Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session

X

SharePoint vs. SharePoint Online: Full Comparison

Data Security

illustration of desktop and sharepoint processes working together

SharePoint is a workplace collaboration system built by Microsoft and used for file sharing in Office 365, document management, messaging, and for its ability to produce statistics on how business systems are being used. SharePoint has been deployed on-premises in many companies for almost two decades now. The cloud-based version of SharePoint, called SharePoint Online, was released in 2011, but not every company has yet migrated their document sharing to the cloud.

Both SharePoint and SharePoint online are great systems for collaboration, streamlining data management, and increasing efficiency. However, there are differences between SharePoint on-premises vs. SharePoint Online, and which model you choose to use will depend on the needs of your business.

In this guide, we’ll take a look at the key differences between on-premises implementations of SharePoint vs. the cloud-based SharePoint Online. After a quick reminder of how both systems work, we’ll show you which factors you need to consider when choosing a SharePoint deployment model, and then explain the cybersecurity implications of various different models and how Varonis can help you secure your SharePoint system.

What is SharePoint? A Quick Review

illustration of collaboration tool producing statistics

Let’s begin with a quick reminder of what SharePoint is, what it does, and how companies have used it historically. The platform was first released way back in 2001 and has gone through seven versions since then. SharePoint 2019 is the most recent version, but plenty of companies still use legacy SharePoint implementations going back to the 2013 version:

  • SharePoint 2013 is, in fact, still the most popular SharePoint version for businesses, largely because Microsoft have promised to provide extended support for this version until 2023.
  • SharePoint 2016 added many new features, but most of these were focused on developers, with few user-side improvements. As a result, this version of SharePoint is not popular among businesses.
  • SharePoint 2019, the most recent version of the platform, is an attempt to modernize SharePoint. The 2019 version comes with a reworked design of key components, and some functionality that was originally developed for SharePoint  Online.

For businesses setting up an on-premises SharePoint platform, SharePoint 2019 will be the obvious choice. It offers flexible ways of managing documents and data and provides a ready-to-use mobile application.

Key Characteristics

Beyond this general description, on-premises implementations of SharePoint can be characterized according to a number of key elements and considerations.

  • Farm-based Architecture. In order to run SharePoint on-premises, organizations will need to invest in a server farm: a collection of servers that host the SharePoint platform. The size and composition of this farm will depend on the needs of your business, but will typically represent the largest up-front cost in deploying SharePoint in-house.
  • Licensing Models. Instances of on-premises SharePoint are licensed according to a Server / CAL (Client Access License) model. Companies will need a server license for each software instance of SharePoint, and CALs are needed for every user accessing the server. The advantage of this model is that organizations only need to buy a license once, so as your SharePoint system expands you will only need to cover the cost of extra licenses.
  • Customization. On-premises implementations of SharePoint are highly customizable. SharePoint is best thought of as a set of tools rather than a ready-made system, and so organizations can use SharePoint to build many different types of collaborative environment: project management systems, intranets, customer portals, or simply document sharing and management systems.
  • Security. Because of the wide range of ways in which SharePoint is deployed on-premises, different implementations vary widely when it comes to security. Some companies prefer to store their data in-house, believing that this gives them greater control over it, but in truth, whether this is the case depends on the skills and experience of the administrator of the system.
  • Maintenance. All on-premises implementations of SharePoint require ongoing maintenance. Some organizations choose to handle this in-house; others make use of SharePoint consultants to handle user requests, security upgrades, audit metrics, and roll out new features.
  • Migration. Every use of SharePoint has, or should have a predefined lifecycle. This means that on-premises instances of SharePoint have to be migrated to new versions of the platform as support is removed for legacy versions. There are a number of tools available that can make these migration processes easier, safer, and more efficient, but none of them cover the entire migration process or the sheer range of ways in which SharePoint is used. Migration, therefore, remains one of the most difficult aspects of using on-premises SharePoint.

What is SharePoint Online? Quick Review

illustration of an employee using the cloud to access SharePoint online

SharePoint Online is the cloud version of SharePoint and was originally designed to replicate on-premises versions of SharePoint. Since 2011, when SharePoint Online was released, the two systems have diverged significantly. This includes the licensing models used for each system, as well as the approach to customization.

One of the most important differences between SharePoint Online and on-premises implementations of SharePoint is that the cloud version of SharePoint uses a subscription model. At the moment, organizations can choose between three types of subscription for SharePoint Online:

  • SharePoint Online as a discrete app. You can use SharePoint Online as a standalone app, and pay a subscription for each user per month. Some of these plans also include unlimited OneDrive file storage, and content management capabilities.
  • As part of Office 365. SharePoint Online comes packaged with many versions of Office 365, though it does not come with Office 365 Business or Office ProPlus. In Office 365, SharePoint Online comes as part of multiple collaboration tools such as Outlook.
  • As part of Microsoft 365. Microsoft 365 is a subscription service that combines Office 365, Windows 10, and numerous Enterprise and security tools. SharePoint Online is included in every enterprise-level Microsoft 365 plan.

These subscription models are very attractive for many companies because they avoid the initial cost of setting up a server farm. On the other hand, since all of these subscriptions need to be paid monthly, the cost of licenses recurs. This leads to a constantly increasing cost to use SharePoint Online which can eventually overtake the one-time cost of implementing SharePoint on-premises.

Key Characteristics

There are several key characteristics of SharePoint Online that differentiate it from on-premises implementations of SharePoint.

  • Ownership models. Unlike on-premises instances of SharePoint, SharePoint Online is hosted by Microsoft. This ensures that the platform is available globally, but also means that the platform as a whole is owned by Microsoft. This said each subscriber owns the SharePoint Online solutions that they build.
  • Frequent updates. SharePoint Online now receives software updates before any other version of SharePoint, and this means that SharePoint Online offers features that on-premises SharePoint cannot.
  • Customization. Although Microsoft has tried to retain the customizability of SharePoint in SharePoint Online, in reality, it is not as adaptable as on-premises instances. Microsoft themselves caution SharePoint Online users to be careful when customizing their solutions because over-customization can lead to performance issues.
  • Maintenance. Because SharePoint Online is completely cloud-based, Microsoft takes responsibility for the maintenance of this system. This has advantages and disadvantages. On the one hand, it can dramatically reduce the time (and cost) that companies dedicate to the maintenance of their SharePoint platform. On the other hand, companies must accept the updates pushed out by Microsoft, even where these cause problems with their SharePoint infrastructure. In addition, Microsoft’s maintenance cannot replace everything that needs to be done to keep a SharePoint Online platform secure, so organizations will still have to remain vigilant even if they opt for a cloud model.

As you can see, SharePoint Online differs from on-premises implementations of SharePoint in many ways. Companies must therefore carefully consider their needs (and budgets) before deciding which model of SharePoint to use. In the next section, we’ll go into more detail about which factors to consider.

Differences Between SharePoint Online and SharePoint

illustrations of cost, training and security

There are many differences between on-premises versions of SharePoint and SharePoint Online, but the key considerations for most businesses – whether they are choosing a new SharePoint model or looking to migrate to SharePoint Online – can be summed up as follows:

Cost

For most organizations, the key difference between the two models will be one of cost. Implementing a new, on-premise version of SharePoint comes with a significant, one-off, capital cost to buy the hardware and software necessary to run their own server farm. After this point, however, licensing costs are minimal. SharePoint Online requires little to no up-front investment, but because of its subscription model licensing costs will continually increase.

Permissions Considerations

SharePoint permissions are a continual source of trouble for SharePoint administrators, which is one reason why we’ve previously shared articles on the best practices for SharePoint permissioning, and published a cheat sheet for managing permissions in SharePoint.

When it comes to permissioning, the primary difference between on-premises SharePoint and SharePoint Online is due to the level of customization available to admins. When using SharePoint Online, you will likely be limited to the permissions and roles that Microsoft has designed. These will be sufficient for most organizations, but if you require a finer level of control over user permissions, you can opt for a customized, on-premises version of SharePoint.

Necessary Training

The level of training that employees will require in order to use either on-premises SharePoint or SharePoint Online will depend on the complexity of the platform you intend to build. Either system is fairly easy to use for employees, but the extra security vulnerability of cloud storage solutions – which we will cover shortly – means that migrating to SharePoint Online may necessitate that staff be given extra training.

Security

There are a number of competing opinions when it comes to comparing the security of on-premises SharePoint vs. SharePoint Online.

Some organizations, and some system admins, will claim that by keeping data in-house, they are able to control it better. It is true that on-premises instances of SharePoint typically allow a greater level of oversight and control over data. However, the security of these systems is totally dependent on the knowledge, skills, and work of in-house employees, and so companies will need to hire staff with the necessary skills to ensure security. Others claim that because SharePoint Online is managed centrally by Microsoft, and because Microsoft has highly skilled security staff working for them, this cloud model will always be more secure than in-house systems.

For most organizations, which of these competing claims is true will depend entirely on the level of expertise available to you. If you have – or can afford – highly skilled cybersecurity staff, then on-premises SharePoint may be more secure. Given the difficulty and cost of hiring these staff, however, the majority of businesses will decide that SharePoint Online, coupled with advanced security software like Varonis, will be the more secure option.

Data Storage

Another key difference between SharePoint Online and on-premises versions of SharePoint is the amount of storage available in each system. On-premises instances of SharePoint can (theoretically) support an unlimited amount of storage, as long as companies can afford the hardware required. SharePoint Online subscriptions, in contrast, have limited data storage capabilities. Microsoft has set a limit at 10 GB per subscription, plus 500 MB for each user, and an overall maximum of 25 GB for most plans.

SharePoint Online’s storage limit will be more than sufficient for most businesses, but if your organization is very large you will have little choice but to opt for an on-premises system.

Connectivity to Microsoft Teams

Finally, one feature of SharePoint Online might tip the balance in its favor for some organizations: it integrates seamlessly with Microsoft Teams. If you are already using Microsoft Teams as a chat and workplace collaboration app, this means that using SharePoint Online will allow your employees to share documents straight from their chats.

In fact, Microsoft Teams uses SharePoint Online, OneDrive, and Exchange Online as its storage system. When a user creates a new Team a dedicated SharePoint Online site is created behind-the-scenes. As Teams users share files in 1:1 chats, group chats, and channels, Microsoft stores those files in various places. As a result, it can be difficult for IT and security teams to get a handle on which information has been shared in Teams, who has access, and whether any sensitive files might be overexposed. Varonis created an on-demand training to help you understand how to manage security in Microsoft Teams.

SharePoint vs. SharePoint Online: Comparison Table

The key differences between SharePoint Online and on-premises instances of SharePoint can be summed up neatly against a number of key features. Here is a table that does just that:

Feature SharePoint SharePoint Online
Security Depends on skills of employees High, centrally managed
Licensing Model Server and CAL Licenses Monthly subscriptions
Deployment Server-based farm Cloud
Cost High, up-front, one-off investment in server hardware and software. Ongoing maintenance costs Low initial investment, but continually increasing and recurring cost of subscriptions
Management Features Extensive Limited
Search Extensive Limited
Customization Extensive Limited
Scalability High Depends on cost
Microsoft Teams Connectivity Limited Extensive
Third Party Support Limited Extensive

 

SharePoint Security Concerns

Though SharePoint has been developed to be a secure, stable platform, there remain some security concerns with using the system. Most of these security concerns stem from the way in which system administrators use SharePoint, rather than inherent issues with SharePoint itself, but it is important to be aware of them in order to make sure your environment is as secure as it can be.

Here are the top SharePoint security concerns, and how to mitigate them:

  1. Content Awareness. As SharePoint implementations grow, it can be difficult to maintain oversight on all of your files and users. You should, therefore, implement content classification, and train end-users to share documents safely. You should also undertake regular content scans to identify critical data and make sure it is secured.
  2. Audit Trails. An inter-related issue with large SharePoint implementations is that audit trails are not kept. This can make it extremely difficult to identify anomalous activity or to perform retro-active forensics in the wake of a successful attack. You should, therefore, enable auditing for all systems and file access, and for all administrative changes to SharePoint. Native auditing in SharePoint does have its pitfalls, such as consuming massive amounts of storage and slowing your site down. You may want to consider a third-party SharePoint auditing app such as Varonis DatAdvantage for SharePoint (on-prem or online).
  3. Endpoint Security. Whilst the core of the SharePoint system is secure, many firms still do not implement rigorous endpoint security to ensure that all files and data are encrypted both at rest and in transit. All servers that host SharePoint data should be encrypted, as should all the backups you make from the system. You should also consider whole-disk encryption for all endpoints, especially laptops, and especially laptops that are used in remote environments.
  4. Ports and Services. On a more technical level, you should harden access to SharePoint itself by disabling ports and services that you are not using. You can even consider using port and application whitelisting to limit access to your SharePoint environment, but only where this does not interfere with the flexibility of your implementation.
  5. Backups. Finally, ensure that you take a whole system backup from your SharePoint servers regularly. Even with the best cybersecurity tools in place, no system can be 100% secure, and so ensuring the integrity of your backups is critical to ensure ongoing operational capacity in the event of an incident.

Most of these processes can be implemented directly from SharePoint. Others, such as whole-disk encryption of user devices, will require additional software. Ultimately, the approach to securing SharePoint is identical to that used to secure any other system you use: you should carefully map how and where your data is stored; ensure that you regularly audit user access, and particularly administrative privileges; and encrypt all of the data that users send and receive from your SharePoint environment.

SharePoint Deployment Models

illustrations of sharepoint online and on-premise deployment models

For the vast majority of businesses looking to use SharePoint as a collaboration and document management platform, SharePoint Online will be a better choice than an on-premises deployment of SharePoint.

This is because there is a fairly simple equation when it comes to the cost of either deployment model. Implementing an on-premises SharePoint platform involves significant up-front costs: not just those for hardware to run a server farm, but also staff costs in setting up this system and keeping it secure. The majority of companies simply do not have the resources for this, and so the obvious choice will be to go for a cloud version of SharePoint.

That’s not to say that on-premises versions of SharePoint do not have a place. The extra customization that these systems offer can be extremely useful for larger companies who have the resources – and the expertise – to take advantage of them.

These two observations combine to describe the standard way in which most organizations develop their usage of SharePoint as they develop. Small companies will start with SharePoint Online. Then, as the storage limits of this system are reached, as corporate systems grow in complexity, and as costs for monthly licenses start to spike, they will hire SharePoint specialists and move to an on-premises model.

This means that there are some businesses for which SharePoint Online will be preferable, and some for which an on-premises model will be better:

SharePoint Online

  • Organizations starting out with SharePoint
  • Small companies who lack the expertise for on-premises deployment
  • Companies without the security expertise to protect a customized system
  • Small companies who want to cut the cost of ongoing maintenance of an on-premises system

SharePoint On-premises

  • Larger companies which have reached the data storage limits of cloud-based SharePoint implementations
  • Companies who require high levels of customization, and
  • Which have the necessary expertise to manage customized system

SharePoint vs. SharePoint Online FAQ

Even after reading all the information above, you may still have some questions regarding the differences between SharePoint Online vs. SharePoint on-premises deployments. So let’s take a look at the most common questions, and provide some quick answers.

What are the differences between SharePoint Online and SharePoint On-premises Versions?

There are many differences between these two models. On-premises versions of SharePoint require that you run your own server farms, and so require a higher up-front cost. SharePoint Online works on a subscription model, and so can be cheaper for smaller businesses but is less customizable than on-premises versions of SharePoint.

Is SharePoint 2016 and SharePoint Online the same?

No. SharePoint Online is a variant of SharePoint 2016, but not all SharePoint Server 2016 features are included in SharePoint Online.

What Version of SharePoint is SharePoint Online?

SharePoint Online is technically a version of SharePoint Server 2016, but there are differences between the two systems. SharePoint Online does not include the advanced customization features of SharePoint Server 2016 and is paid for on a subscription model.

Is SharePoint Online and Office 365 the Same?

No. SharePoint Online is a component of Office 365 that allows Office 365 users to collaborate. It is provided as part of Office 365, but can also be purchased as a standalone product.

Is SharePoint Free with Office 365? Yes. Though using SharePoint requires a Windows license, it is provided free to Office 365 subscribers.

Does Office 365 Include SharePoint Online?

Yes. With Office 365 plans, users can install the latest versions of Office applications on multiple devices like PCs, Tablets, Phones and iPad. Office 365 includes SharePoint Online that allows creating, sharing and managing data, users, site pages, and other resources.

How Much Space does Sharepoint 365 Have?

Enterprise SharePoint users get 1 TB of SharePoint storage plus 10 GB per licensed Office 365 account. The new SharePoint Online Admin Center makes it easy to see how much storage you are using, and which sites are consuming most storage.

How Much Data Can SharePoint Handle?

Although the maximum file limit for SharePoint 2016 is 10GB and 15GB for SharePoint Online, SharePoint, in general, wasn’t really designed to handle large files and sets default threshold limits at 2GB.

Is There a Desktop Version of SharePoint?

Yes, there is a desktop app that integrates with SharePoint. This desktop app can synchronize what you need when you are online, so you can later access it offline. As with iOS, the separate SharePoint app provides access to desktop SharePoint sites and their files, but not to OneDrive files. Android Nougat on some devices includes an app called Files that also can access OneDrive-managed files from personal OneDrive, corporate OneDrive, and SharePoint.

A Final Word

Both SharePoint and SharePoint online are advanced systems for workplace collaboration, file sharing for Office 365, streamlining your data management, and increasing the efficiency of your workflow. However, there are some key differences between SharePoint on-premises vs. SharePoint Online, and which model you choose to use will depend on the needs of your business.

For the vast majority of businesses, and especially smaller companies, SharePoint Online will be a better choice than an on-premises deployment of SharePoint. This is because SharePoint Online has a lower up-front cost, and does not require a high level of expertise to manage. As your business grows, however, and your needs change, it can be worth considering an on-premises, customized version of SharePoint.

Whichever model you choose, however, you should ensure that you protect your data with an advanced threat detection and response solution like Varonis

Jeff Petters

Jeff Petters

Jeff has been working on computers since his Dad brought home an IBM PC 8086 with dual disk drives. Researching and writing about data security is his dream job.

 

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.