong hand usually comes encryption into play. For highly confidential data, a correspondingly strict form of encryption should be used.

Types of encryption

In general, there are two basic types of encryption with Microsoft.

  • Symmetric encryption

In the case of symmetric encryption, there is exactly one key that carries out the encryption of the source data into a non-readable text. The key is a text string that is used by an algorithm to convert the source text into a non-readable text. Subsequently, the same key is used to decrypt the non-readable text again and transmit it in a readable text. Now, if the place of encryption and the place of decryption are different, this means that the key must be transferred.


  • Asymmetric encryption

Conversely, in the asymmetric procedure are used two keys. One key for encryption and another key for decryption. One key is a public key, which is generally known, and the other is a private key, which only the involved users knows. One advantage of this method is that no confidential channel needs to exist in order to transport a key.

In general, the asymmetric procedure is more complex due to the high computing effort and the implementation is slower than with the symmetric procedure. Therefore, symmetric encryption is usually used for the transmission of large volumes of data and asymmetric for smaller.


  • Hybrid encryption

A combination of both types is also possible. With this hybrid encryption, only the key is encrypted with an asymmetric method. The actual data, on the other hand, is encrypted with a symmetrical method. This has the advantage that the encryption of the data is more powerful than with an entirely asymmetric encryption. Furthermore, the encryption of the actual key offers the advantage of higher security. The hybrid method is often used in the encryption of e-mails, for example.


  • Double encryption

Another alternative is double encryption, which is basically the same as symmetric encryption. However, two different keys are used for encryption and decryption. This is done so that other parties involved in the encryption process cannot gain access to the data. One such involved party is, for example, the public cloud provider. In the case of Microsoft Teams, this is Microsoft.

Typical use cases for encryption

You can find numerous application scenarios for encryption in every medium-sized or large company. As already mentioned, a lot of confidential data is administered in the company. A typical example of this is the HR department’s personnel documents. As a rule, these always contain personal data that may only be shared with certain persons in the company. Access protection via authorisations for such documents is often difficult to handle, especially for ordinary end users. It is therefore problematic to send unprotected documents via Microsoft Teams without encrypting them.

A further scenario is involving external people in a team or project. Especially when not just one, but several externals work in a team. For example, the company, a partner company and the mutual customer. If documents intended only for the company and the partner company are to be shared via Microsoft Teams, then only the document-specific access rights can be used without encryption. This complicates the transaction unnecessarily.

A third scenario concerns data protection aspects according to the EU Data Protection Regulation (GDPR). This regulates which personal data can be shared within the company or with third parties. The encryption of files is an efficient mechanism for complying with these requirements.

These are the possible methods for encrypting documents in Teams and their advantages. In the next part, you will learn how to protect your files using sensitivity labels.

Learn how iQ.Suite 360 Document Encryption helps you protect the documents you store and share on your collaboration platforms with simple and automated encryption that every employee can use.