the state of office 365 security
TRANSCRIPT
![Page 1: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/1.jpg)
The State of Office 365 Security
![Page 2: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/2.jpg)
A Quick Intro
Tel AvivWorld-Class R&D
BostonCorporate HQ
Doug LaneVP of Product
Marketing
![Page 3: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/3.jpg)
Today’s Topics• Office 365 market trajectory• Microsoft’s big cloud security moves• The current native Office 365 security toolbox• Vertical-specific considerations• Real-world tests of Office 365 security• When to consider third party cloud security solutions• Q&A
![Page 4: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/4.jpg)
Office 365 is Taking Off
![Page 5: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/5.jpg)
It’s Going Enterprise
![Page 6: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/6.jpg)
Is Office 365 ready for the enterprise?
Operationally, yes.…but security is a big concern for many organizations
![Page 7: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/7.jpg)
Microsoft’s Response
![Page 8: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/8.jpg)
Key Native Security Features
![Page 9: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/9.jpg)
Identity and Access Management
![Page 10: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/10.jpg)
Data Loss Prevention
![Page 11: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/11.jpg)
EOP & ATP for Exchange Online• Exchange Online Protection
(EOP)• Included with Business / Enterprise
subscriptions• Anti-Malware/Anti-Spam
• Advanced Threat Protection (ATP)• Optional add-on• Message sandboxing, link
reputation checking, and URL reporting/tracing
![Page 12: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/12.jpg)
Activity Reporting and Visibility
![Page 13: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/13.jpg)
Customer Lockbox
![Page 14: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/14.jpg)
Native Encryption Capabilities
• Encryption in transit (TLS)• Encryption at rest (BitLocker)• S/MIME• Office 365 Message
Encryption
![Page 15: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/15.jpg)
Data ResidencyData Security
Unauthorized Disclosure
Compliance
The Big Question: Is it Good Enough?
“By 2018, 40% of Office 365 deployments will rely on third-party tools to fill gaps in security and compliance, which is a major increase from less than 10% in 2015” (Gartner)
![Page 16: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/16.jpg)
Example: Healthcare• Mature framework for sharing
compliance responsibility with third parties
• Microsoft provides blanket BAA contractual language
• More is always better, but Microsoft provides a good foundation
![Page 17: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/17.jpg)
Other Verticals are….Messier
• Financial Services: FDIC and other industry audits
• Multi-National Enterprise: International data residency laws
• Law Firms and Mission-Based Orgs: Control over subpoena process
• Government Sector: ITAR compliance risk
![Page 18: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/18.jpg)
Is the Risk Real or Imagined?
![Page 19: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/19.jpg)
Data Disclosure Uncertainty
![Page 20: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/20.jpg)
International Data Residency Uncertainty
![Page 21: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/21.jpg)
And Finally…Desperate Measures
![Page 22: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/22.jpg)
Third Party Cloud Security Landscape
Key Benefits:• Unified approach• Separation of control
Cloud Data Protection
“The Treatment”Cloud
Discovery“The
Diagnosis”
![Page 23: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/23.jpg)
Key Cloud Data Protection Ingredients• Zero visibility encryption is the centerpiece• Additional non-encryption controls focused on protecting
data• Data redaction• Policy definition and enforcement (via inline proxy AND out-of-band
SaaS provider APIs)• Alerting: built-in and/or feeds to SIEM tools for more advance usage.• Auditing / Analytics: built-in/or and feeds to analytics tools (e.g.,
Splunk)
![Page 24: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/24.jpg)
(SSL)
(SSL)
From: Mia To:VincentVincent, attached is thecustomer’s SSN and Credit-Card information.
(Vaultive & SSL)
From: Mia To:Vincent躎疓拺鴵鍔漼軴唺傖듌鐴給섐럑蜖虝私乴諡䂸䄙舅矇潹솴湶썙鑡㨜争껎㾔뻚
From: Mia To:Vincent躎疓拺鴵鍔漼軴唺傖듌鐴給섐럑蜖虝私乴諡䂸䄙舅矇潹솴湶썙鑡㨜争껎㾔뻚
From: Mia To:Vincent躎疓拺鴵鍔漼軴唺傖듌鐴給섐럑蜖虝私乴諡䂸䄙舅矇潹솴湶썙鑡㨜争껎㾔뻚
From: Mia To:VincentVincent, attached is thecustomer’s SSN and Credit-Card information.
Intended Recipient
CDPGateway
Example: Zero Visibility Encryption
![Page 25: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/25.jpg)
Final Thoughts• Microsoft is highly committed to Office 365 security• It offers extensive native capabilities across the board• Best of breed third party products will continue to fill
critical gaps• A key question: can your business/industry support
Microsoft having access to your unencrypted data?
![Page 26: The State of Office 365 Security](https://reader036.vdocument.in/reader036/viewer/2022062412/58eff8071a28abf7758b45b7/html5/thumbnails/26.jpg)
Want to learn more about Office 365 Security?
Visit: http://vaultive.com/for-your-technology/office-365-security/