SlideShare a Scribd company logo

Protecting Your Data In Office 365

Download as PPTX, PDF
Elastica Inc.
Elastica Inc.

Office 365 revolutionized how employees work and collaborate by embracing the power of the software-as-a-service (SaaS) model. While the easy deployment and broad access of Office 365 makes it invaluable to business productivity, a SaaS model adds increased risk of malicious or accidental leakage of business-critical data. In this webinar Protect Your Data in Office365 you will learn to: Understand how Office 365 is being used by your users Identify sensitive content (like payment information, healthcare records, source code, or other types of data) being shared Uncover risky or anomalous behavior by rogue insiders Automate protection against Office 365 data breaches, minimize false positives, and eliminate the constant retuning of data classification policies. Watch the on-demand webcast at https://www.elastica.net/protect-your-data-in-office365/

Technology
1 of 18
PROTECTING YOUR DATA IN OFFICE 365
Office 365 Security 2 Cloud apps are becoming an essential part of business Cost effective Remote access Agility and speed Improved Productivity Better collaboration
...That result from your unauthorized action or lack of action when required, or from your employees, agents, contractors, or vendors, or anyone gaining access to our network by means of your passwords or equipment, or otherwise resulting from your failure to follow appropriate security practices... Microsoft’s Policy Microsoft will not take responsibility for your user behavior (or security of your infrastructure or users). (the fine print) Security In The Cloud is a Shared Responsibility Office 365 Security 3
4 What could go wrong? • 1.34% of accounts were compromised • Compromised means: account takeover, rogue (bad actor) insider, malicious data destruction, etc. • Report highlighted threshold triggers (static) and anomalous behavior (data science) — just a sample out of 60+ factors • This malicious activity would apply regardless of SaaS app or storage provider used, even Office 365/OneDrive From Elastica’s Q2 2015 Shadow Data Report: Malicious Use % of total compromised accounts Office 365 Security
90%of organizations lost sensitive data via file sharing Shadow Data Use of sanctioned apps in unsanctioned ways average cost of data breach for storage SaaS providers/company Shadow Data All the potentially risky data exposures lurking in sanctioned cloud apps, due to lack of knowledge of the type of data being uploaded, and how it is being shared. This can directly lead to compliance violations or sensitive data loss. Shadow IT All the potentially risky unsanctioned Cloud Apps used in your organization, without the knowledge of IT. Source: Elastica Q2 2015Source: Ponemon $13.8M What is Shadow Data? Office 365 Security
Who Controls Sharing? Sharing has become democratized (no longer top-down controls) Even file owners no longer fully control how their files are shared Alice shares a file with Bob Bob shares that file publicly without Alice’s knowledge Shadow Data Goes Viral Office 365 Security
files per user are broadly shared (average) 12.5 %contain compliance related data Shadow Data 25%Of total files stored in the cloud per user (average) of these files Office 365 Security
Email • S/MIME • SSL • A/V Scanning Leverage O365 email to another email that supports S/MIME. However, you are also encrypting infected file attachments. 8 What about protection for: ▪ Non MSFT Users ▪ BYOD (non- Windows Mobile) ▪ SaaS apps/storage ▪ Contractors ▪ Vendors/Suppliers ▪ Malware/Botnets ▪ EU Directives At-Rest Data • CCM/SOC certifications • Process/infrastructur e • “Lockbox” Storage and handling data (at rest) defined by various certifications. However, does not apply to docs and data leaving O365 servers (your destination, your computer). Doc. Control • IMS/RMS • Containers • Pre-file crypto Build a security wrapper around documents. But requires same O/S and agent on both sides. Requires special client. Scope of Office 365 Security Office 365 Security
9 Office 365 provides base security, but you still need… User visibility and control Analysis of risky behavior Automated classification Data protection / attack mitigation REQUIREMENT BECAUSE HOW Compliance mandates require identification of sensitive data Users are the biggest threat that can bypass your security controls This is not readily seen just by A/V scanning or APT systems Before, during, and after a breach requires fast response Leverage data science to automatically understand content without involving humans Real-time awareness of access and actions Per user-graph of “normal” behavior vs. risky behavior Complete lifecycle solution Office 365 Security
Alice Shared Payroll.docx with Bob Using Office 365 ? ? ? ? ?? Alice is an External Collaborator From an Unmanaged Device The File Contains PII Risk From an Anomalous Location But it’s not that simple Data Visibility and Control Office 365 Security
Data Science Powered™ CLOUD APP SECURITY beforeduringafter Office 365 Security
External and public content exposures, including compliance risks Inbound risky content shared with employees (e.g. malware, IP, etc) Risky users and user activities Get a Free Shadow Data Risk Assessment Office 365 Security
Thank You! Take the free Shadow Data Risk Assessment Visit us to learn how you can find risks and protect critical content in your file sharing apps. Elastica.net
Granular Event Extraction StreamIQ™ Inspect (even in SSL traffic) and determine specific actions being taken— all in real-time.
Slideshow Title 15 Every time you adopt a new technology, you have to secure it You wouldn’t run your business without email… …and you wouldn’t use email without security As business adopts cloud apps… …you must secure them
Automatically classify, detect and remediate content uploaded to cloud apps
17 Who Controls Sharing? Alice shares a file with Bob Shadow Data Goes Viral —No Way! You Do Office 365 Security
Who Controls Sharing? Even file owners no longer fully control how their files are shared Alice shares a file with Bob Bob shares that file publicly without Alice’s knowledge Shadow Data Goes Viral— No Way! Office 365 Security

Recommended

Reasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldReasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy World
Elastica Inc.
 
How to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxHow to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within Box
Elastica Inc.
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data Exposed
Elastica Inc.
 
Protecting your Data in Google Apps
Protecting your Data in Google AppsProtecting your Data in Google Apps
Protecting your Data in Google Apps
Elastica Inc.
 
Shadow Data Exposed
Shadow Data ExposedShadow Data Exposed
Shadow Data Exposed
Elastica Inc.
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for Business
Elastica Inc.
 
Brochure forcepoint dlp_en
Brochure forcepoint dlp_enBrochure forcepoint dlp_en
Brochure forcepoint dlp_en
Seenee Permal, CISA, CISM
 
Top 5 Information Security Lessons Learned from Transitioning to the Cloud
Top 5 Information Security Lessons Learned from Transitioning to the CloudTop 5 Information Security Lessons Learned from Transitioning to the Cloud
Top 5 Information Security Lessons Learned from Transitioning to the Cloud
Forcepoint LLC
 

Recommended

Reasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldReasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy World
Elastica Inc.
 
How to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxHow to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within Box
Elastica Inc.
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data Exposed
Elastica Inc.
 
Protecting your Data in Google Apps
Protecting your Data in Google AppsProtecting your Data in Google Apps
Protecting your Data in Google Apps
Elastica Inc.
 
Shadow Data Exposed
Shadow Data ExposedShadow Data Exposed
Shadow Data Exposed
Elastica Inc.
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for Business
Elastica Inc.
 
Brochure forcepoint dlp_en
Brochure forcepoint dlp_enBrochure forcepoint dlp_en
Brochure forcepoint dlp_en
Seenee Permal, CISA, CISM
 
Top 5 Information Security Lessons Learned from Transitioning to the Cloud
Top 5 Information Security Lessons Learned from Transitioning to the CloudTop 5 Information Security Lessons Learned from Transitioning to the Cloud
Top 5 Information Security Lessons Learned from Transitioning to the Cloud
Forcepoint LLC
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
Qualys
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
MarketingArrowECS_CZ
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
Thread Legal
 
Bitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass
 
Making Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar SlidesMaking Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar Slides
Netskope
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
OneLogin
 
Should You Be Automating
Should You Be AutomatingShould You Be Automating
Should You Be Automating
Siemplify
 
Driving the successful adoption of Microsoft Office 365
Driving the successful adoption of Microsoft Office 365Driving the successful adoption of Microsoft Office 365
Driving the successful adoption of Microsoft Office 365
Forcepoint LLC
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
Raffa Learning Community
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Microsoft
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Qualys
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
Happiest Minds Technologies
 
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Bitglass
 
Bitglass Webinar - Top 6 CASB Use Cases
Bitglass Webinar - Top 6 CASB Use CasesBitglass Webinar - Top 6 CASB Use Cases
Bitglass Webinar - Top 6 CASB Use Cases
Bitglass
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Robert Crane
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
CloudLock
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
David J Rosenthal
 
Practice case legal for data professional
Practice case legal for data professionalPractice case legal for data professional
Practice case legal for data professional
Novita Sari
 
Schnellstartanleitung: Ein Leitfaden zur Einrichtung des Hootsuite Dashboard
Schnellstartanleitung: Ein Leitfaden zur Einrichtung des Hootsuite DashboardSchnellstartanleitung: Ein Leitfaden zur Einrichtung des Hootsuite Dashboard
Schnellstartanleitung: Ein Leitfaden zur Einrichtung des Hootsuite Dashboard
Hootsuite
 
ORTC Library - Introduction
ORTC Library - IntroductionORTC Library - Introduction
ORTC Library - Introduction
Erik Lagerway
 

More Related Content

What's hot

Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
Qualys
 
Making Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar SlidesMaking Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar Slides
Netskope
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Qualys
 
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Bitglass
 

What's hot (20)

Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
 
Bitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud Security
 
Making Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar SlidesMaking Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar Slides
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
Should You Be Automating
Should You Be AutomatingShould You Be Automating
Should You Be Automating
 
Driving the successful adoption of Microsoft Office 365
Driving the successful adoption of Microsoft Office 365Driving the successful adoption of Microsoft Office 365
Driving the successful adoption of Microsoft Office 365
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
 
Bitglass Webinar - Top 6 CASB Use Cases
Bitglass Webinar - Top 6 CASB Use CasesBitglass Webinar - Top 6 CASB Use Cases
Bitglass Webinar - Top 6 CASB Use Cases
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
Practice case legal for data professional
Practice case legal for data professionalPractice case legal for data professional
Practice case legal for data professional
 

Viewers also liked

ORTC Library - Introduction
ORTC Library - IntroductionORTC Library - Introduction
ORTC Library - Introduction
Erik Lagerway
 

Viewers also liked (15)

Schnellstartanleitung: Ein Leitfaden zur Einrichtung des Hootsuite Dashboard
Schnellstartanleitung: Ein Leitfaden zur Einrichtung des Hootsuite DashboardSchnellstartanleitung: Ein Leitfaden zur Einrichtung des Hootsuite Dashboard
Schnellstartanleitung: Ein Leitfaden zur Einrichtung des Hootsuite Dashboard
 
ORTC Library - Introduction
ORTC Library - IntroductionORTC Library - Introduction
ORTC Library - Introduction
 
OneDrive for Business: Much More Than a File Share
OneDrive for Business: Much More Than a File ShareOneDrive for Business: Much More Than a File Share
OneDrive for Business: Much More Than a File Share
 
How StorageMart Succeeds in Global & Local Search
How StorageMart Succeeds in Global & Local SearchHow StorageMart Succeeds in Global & Local Search
How StorageMart Succeeds in Global & Local Search
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecurityGet Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
Symantec Appliances Strategy Launch
Symantec Appliances Strategy LaunchSymantec Appliances Strategy Launch
Symantec Appliances Strategy Launch
 
Symantec - State of European Data Privacy
Symantec - State of European Data PrivacySymantec - State of European Data Privacy
Symantec - State of European Data Privacy
 
SharePoint Site Collections - Best Practices and Recommendations
SharePoint Site Collections - Best Practices and RecommendationsSharePoint Site Collections - Best Practices and Recommendations
SharePoint Site Collections - Best Practices and Recommendations
 
OneDrive for Business Best Practices
OneDrive for Business Best PracticesOneDrive for Business Best Practices
OneDrive for Business Best Practices
 
An Abusive Relationship with AngularJS
An Abusive Relationship with AngularJSAn Abusive Relationship with AngularJS
An Abusive Relationship with AngularJS
 
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningTackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
 
Physics of Fast Graphics
Physics of Fast GraphicsPhysics of Fast Graphics
Physics of Fast Graphics
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of Work
 

Similar to Protecting Your Data In Office 365

En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdata
Online Business
 
Atelier Technique - Symantec - #ACSS2019
Atelier Technique - Symantec - #ACSS2019Atelier Technique - Symantec - #ACSS2019
Atelier Technique - Symantec - #ACSS2019
African Cyber Security Summit
 

Similar to Protecting Your Data In Office 365 (20)

Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
 
Information protection & classification
Information protection & classificationInformation protection & classification
Information protection & classification
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and compliance
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 security
 
CIO Forum June Microsoft.pdf
CIO Forum June Microsoft.pdfCIO Forum June Microsoft.pdf
CIO Forum June Microsoft.pdf
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
Microsoft 365 | Modern workplace
Microsoft 365 | Modern workplaceMicrosoft 365 | Modern workplace
Microsoft 365 | Modern workplace
 
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdata
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1
 
Prevención de la pérdida de datos (DLP) con O365
Prevención de la pérdida de datos (DLP) con O365Prevención de la pérdida de datos (DLP) con O365
Prevención de la pérdida de datos (DLP) con O365
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365
 
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security
 
Atelier Technique - Symantec - #ACSS2019
Atelier Technique - Symantec - #ACSS2019Atelier Technique - Symantec - #ACSS2019
Atelier Technique - Symantec - #ACSS2019
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 

Recently uploaded

In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 

Recently uploaded (20)

In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 

Protecting Your Data In Office 365

  • 2. Office 365 Security 2 Cloud apps are becoming an essential part of business Cost effective Remote access Agility and speed Improved Productivity Better collaboration
  • 3. ...That result from your unauthorized action or lack of action when required, or from your employees, agents, contractors, or vendors, or anyone gaining access to our network by means of your passwords or equipment, or otherwise resulting from your failure to follow appropriate security practices... Microsoft’s Policy Microsoft will not take responsibility for your user behavior (or security of your infrastructure or users). (the fine print) Security In The Cloud is a Shared Responsibility Office 365 Security 3
  • 4. 4 What could go wrong? • 1.34% of accounts were compromised • Compromised means: account takeover, rogue (bad actor) insider, malicious data destruction, etc. • Report highlighted threshold triggers (static) and anomalous behavior (data science) — just a sample out of 60+ factors • This malicious activity would apply regardless of SaaS app or storage provider used, even Office 365/OneDrive From Elastica’s Q2 2015 Shadow Data Report: Malicious Use % of total compromised accounts Office 365 Security
  • 5. 90%of organizations lost sensitive data via file sharing Shadow Data Use of sanctioned apps in unsanctioned ways average cost of data breach for storage SaaS providers/company Shadow Data All the potentially risky data exposures lurking in sanctioned cloud apps, due to lack of knowledge of the type of data being uploaded, and how it is being shared. This can directly lead to compliance violations or sensitive data loss. Shadow IT All the potentially risky unsanctioned Cloud Apps used in your organization, without the knowledge of IT. Source: Elastica Q2 2015Source: Ponemon $13.8M What is Shadow Data? Office 365 Security
  • 6. Who Controls Sharing? Sharing has become democratized (no longer top-down controls) Even file owners no longer fully control how their files are shared Alice shares a file with Bob Bob shares that file publicly without Alice’s knowledge Shadow Data Goes Viral Office 365 Security
  • 7. files per user are broadly shared (average) 12.5 %contain compliance related data Shadow Data 25%Of total files stored in the cloud per user (average) of these files Office 365 Security
  • 8. Email • S/MIME • SSL • A/V Scanning Leverage O365 email to another email that supports S/MIME. However, you are also encrypting infected file attachments. 8 What about protection for: ▪ Non MSFT Users ▪ BYOD (non- Windows Mobile) ▪ SaaS apps/storage ▪ Contractors ▪ Vendors/Suppliers ▪ Malware/Botnets ▪ EU Directives At-Rest Data • CCM/SOC certifications • Process/infrastructur e • “Lockbox” Storage and handling data (at rest) defined by various certifications. However, does not apply to docs and data leaving O365 servers (your destination, your computer). Doc. Control • IMS/RMS • Containers • Pre-file crypto Build a security wrapper around documents. But requires same O/S and agent on both sides. Requires special client. Scope of Office 365 Security Office 365 Security
  • 9. 9 Office 365 provides base security, but you still need… User visibility and control Analysis of risky behavior Automated classification Data protection / attack mitigation REQUIREMENT BECAUSE HOW Compliance mandates require identification of sensitive data Users are the biggest threat that can bypass your security controls This is not readily seen just by A/V scanning or APT systems Before, during, and after a breach requires fast response Leverage data science to automatically understand content without involving humans Real-time awareness of access and actions Per user-graph of “normal” behavior vs. risky behavior Complete lifecycle solution Office 365 Security
  • 10. Alice Shared Payroll.docx with Bob Using Office 365 ? ? ? ? ?? Alice is an External Collaborator From an Unmanaged Device The File Contains PII Risk From an Anomalous Location But it’s not that simple Data Visibility and Control Office 365 Security
  • 11. Data Science Powered™ CLOUD APP SECURITY beforeduringafter Office 365 Security
  • 12. External and public content exposures, including compliance risks Inbound risky content shared with employees (e.g. malware, IP, etc) Risky users and user activities Get a Free Shadow Data Risk Assessment Office 365 Security
  • 13. Thank You! Take the free Shadow Data Risk Assessment Visit us to learn how you can find risks and protect critical content in your file sharing apps. Elastica.net
  • 14. Granular Event Extraction StreamIQ™ Inspect (even in SSL traffic) and determine specific actions being taken— all in real-time.
  • 15. Slideshow Title 15 Every time you adopt a new technology, you have to secure it You wouldn’t run your business without email… …and you wouldn’t use email without security As business adopts cloud apps… …you must secure them
  • 16. Automatically classify, detect and remediate content uploaded to cloud apps
  • 17. 17 Who Controls Sharing? Alice shares a file with Bob Shadow Data Goes Viral —No Way! You Do Office 365 Security
  • 18. Who Controls Sharing? Even file owners no longer fully control how their files are shared Alice shares a file with Bob Bob shares that file publicly without Alice’s knowledge Shadow Data Goes Viral— No Way! Office 365 Security