Jul 15 2020
If You Don’t have O365-Specific Security, You Don’t have O365 Security
Office 365 Disasters Are Waiting to Happen
Did you know that:
- 58.4% of critical data is in Office Docs
- 25% of phishing attacks bypass Office 365 security
- 40% of Office 365 shops suffer compromised credentials?
These are just three of the MANY Office 365 troubling security data points. Meanwhile, novice Office 365 shops do not know where O365-specific security vulnerabilities lie, or even that they exist. These threats do not cause pain until they rise up and bite – then the agony is fierce.
More experienced organizations know threats exists, but not exactly where they are or how to address them. The results can be disaster. A survey of 27 million users across 600 enterprises found that 71.4% of Office 365 business users suffer at least one compromised account each month.
Virtually all organizations have some basic forms of security protection, such as anti-virus and firewalls – but nothing for Office 365-specific security issues. The basic tools they have make them feel safe. Meanwhile, larger shops likely have defense-in-depth for general security and compliance and regulatory controls and solutions – but again, nothing for Office-365 specific security and compliance concerns.
This is a thorn in the side of Office 365 IT pros. Osterman Research surveyed Office 365 IT managers and found these pain points and areas of administrative weakness:
- “Monitor for and block access from compromised accounts. 80% responded yes.
- Audit, manage and control privileged access into Office 365 applications. 71% responded yes.
- The ability to centrally manage security policies across all communication channels, both within Office 365 and on other platforms. 57% responded yes.”
Seven Ways To Know You Are On Top Of Office 365 Security
- You can produce a log in seconds for every administrative action taken in Office 365 since the platform was initiated. (If a bank teller has a transaction log of every deposit and withdrawal, why don’t you have this for O365?)
- Every time an employee leaves the organization, IT runs an audit report of every file accessed for the past x days. And…
- Whenever malware or leaked credentials are detected on an employee device, IT runs an audit of every action taken by that user in O365 since malware was detected, which also checks for Trojan horses/ransomware/configuration changes.
- IT not only knows where O365 attacks are coming from, but whom they are targeting, how the targets are configured, and if successful, all actions that were taken.
- IT has a fully-deployed least privilege access model for Office 365. And IT can describe precisely what functions those operators can perform, and how they are scoped.
- IT can perform (report/alert/fix) desired configuration management at the account/device level in Office 365.
- IT knows how their O365 configuration security posture compares with their peers, and how their Microsoft Office 365 Secure Score is trending over time.
While Office 365 does come with some security features and configuration options – and all O365 shops should take advantage of them, native or built-on tools do not address many vulnerabilities and issues such as those raised by Osterman.
The good news is that CoreView solutions handle all of Osterman’s concerns – and more. CoreView manages well over 7 million Office 365 end points, and knows exactly where the pain and problems lie, and how to neutralize threats and achieve compliance.
CoreView to the O365 Security Rescue
Fortunately, CoreView has the solutions to make essential security tasks a piece of cake. CoreView works by collecting all available information from the Microsoft O365 platform, including audit logs, application-specific APIs such as Exchange Web Services, and all Azure Active Directory information. This data is stored in an Azure subscription in MongoDB; and action-enabled, which gives CoreView customers very specific advantages for configuration issues.
Here are five ways CoreView safeguards your O365 tenant.
1. Create strong unique passwords that are changed regularly.
Run CoreAdmin Reports to identify accounts that do not have password expiration set — especially service accounts — and apply changes in bulk using CoreAdmin delegated admin facilities.
2. Enable Multi-Factor Authentication, especially for remote logins.
Use CoreSecurity Audit Sign-In Reports to identify not only remote login attempts, but also discover targeted accounts, MFA status, failure reasons, and get the remediate MFA status directly from the CoreView reports.
3. Modernize legacy systems and ensure software is as current as possible.
CoreView can validate your workstations and ensure software is up to date, AND you can run CoreSecurity Azure AD Reports to document 3rd-party applications granted and utilizing access to Azure AD.
4. Limit the granting of administrative access.
Giving global admin rights to too many people is one of the worst things you can do to your network security. Instead, leverage CoreAdmin’s functional least-privilege access and Role-Based Access Control (RBAC) functions to quickly create a least-privilege access model that restricts admin rights to only what is actually needed.
5. Audit all workloads for end users and admins.
CoreView stores an external, immutable log of every administrative action for the life of the platform. Every agency should be able to produce this type of information.
At the same time, ensuring that auditing is enabled across all workloads is also crucial as it lets you perform forensic analysis and see in detail how malware spreads. You should store, access and audit logs in a separate and immutable location and define how long you want these logs retained by enabling CoreSecurity.
With CoreView, you can ensure your Microsoft environment is correctly configured. This greatly increases your chances of blocking or at least surviving malware.
Protect Your O365 Tenant With CoreView
Get your O365 security profile FREE with our new CoreDiscovery solution. You can get your free software now at the CoreDiscovery sign up page: https://www.coreview.com/core-discovery-sign-up/. Or sign up for a personalized CoreView demo
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.