Chief Security Officers are responsible for overall IT security, and when things go south, the job can go with it.
As experienced as a Chief Security Officer (CSO) is, they simply can’t know everything. It is these blind spots that make the environment – and IT security jobs – so vulnerable.
So what do security IT executives need to know about Microsoft Office 365 security that they don’t already? “It is a delicate conversation. How do you tell them? – ‘You have been operating unsafely for four years and should have been examining every file that got touched after a malware event.’ It is going to happen. If it happens to the US Department of Defense, you will be hacked too. Somebody will get a virus. Somebody will leave the organization and not be 100% happy that they are leaving. Some administrator will do something they should not,” said Matt Smith, solution architect for CoreView.
Learn What You Don’t Know
The best advice for an Office 365 environment of any size is to get a free CoreView Office 365 Health Check today. At the same time, make sure you have enabled all the data Microsoft has to offer for detecting and correcting a security event. Then subscribe to the CoreView solution so you can rationalize all that information into actionable reports.
“A huge benefit of having a CoreView Office 365 Health Check scan and analysis performed on your entire O365 environment is that auditing is not turned on by default by Microsoft. Many people do not realize this. When we do an Office 365 Health Check, we flip on auditing for every single workload. Even if they do not buy CoreView, it is a value add in that at least all that data is there,” Smith concluded.
Why CISOs Need Functional Access Control (FAC)
The Holy Grail of least privilege access is thought to be Role-Based Access Control (RBAC) where admins and user are given only those rights that relate to a certain role, or work or admin function. However, roles are inherently broad. You can go deeper and more granular (and get way safer) by defining rights based on the FUNCTIONS the admin or user need to perform.
So how is Functional Access Control part of doing least privilege right? “In Microsoft’s Zero Trust model, the feature functionality that Microsoft and others are pushing are PIM and PAM, which are approaches to Least Privilege Access. What does the CISO care about? He cares about true Least Privilege Access. If you asked 100 IT personnel, ‘Should we have Least Privilege Access for all of our applications?’ 100 of them would reply, ‘Yes we should!’ The next question is — why don’t you? ‘Microsoft doesn’t give us the tools that allows us to do that.’ And they are right. You cannot do it natively within the O365 Admin Center,” said CoreView solution architect Matt Smith.
The right way to do it is the CoreView way. “The only right way really to apply Least Privilege Access is to extrapolate administrative access and proxy it the way that we do through a portal that says, ‘I am not giving you access to a role. I am giving you access to a function, and you have no privileges whatsoever within the application itself to do other things.’ It is a predefined function that CoreView admins have the ability to turn on and turn off, or even apply a workflow to give time bound access. That is the only way to get to that goal,” Smith argued.
Over 70% of O365 business users suffer at least one compromised account each month. The fact is, Office 365 applications come with some inherent vulnerabilities, especially when admins do not follow proper security measures, and rely entirely on non-Office 365-specific security solutions.
While there are plenty of Office 365-focused attacks, there are also many common areas of exposure that are regularly tested by hackers, including poor email practices, lack of attention to data loss/leakage, cloud storage, and more. Smart Microsoft IT pros take pains to address both concerns.
Meanwhile, hackers are smart enough to know that Office 365 admins hold the keys to the kingdom, and increasingly attempt to crack these high-level accounts.
CoreView to the O365 Security Rescue
Fortunately, CoreView has the solutions to make essential security tasks a piece of cake. CoreView works by collecting all available information from the Microsoft O365 platform, including audit logs, application-specific APIs such as Exchange Web Services, and all Azure Active Directory information. This data is stored in an Azure subscription in MongoDB; and action-enabled, which gives CoreView customers very specific advantages for configuration issues.
Protect Your O365 Tenant With CoreView
Or sign up for a personalized CoreView demo.