Security Auditing & Real Time Alerting
Security Auditing and Real Time Alerting for Office 365
In today’s corporate environment, security and compliance always need to be top of mind for IT leadership. There are many pitfalls that can occur from a security breach or a compliance violation that can end up costing organization millions of dollars, and CIOs their jobs. That is why most IT organizations are looking for automated tools to help them keep one step ahead of any security compliance issue. CoreView is a solution that has those security watchdog capabilities built-in for Office 365 and Azure AD.
In some ways moving to Office 365 can help alleviate the worries of security compliance. Microsoft has world class security and compliance configurations that have been proven in some of the largest organizations on the planet. They have the best engineers in the world constantly working to protect the data in Office 365.
On the other hand, Microsoft’s focus is not protecting your data. Microsoft’s priority is protecting Microsoft’s business. Of course, they want to ensure your tenant is not breached, but if your organization is audited for a compliance breach it’s not Microsoft that the auditors are going to talk with.
In this blog post, I’m going to highlight how CoreView’s security auditing and real time alerting features can extend the security compliance monitoring available in Office 365 and Azure AD in order to protect your organization.
According to Wikipedia, an IT audit is
“An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization’s goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.”
In researching this post, I found a lot of diverse sources explaining IT audits. The truth is, an audit is whatever the auditor standing in front of you says it is. Preparing for an IT audit is one of the most difficult exercises an IT department can endure.
To compound that difficulty, Office 365 is not a single technology with a single set of features and functionality. Exchange Online works differently than SharePoint Online does. They both work differently than Skype for Business Online. The auditing controls for each of these services is very different.
Microsoft is aware of this problem, and they have tried to help by building a Security and Compliance Center for Office 365. While this effort is an improvement, it’s still not a complete single solution. CoreView goes the extra mile and gives you a single interface to setup and control the security auditing of the user activity and events data for your Office 365 tenant.
Collecting audit data for analysis is important. It gives your IT department the ability to find out what happened days, weeks, months, or even years ago. That information can be invaluable, but it doesn’t help prevent a breach in progress.
CoreView gives your organization the ability to setup real-time alerts to notify you of an incident as it happens. A perfect example of this comes from a large state government agency in the US that started using CoreView this year. They wanted to configure a real-time alert to notify administrators if the Governor’s e-mail was ever comprised, or their mail file security rights were modified. Using the setup wizard in CoreView they were able to configure multiple automated alert in just a few minutes.
Similarly, some of the most common customer needs are for real time alerting for C level executives mailbox access, and real-time alerting on specific high value SharePoint document libraries. Using CoreView it is very easy for an IT admin to configure this kind of real time alerting for any security issues in Office 365. The native Office 365 admin center does not have the capability for real time alerting, and the auditing capabilities that the native Office 365 admin tools do have are very different for SharePoint Online and Exchange Online. Using the native tools that Microsoft provides, you will need both a SharePoint expert and an Exchange expert to setup and utilize the functionality.