Protecting Your Data In Office 365

2,847 views

Published on

Office 365 revolutionized how employees work and collaborate by embracing the power of the software-as-a-service (SaaS) model. While the easy deployment and broad access of Office 365 makes it invaluable to business productivity, a SaaS model adds increased risk of malicious or accidental leakage of business-critical data.

In this webinar Protect Your Data in Office365 you will learn to:

Understand how Office 365 is being used by your users
Identify sensitive content (like payment information, healthcare records, source code, or other types of data) being shared
Uncover risky or anomalous behavior by rogue insiders
Automate protection against Office 365 data breaches, minimize false positives, and eliminate the constant retuning of data classification policies.

Watch the on-demand webcast at https://www.elastica.net/protect-your-data-in-office365/

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,847
On SlideShare
0
From Embeds
0
Number of Embeds
34
Actions
Shares
0
Downloads
83
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Protecting Your Data In Office 365

  1. 1. PROTECTING YOUR DATA IN OFFICE 365
  2. 2. Office 365 Security 2 Cloud apps are becoming an essential part of business Cost effective Remote access Agility and speed Improved Productivity Better collaboration
  3. 3. ...That result from your unauthorized action or lack of action when required, or from your employees, agents, contractors, or vendors, or anyone gaining access to our network by means of your passwords or equipment, or otherwise resulting from your failure to follow appropriate security practices... Microsoft’s Policy Microsoft will not take responsibility for your user behavior (or security of your infrastructure or users). (the fine print) Security In The Cloud is a Shared Responsibility Office 365 Security 3
  4. 4. 4 What could go wrong? • 1.34% of accounts were compromised • Compromised means: account takeover, rogue (bad actor) insider, malicious data destruction, etc. • Report highlighted threshold triggers (static) and anomalous behavior (data science) — just a sample out of 60+ factors • This malicious activity would apply regardless of SaaS app or storage provider used, even Office 365/OneDrive From Elastica’s Q2 2015 Shadow Data Report: Malicious Use % of total compromised accounts Office 365 Security
  5. 5. 90%of organizations lost sensitive data via file sharing Shadow Data Use of sanctioned apps in unsanctioned ways average cost of data breach for storage SaaS providers/company Shadow Data All the potentially risky data exposures lurking in sanctioned cloud apps, due to lack of knowledge of the type of data being uploaded, and how it is being shared. This can directly lead to compliance violations or sensitive data loss. Shadow IT All the potentially risky unsanctioned Cloud Apps used in your organization, without the knowledge of IT. Source: Elastica Q2 2015Source: Ponemon $13.8M What is Shadow Data? Office 365 Security
  6. 6. Who Controls Sharing? Sharing has become democratized (no longer top-down controls) Even file owners no longer fully control how their files are shared Alice shares a file with Bob Bob shares that file publicly without Alice’s knowledge Shadow Data Goes Viral Office 365 Security
  7. 7. files per user are broadly shared (average) 12.5 %contain compliance related data Shadow Data 25%Of total files stored in the cloud per user (average) of these files Office 365 Security
  8. 8. Email • S/MIME • SSL • A/V Scanning Leverage O365 email to another email that supports S/MIME. However, you are also encrypting infected file attachments. 8 What about protection for: ▪ Non MSFT Users ▪ BYOD (non- Windows Mobile) ▪ SaaS apps/storage ▪ Contractors ▪ Vendors/Suppliers ▪ Malware/Botnets ▪ EU Directives At-Rest Data • CCM/SOC certifications • Process/infrastructur e • “Lockbox” Storage and handling data (at rest) defined by various certifications. However, does not apply to docs and data leaving O365 servers (your destination, your computer). Doc. Control • IMS/RMS • Containers • Pre-file crypto Build a security wrapper around documents. But requires same O/S and agent on both sides. Requires special client. Scope of Office 365 Security Office 365 Security
  9. 9. 9 Office 365 provides base security, but you still need… User visibility and control Analysis of risky behavior Automated classification Data protection / attack mitigation REQUIREMENT BECAUSE HOW Compliance mandates require identification of sensitive data Users are the biggest threat that can bypass your security controls This is not readily seen just by A/V scanning or APT systems Before, during, and after a breach requires fast response Leverage data science to automatically understand content without involving humans Real-time awareness of access and actions Per user-graph of “normal” behavior vs. risky behavior Complete lifecycle solution Office 365 Security
  10. 10. Alice Shared Payroll.docx with Bob Using Office 365 ? ? ? ? ?? Alice is an External Collaborator From an Unmanaged Device The File Contains PII Risk From an Anomalous Location But it’s not that simple Data Visibility and Control Office 365 Security
  11. 11. Data Science Powered™ CLOUD APP SECURITY beforeduringafter Office 365 Security
  12. 12. External and public content exposures, including compliance risks Inbound risky content shared with employees (e.g. malware, IP, etc) Risky users and user activities Get a Free Shadow Data Risk Assessment Office 365 Security
  13. 13. Thank You! Take the free Shadow Data Risk Assessment Visit us to learn how you can find risks and protect critical content in your file sharing apps. Elastica.net
  14. 14. Granular Event Extraction StreamIQ™ Inspect (even in SSL traffic) and determine specific actions being taken— all in real-time.
  15. 15. Slideshow Title 15 Every time you adopt a new technology, you have to secure it You wouldn’t run your business without email… …and you wouldn’t use email without security As business adopts cloud apps… …you must secure them
  16. 16. Automatically classify, detect and remediate content uploaded to cloud apps
  17. 17. 17 Who Controls Sharing? Alice shares a file with Bob Shadow Data Goes Viral —No Way! You Do Office 365 Security
  18. 18. Who Controls Sharing? Even file owners no longer fully control how their files are shared Alice shares a file with Bob Bob shares that file publicly without Alice’s knowledge Shadow Data Goes Viral— No Way! Office 365 Security

×