Apr 3 2020
O365 Security Pain Points for Financial Organizations
Office 365 is the lifeblood of today’s modern Financial Services and Government organizations. The vast majority of your critical data, not to mention e-mail, is in O365. All it takes is one malicious login and the hackers are in. If they crack an admin account, they have the keys to the whole O365 kingdom.
Microsoft Office 365 is packed chock full with your organization’s precious data – information hackers would love to have! Unfortunately, there are all too many ways for cybercriminals to get it – hacking O365 email, malicious logins, malware infections, data leakage, and worst of all, cracking an O365 admin account and getting full run of the tenant.
Mounting full Office 365 defenses is a tough job – falling victim to cybercriminals is far more brutal. Do not be victim of an O365 breach or hacker incursion. Take steps now to understand and address Finance specific O365 security issues.
Financials Already Gun Shy About Cloud and SaaS
Financial organizations are more reluctant than many other industries to move to the cloud and SaaS for several reasons. Here are four:
1. Compliance – Meeting compliance regulations and avoiding fines is far different, and can be more difficult, when the data is housed in a SaaS solution. Extra steps must be taken for SaaS-held data to be compliant.
2. End User Access and Authentication – Financial institutions must tightly control access to data and applications from employees, partners and outsiders.
3. Loss of Data Control – Due to security and compliance concerns, financial organizations are loath to lose control of their data, and need assurance that it is still safe and under corporate control when in the cloud.
4. Security Fears — A breach into a major bank or financial services firm is front page and network news. The invasion harms (sometimes destroys the reputation of the victim company, invades customer privacy, and subjects the victims to large fines.
The Cost Factor – SaaS vs. On-Premises Financial shops are moving to the cloud, in some cases, to contain costs and even save money. However, this is not always a slam-dunk. On-premises computing costs steadily fall, at least for hardware thanks to Moore’s Law. Cloud services and SaaS often appear cheaper at first blush, but as workloads increase, billing surprises can make it more expensive.
While SaaS moves costs from capital expenses (CapEx) to operating expenses (OpEx), SaaS only saves money if the organization can carefully analyze the costs, then control SaaS costs – often through license optimization. To do so, financial organizations need to thoroughly understand their costs, and know where they are coming from. This is critical for Office 365, but important for all other SaaS solutions as well.
Because of deeply ingrained reluctance to embrace the cloud, SaaS solutions in finance are new and only semi-charted territory. Financial organization need new ways of managing SaaS to gain efficiencies, security, optimize costs, and increase productivity.
SaaS Management Platforms (SMP) can greatly simplify and ease the management of cloud-based applications. A good SMP can handle license optimization for O365 and other SaaS tools. Wasted or unused licenses is a sunken cost that should be avoided. Unassigned licenses should be used or returned, and unused licenses, such as when a worker leaves, should be redeployed or cancelled.
Ex-employees also pose a security risk and should be offboarded immediately for savings and safety. This is best handled by an SMP that can offboard those who leave through an automated workflow.
Complex Compliance Concerns
When financial institutions make security mistakes, the costs are steep. There are hefty fines from data breaches, and bad publicity and reputation damage that can be far more expensive – and in fact can easily put you out of business.
Because so much of the confidential data hackers seek are in SaaS apps, protecting these services is critical. The vast majority of confidential data today is in Office docs, which increasingly means O365.
The Insider Threat – IT as the Enemy
There are two forms of insider threat. Employees are the most talked about. However, a common assumption many have is that IT, which controls the infrastructure, apps and data, is inherently trustworthy.
Too often those in IT blindly trust others in IT, and give these workers higher level privileges than they need, and which can be used to abuse access to corporate and personal information. According to a survey by Cyber-Ark, a third (35%) of IT pros spy on other company employees.
A sizeable portion of insider breaches come from technical staff: 6% from developers and another 6% from admins, according to the Verizon Data Breach Investigations Report. Many insider incursions result from privilege abuse, though there are many other ways IT abuses its access.
How CoreView Blocks Insider IT Malfeasance
The first defense is using Role-based Access Control (RBAC) to only grant privileges that are absolutely needed, and only for the time these privileges are absolutely needed for. At the same time, have a system for tracking admin activities and let admins know tracking is in place. This alone can ward off many dangers.
Employees as the Enemy
The Verizon report finds that 14% of breaches come from insiders. Insiders are more dangerous than most outsiders are. Insiders are already on the network, and sometimes with high-level privileges.
To fight off the insider threat, you need a full approach to security, along with the ability to address Office 365-specific vulnerabilities. A key issue is knowing what is going on in the network and controlling dangerous activity.
Verizon advises IT to implement strong access controls and provide access levels fitted to true needs, trust, and levels of responsibility. “Having identified the positions with access to sensitive data, implement a process to review account activity when those employees give notice or have been released,” Verizon suggested.
How CoreView Blocks Employee Malfeasance
The answer is to identify internal and external threats to your environment — then step up your defenses. Here, CoreView alerts give you an early warning system for internal and external threats to your Office 365 environment, so you can identify and defend yourself against security breaches before they occur.
As much as cybercriminals around the world attack government systems, insiders can be a more insidious threat. Often this is through social engineering where the employees are unwitting participants. Often insiders are angry and want revenge, or are even paid to steal data, or wreak havoc.
Insiders should be subject to Least Privilege Access Policies to minimize damage. And IT should be able to track inappropriate sharing of data, and all end user actions to detect and prove malfeasance.
Learn About 26 Office 365 Security Pain Points – and How to Cure Them
CoreView has four white papers showing 26 common O365 security problems. Topics include:
Find Security Holes for FREE
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.