Countless novice O365 end users think that because the software is in the cloud, it is somehow entirely safe. Even inexperienced IT workers have the same dangerous idea.
Neither seem to know that:
- 58.4% of critical data is in Office Docs
- 25% of phishing attacks bypass Office 365 security
- And 40% of Office 365 shops suffer compromised credentials
While Microsoft secures its own O365 instances in the cloud, and takes full care of that portion, IT is still responsible for securing identities, devices, passwords, stopping data leakage, and preventing insider malfeasance. “For SaaS solutions, a vendor provides the application and abstracts customers from the underlying components. Nonetheless, the customer continues to be accountable; they must ensure that data is classified correctly, and they share a responsibility to manage their users and end-point devices,” Microsoft argued.
Identity and Access Management Still in IT’s Hands
High level cloud platforms like SaaS require a slew of IT-driven security responsibilities. “In PaaS and SaaS solutions, Identity & access management is a shared responsibility that requires an effective implementation plan that includes configuration of an identity provider, configuration of administrative services, establishing and configuration of user identities, and implementation of service access controls. Additional considerations that should be considered are the use of two-factor authentication, role-based access control, just-in-time administrative controls, and monitoring and logging of both users and control points,” Microsoft pointed out.
5 Things Gartner Says You MUST Do NOW to FULLY Protect Your O365 Tenant
Gartner first wants IT to understand that Office 365 isn’t 100% from the get-go, and doesn’t secure itself. IT must take care of O365 hardening. “Modern cloud-delivered content collaboration tools introduce new opportunities for inappropriate behavior. Clients are sidelined by open shares as they can be an especially pernicious risk, potentially resulting in the loss of data, introduction of malware, and regulatory or compliance failure,” Gartner explained.
In fact, securing O365 is a complex affair. “Organizations must contend with a proliferation of disparate devices that access Office 365, which may be difficult for enterprises to manage consistently across various operating systems and across numerous third-party applications granted access to tenants,” Gartner argued.
Here are four high level Gartner recommendations:
- “Establish a foundational identity, access and privilege management strategy, on which all other controls rely.
- Maintain awareness of user and application behavior to ensure compliance with internal policies and external regulations.
- Protect your Office 365 subscription from internal and external threats, which are growing in quantity and danger.
- Monitor and secure Office 365 content in motion and at rest to prevent unauthorized access or disclosure.
The good news is that CoreView deeply addresses every one of these issues. Now let’s walk through the five steps towards O365 security nirvana.
- Identity and Access Management (IAM) is Your FIRST O365 Defense.
People, and their identities, are a key vulnerability – one cybercriminals are trained to exploit. And the danger is high. “The consequences of poor identity management are significant. For most organizations, services like Exchange Online are mission-critical. If users are poorly authenticated or overentitled, there is an increased risk of data breach, data destruction or unauthorized modification,” Gartner warned.
No accounts need protecting more than highly privileged accounts which give hackers full access to the O365 tenant. “All accounts — but especially powerful ones, like those for administrators — are rich targets for attack and require additional protection through higher trust authentication, typically involving multiple factors,” Gartner advised.
Role-based access is a good starting point. ”Use Microsoft’s predefined roles for each service in Office 365 as a starting point to design a role-based access control policy that grants users and administrators the minimum set of permissions required to perform their jobs,” Gartner suggested.
The problem here is that Microsoft roles still give an administrator or O365 operator full global credentials – they can access and perform actions across the entire tenant which is the opposite of least privilege access. CoreView, in contrast, more deeply defines these roles and even scopes them based on functions. More importantly, CoreView can LIMIT an admin’s scope to specific sets of users, so any damage through mistake or malfeasance is radically reduced.
Gartner sees the danger of compromised highly privileged accounts, and advises shops to “Require higher trust authentication for all administrator accounts and accelerate (or start) plans for higher trust authentication for your entire user population. Given the ongoing prevalence of account takeover attacks, this is no longer optional.”
- Know What Users are Doing
In the on-premises world, IT had precious little idea what end users were actually doing with their software. The cloud offers new ways of tracking user behavior and actions, which is ideal for understanding how a breach occurs, malware spreads, or a confidential file is leaked. “Migration from an on-premises Microsoft collaboration environment to Office 365 requires new approaches for achieving visibility into user, application and data behavior. All services provide activity reports that cover up to 180 days of metrics (such as service usage and user and application transactions),” Gartner explained.
Much of this data is right there — in O365. “Audit reports for Exchange Online, SharePoint Online, OneDrive for Business and Azure AD are available in the Office 365 Security & Compliance Center. Audit reports show user and admin activity within an Office 365 tenant, can be searched for specific users or actions, and can help spot unusual sign-in activity,” the research house said.
This data, though, is not usually retained long enough to conduct breach forensics. CofreView can maintain logs indefinitely, and we enrich the data offering deeper insight into security issues, and making log-based alerts actionable.
- The Role of Third Party O365 Protection
Gartner realizes that, like with Windows, third parties have emerged to protect the O365 environment. “The rapid adoption of Office 365 has spurred the growth of a variety of third-party tools that increase visibility in one aspect or another, including areas such as:
- Activity and administration auditing
- Event collection and correlation
- Permissions analysis and monitoring
- User behavior analytics
- Anomaly detection”
The good news is CoreView takes care of all five of these areas.
- Don’t Forget Email Security
Email has traditionally been the number one way hackers breach the IT environment. O365 is no different. “Account takeover attacks remain a challenge for many enterprises. Low-volume, high-value targeted attacks usually originate with spoofed email. Skilled attackers can penetrate even the best anti-phishing campaigns. From there, attackers find additional ways to spread inside an organization, following wherever the stolen credentials might lead,” Gartner cautioned.
The answer is tight password controls, strong authentication, the ability to set and enforce email security policies, and tracking end user email behavior and actions.
- Strengthen Your O365 Security Score
Microsoft O365 has a built-in way to measure your security posture. “The Office 365 Secure Score has evolved into the Microsoft Secure Score. This tool assesses the security state of multiple aspects of Office 365 by evaluating which controls are enabled and presenting a score — the sum of the point values for each control. The score is a reasonably meaningful starting point for measuring and improving your Office 365 security posture,” Gartner explained. “To help you devise a plan for a staged rollout of controls, the tool combines recommendations into five categories: identity, data, devices, apps and infrastructure.”
Third party security and management solutions can boost your Secure Score – meaning your tenant is measurably more secure!
Get the Full Gartner (and CoreView) Skinny on O365 Security
The Gartner Report: 5 Steps for Securing Office 365, covers key challenges M365 customers face in the wake of accelerated digital transformation, and provides recommendations on how to minimize the attack surface within your organization.
Get the full Gartner report here.
And you can read our CoreView article on where O365-specific security vulnerabilities lie.
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.