Webinar Wednesday: Locking Up the Cloud
•Download as PPTX, PDF•
0 likes•74 views
Now that your data is in the Cloud, you need to make sure you secure it. Office 365 covers encryption, redundancy & other important items, but your users are still your biggest risk! Learn the basics to help determine who can share documents, how to receive notifications about specific messages that leave your firm, & more!
Recommended
Recommended
More Related Content
What's hot
What's hot (19)
Similar to Webinar Wednesday: Locking Up the Cloud
Similar to Webinar Wednesday: Locking Up the Cloud (20)
More from Accellis Technology Group
More from Accellis Technology Group (8)
Recently uploaded
Recently uploaded (20)
Webinar Wednesday: Locking Up the Cloud
- 1. Locking Up The Cloud
- 2. About Accellis Technology Group Specialized IT Services Company providing • Managed IT Services • Cybersecurity & Risk Management • Software Consulting • Application Development & Integration Target market: small to mid-sized firms (5-250 users) Target verticals: legal, financial and non-profits 22 Employees in Ohio office www.accellis.com
- 7. What does this mean for me? • Encryption at Rest • BitLocker volume-level encryption • Using Advanced Encryption Standard (AES) 256-bit • Encryption in Transit • Transport Layer Security TLS 1.2 256-bit • Internet Protocol Security Ipsec • Secure Datacenters • Separation of Roles www.accellis.com
- 8. …But, what does this mean for me? • Your data is secured when stored in O365 • Your weakest link is your staff www.accellis.com
- 9. What should I do? • Password Policies • Set one up (Settings > Security and Privacy > Edit) • New NIST guidelines • Longer passwords • No password rotations (good-bye 90 days) • Enable 2 Factor Authentication • Clean house • Get a software report to see who is using what. Once you know, get ride of freeware and replace it with O365. • Training • Firm members are the weakest link when it comes to security. Make sure they have training so they can spot risks • Backup • Office 365 only stores deleted, deleted data for 30 days. After which it is unrecoverable. Also its spam and other protections are not always sufficient. We usually recommend Barracuda essentials, but other vendors have software will augment O365 as needed. www.accellis.com
- 11. Additional Controls • Sharing Options • Syncing Options • Device Access • Notifications • Retention • Supervision www.accellis.com
- 12. Thank You John H Roth II Jroth@accelis.com 216-662-3200 www.accellis.com
Editor's Notes
- I get lots of questions about the security in O365. Some are very specific regarding certifications, specific financial or health care requirements and ciphers. I’ll admit I don’t know the answer to most of them even, when asked many times. Its like asking, is speeding illegal? Yes, sure the limited and fines change but the answer is yes. Well all the O365 security questions are just different ways of asking, Is Office 365 secure? To which I answer yes, if you want the specifics, send me your requirements and I’ll get the necessary specific answers. But lets look at some specifics anyway.
- Microsoft has the most comprehensive compliance coverage in the industry. They are compliant with global standards, US Government standard, Industry standards for financial services, and healthcare, and more. They also understand that you may have unique regional requirements and They go above and beyond to ensure we support those.
- Using O365 or some other cloud document storage means you can access your documents from anywhere. Depending on the software, ALL of your documents can go with you and are searchable. If find email and mobility are one in the same. Everyone has email on their phones, but documents no so much. I still see people emailing themselves documents so they can “take it with me”. But what do you do if you forgot something? No worries with your documents in O365 you can get to all your documents from anywhere.
- Why is staff the weakest link? Well they make poor passwords, download questionable software and they can’t identify phishing attacks. So they end up letting the bad guys in unknowingly.
- The first step, and perhaps the easiest is a good password policy. With the new NIST standard you no longer need all those goofy characters and 90 day rotations. They have found this does not do much to increase security. Instead they recommend a passphrase. So instead of a pass word, you would use a pass phrase with or with out punctuation and spaces. The longer the better. I usually use a quote from a song, book or speech. Here is one example “the more you learn the more you earn!” Next I’d suggest working with IT to enable 2FA. This is a big improvement on security, but before making this change prepare your firm. I’d also suggest, if you didn’t already, getting a software report. This will show you want software is installed on what machines and you IT vendor should be able to provide this. Once in had look for things like chat tools, videos conference tools, free sync and save software etc. Once identified a plan should be put in place to remove the tool in favor of O365…usually. Some firms prefer other software. I recently worked with a firm that preferred Dropbox of OneDrive. That is fine and Dropbox is good software. But they needed to clean up free accounts, provide training and make sure their staff knew how to use the software well. If you haven’t noticed, I talk about training often. I see this as the biggest problem firms and organizations face today. We use technology every day, but we over look many of the real benefits it provides us. For example since Word came out in 2003, 15 years have passed 4 full versions and countless updates. I still see people treat Word like a typewriter. But now security is a real issue. The bad gusy know that people are the weakest link. So make sure your staff can spot phishing scams and the like. Finally, I recommend software to improve upon O365 security. This includes software that will deliver better spam filtering, advanced email security, improved archiving, backups and more. There are other vendors out there but we often recommended Barracuda Essentials for O365. Full disclosure we are a Barracuda partner. https://www.barracuda.com/products/essentials/features.
- If you’ve done the items I’ve suggested above you can go even further. O365 allows many other types of controls. For example you can limited or block users ability to share documents with people outside the firm. You can do the same for the local sync feature. You can have people notified when documents are shared with out notifying the share-er. You can even setup supervision policy's to see if or when people share SSN’s or other such information. Oh, and if I haven’t mentioned yet, setup retention polices.