Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Bridging the Office 365 Security Gap - Redmond Media


Published on

In partnership with Redmond Media, we explore how Office 365 security is evolving and where a CASB fits into your cloud security strategy.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Bridging the Office 365 Security Gap - Redmond Media

  1. 1. webinar sept 28 2016 bridging the o365 security gap
  2. 2. STORYBOAR office 365 is the leading SaaS productivity suite: market share has tripled year over year 2014 2015 google apps office 365 other 16.3% 7.7% 76% 22.8% 25.2%52%
  3. 3. poll: what are your office 365 migration plans?
  4. 4. STORYBOAR the traditional approach to security is inadequate
  5. 5. STORYBOAR the data blind spot: enterprises can’t rely solely on native app security enterprise (CASB) end-user devices visibility & analytics data protection identity & access control application storage servers network 5
  6. 6. STORYBOAR a security balancing act: empower users, maintain control ■ Visibility and control over corporate data in Office 365 ■ Prevent unauthorized access ■ Limit external sharing ■ Restrict access on unmanaged devices ○ Managing OneDrive sync, access in risky contexts, more
  7. 7. STORYBOAR components of o365 security identity cloud access mobile
  8. 8. STORYBOAR cloud: protect data-at-rest in o365 ■ External sharing opens the door to unintended leaks ○ API-based controls can restrict sharing of sensitive data ■ User behavior analytics, logging ○ Little in-app visibility, no cross-app visibility ○ Third-party solutions are built with compliance in mind
  9. 9. STORYBOAR access: native security provides limited visibility ■ More access, greater risk of data leakage ○ Granular access controls can limit risky access ■ DLP is critical to securing sensitive data in risky contexts ○ Complete security solutions should be content-aware, apply DLP at access
  10. 10. STORYBOAR mobile: distinguish between managed and unmanaged devices ■ Employees have rejected MDM and MAM ■ IT must securely enable access to frequently used apps ■ Allow different levels of mobile access based on device type, user, etc.
  11. 11. STORYBOAR identity: centralized identity management is key to securing data ■ Cloud app identity management should maintain the best practices of on-prem identity ■ O365 can identify some but not all high- risk logins ■ Prevent use of compromised credentials with cross-app IAM, step-up MFA
  12. 12. STORYBOAR ■ BYOD blindspot - O365 DLP is not geared toward protecting data on BYOD ■ High operational overhead - Complex to configure and maintain ■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office 2016 on PCs ■ High cost - Must have top of the line license ■ Point solution - Support focused on Office 365, what about other cloud apps? office 365 native dlp: complex, costly, and doesn’t work across apps
  13. 13. poll: what cloud security functions are most important?
  14. 14. STORYBOAR casb security: a data-centric approach o365 requires a new security architecture ■ Cross-device, cross-application agentless data security ■ Real-time data protection ■ Limit high-risk activities like external file sharing, unmanaged access ■ User behavior analytics
  15. 15. STORYBOAR managed devices application access mode data protection unmanaged devices & mobiles in the cloud ● profile-agent ● VPN+IP-restriction ● DLP/DRM/encryption ● Device controls, e.g PIN ● Agentless Selective wipe ● Client apps: allow/block ● OneDrive ● Sharepoint ● API ● Quarantine DLP ● Block external shares ● Alert on DLP events office 365 use case: real-time inline data protection on any device Legacy Auth Apps e.g Office 2010 ● Full access Modern Auth Apps e.g Office 2013+ ● profile agent ● VPN+IP-restriction ● certificates ● Full access ● Browser ● ActiveSync Mail ● Client apps ● Reverse-proxy + AJAX-VM ● ActiveSync Proxy 15
  16. 16. STORYBOAR client ■ 180,000 employees ■ Among the largest US healthcare orgs challenge ■ HIPAA Compliant cloud and mobile ■ Controlled access to Office 365 from managed & unmanaged devices ■ Control external sharing ■ Real-time inline data protection solution ■ Real-time inline protection on any device ■ Contextual access control on managed & unmanaged devices (Omni) ■ Real-time DLP on any device ■ API control in the cloud ■ Agentless BYOD with selective wipe ■ Enterprise-wide for all SaaS apps secure office 365 + byod major healthcare firm
  17. 17. STORYBOAR secure salesforce + office 365 17 client ■ 20,000 employees ■ Global presence ■ $6T in assets under management challenge ■ Needed complete CASB for enterprise-wide migration to SaaS ■ Security for Office 365 ■ Encryption of data-at-rest in Salesforce solution ■ Searchable true encryption of data in Salesforce ■ Real-time inline DLP on any device (Citadel) ■ Contextual access control on managed & unmanaged devices (Omni) ■ API control in the cloud ■ Discover breach & Shadow IT financial services client
  18. 18. STORYBOAR our mission total data protection est. jan 2013 200+ customer s tier 1 VCs
  19. 19. resources: more info about office 365 security ■ whitepaper: definitive guide to casbs ■ case study: fortune 100 healthcare firm secures o365 ■ video: securing office 365
  20. 20. STORYBOAR @bitglass