In today's post, we’ll discuss how to improve your Office 365 data protection and threat mitigation approach to better protect your environment from external threats.
In our previous post about Office 365 security features, we outlined how to make the deluge of Office 365 security event information actionable. We also highlighted the importance of implementing sound identity, access, and privilege management approaches. Now let’s see what else you can do.
Protecting Office 365 from External Threats
Office 365 plays a strategic role for many organizations. Unfortunately, this also makes it an attractive target for bad actors. Ongoing concerns range from annoyances like spam to more substantial threats like phishing attempts and malware.
Microsoft offers baseline anti-spam and anti-malware to all commercial Office 365 users. They also offer a paid upgrade option, Office 365 Advanced Threat Protection, that adds more sophisticated attachment sandboxing, link checking, and analytics. This is also an area where third-party providers, including Delta Risk partner solutions like Mimecast and Cisco Umbrella, can provide more specialized protection for Office 365 deployments.
In most instances, Microsoft and third-party solutions respond to threats as they appear. Since no security measure is 100 percent effective, though, proactive monitoring is critical. It’s also important to correlate what threat protection solutions see with other data sources. This can uncover possible indicators of compromise or sustained attack attempts.
One solution for this is to deploy a third-party tool like ActiveEye that combines security policy logic, automated analysis, and human analysis. This enables you to continuously assess your Office 365 security posture and detect high severity incidents.
Want to learn more? Schedule a demo of our ActiveEye Office 365 security solutions with one of our security specialists.
Protecting Office 365 Data in Motion and at Rest
Many organizations worry about losing physical control over their sensitive data when they move to the cloud. In general, Microsoft has done an effective job at alleviating this concern. Standard SSL/TLS encryption is used for user sessions. Data at rest is also proactively encrypted on Microsoft systems at both the volume and service levels. Overall, Microsoft delivers stronger data protection than most mid-sized organizations can achieve on-premises.
But there are still some important data protection factors to consider when adopting Office 365. The first is that while your data will be encrypted, it will be Microsoft – not your IT team – that controls the encryption keys. This is likely acceptable for most mid-sized organizations. But if your organization has specific security and compliance requirements in this area, Microsoft also offers options such as a Customer Key that provide more direct control over your organization’s encryption keys.
It’s important to note, though, that this is complicated to set up. It doesn’t necessarily prevent Microsoft and its systems from accessing your organization’s data, either. It does make it easier to cut off Microsoft’s data access if you decide to move away from the service, though.
Along with measures like encryption, it’s valuable to implement content-based data protection techniques like data loss prevention (DLP). This is another area where you can choose between standard integrated capabilities of Office 365 and specialized third-party solutions.
As with threat protection, it’s easy to assume that your DLP tools are doing their job and overlook the need for active monitoring and analysis. But Office 365 provides many options for file sharing beyond email, including OneDrive for Business and SharePoint Online. So, it’s critical to complement DLP policy templates with monitoring to ensure compliance and detect abuse. This is another area where ActiveEye can improve your security posture while reducing the burden on your in-house security team.
Thinking Beyond Office 365
This biggest mistake that many organizations make when considering how to effectively secure Office 365 is approaching it as a silo. Ultimately, most organizations don’t have an Office 365 security problem – they have a cloud security problem. It’s important to take advantage of native Office 365 security features where possible. But you should also view the problem holistically.
Most organizations will likely have multiple cloud providers and continue to use on-premise systems for the foreseeable future. So, it’s important to implement a unified security framework that works across all these environments. Disparate one-off approaches lead to human error. Correlating information from endpoints, data centers, and cloud resources gives you a much more complete picture.
If the prospect of implementing an Office 365 security strategy that extends to other cloud platforms and your on-premises infrastructure seems daunting, you’re not alone. Most mid-sized organizations are in the same boat, dealing with limited IT resources and juggling a multitude of security and compliance demands. ActiveEye enables you to apply Office 365 security capabilities to your environment in as few as 15 minutes, unlocking both new insights and support from our team of cloud security experts so you can focus on other things.