safely enabling office 365
TRANSCRIPT
Safely Enabling Office 365
Seth Hammerman, CISSP Director Channels West
© 2015 Netskope. All Rights Reserved. 2
Office 365 is experiencing strong growth
* April 2015 Microsoft earnings call** http://mspartner.microsoft.com
•Added 3.2 million subscribers in Q3, 2015*
•35 percent growth quarter-over-quarter*
•60% of Fortune 500 is on Office 365**
12.4 million+ subscribersand growing strong
© 2015 Netskope. All Rights Reserved. 3
Anytime, anywhere access is good for users, but IT needs to safely enable Office 365
CreateDelete
DownloadEdit
Login AttemptLogin Failed
Login SuccessfulLogout
PostShare
UploadView
View All
Office 365 users (on-campus, mobile, remote)
© 2015 Netskope. All Rights Reserved.
Keys to Safely Enabling Office 365
4
Policy and Access Control
Risk ManagementAnomaly Detection
Forensics
Data Governance
Access and Policy ControlBest Practices for O365
Extend Access and Usage Policies to O365
Right-Size your Admin Privileges
Extend Single Sign On
Enforce detailed Usage policies
Coach Users
Log ALL activity for both Users and Admins
Consider Mobile access in every access and usage policy –
40% of all Cloud app traffic is from Mobile Devices
© 2015 Netskope. All Rights Reserved. 7
Lack of control presents a risk• Users with unfettered access to all data from
anywhere on any device presents a security challenge
• No distinction between users accessing Office 365 from personal or corporate device
• Sharing in the cloud is easy. Sharing sensitive data publicly in the cloud is just as easy
• Office 365 admin access to read everyone’s email could present a privacy issue
• Difficult to coach users away from unsanctioned cloud apps to Office 365
© 2015 Netskope. All Rights Reserved. 8
Criteria for controlling access
OU and Active Directory informationManaged vs. Unmanaged devicesGeographic and Network LocationExternal CollaboratorsAdmin privileges
Access Control
© 2015 Netskope. All Rights Reserved. 9
Act
Coach users that attempt uploads from one app to another (ex: OneDrive to DropBox)Don’t share files from OneDrive outside the CompanyBlock upload of PII attachments in Outlook, but allow other attachmentsEncrypt all PCI in Yammer regardless of when uploadedAlert on any downloads from OneDrive to a mobile device
Contextual Policies
© 2015 Netskope. All Rights Reserved. 10
Create transparency through coaching
• Let users know when they are out of policy
• Coach users with customizable, automated messages
• Steer them to Office 365 when they attempt to use an unsanctioned app
Data GovernanceBest Practices in O365
Protect data in Office 365 and its Ecosystem
Find and secure sensitive content in Office 365 apps, whether it was uploaded today or two years ago.
Identify sensitive content on its way to or from an O365 app or any of its ecosystem apps, especially OneDrive
Protect Data across your O365 Ecosystem. When you enforce DLP policies in O365, extend those policies across all the apps in the Suite, plus those outside apps that integrate with O365
© 2015 Netskope. All Rights Reserved. 13
Unanswered questions around data governance in Office 365
• What data sits in Office 365 ?
• Is there any sensitive data that is accessible to people outside my organization ?
• How can I make sure I have the same classification capabilities across all corporate assets ?
• How can I make sure the appropriate department custodian can review sensitive content in office 365
• How do I prevent sensitive files from being uploaded to Office 365 ?
© 2015 Netskope. All Rights Reserved.
Lack of visibility into data stored in Office 365 presents risk
14
::
::
::
Data Visibility
::
::
::
© 2015 Netskope. All Rights Reserved.
Data Forensics
16
© 2015 Netskope. All Rights Reserved.
Secure the Data
17
::
Prevent sharing and encrypt data
© 2015 Netskope. All Rights Reserved. 18
Quarantine Repository
Quarantine workflow
© 2015 Netskope. All Rights Reserved. 19
Legal Hold Repository
Legal Hold workflow
Legal Hold
Risk Management, Anomaly Detection, and Forensics
Detect and Manage Security Threats
Protect your apps from risky Users, including one that have had
their cred’s compromised in a Data Breach
Quarantine content uploaded by those Users and create a
workflow to verify the authenticity of the Content
Detect Anomalous Behavior, especially anomalies that could be
signs of Security Threats, Data Leakage, etc.
© 2015 Netskope. All Rights Reserved. 22
Key requirements for mitigating risk associated with activities in Office 365
• Create an audit trail of user activity
• Detect unusual usage patterns in Office 365
• Report when Office 365 user credentials have been compromised in a past data breach
• Identify account hijacking and other security exploits taking place in Office 365
Machine Learning based AnomaliesUser, App and Enterprise Risk evaluation Updated Threat detection and Password BreachesSplunk like search CapabilitiesMitigation and policies
© 2015 Netskope. All Rights Reserved.
Risk management, anomaly detection, and forensics
23
Risk, anomalies,
forensics
© 2015 Netskope. All Rights Reserved.
Summary:Keys to Safely Enabling Office 365
24
Policy and Access Control
Risk ManagementAnomaly Detection
Forensics
Data Governance
Thank You