Download to read offline
Uploaded byBitglass
The Security Gap: Protecting Healthcare Data in Office 365
The webinar on August 17, 2016, discusses the challenges and needs of securing healthcare data in Office 365, emphasizing the limitations of its native security features. It highlights the importance of a comprehensive security approach, including data visibility and protection, especially concerning personal health information (PHI) and bring-your-own-device (BYOD) policies. Solutions suggested include implementing centralized identity management and data loss prevention (DLP) measures, along with the use of third-party security solutions to enhance protection across devices.
More Related Content
Similar to The Security Gap: Protecting Healthcare Data in Office 365
The Security Gap: Protecting Healthcare Data in Office 365
- 1. webinar august 17 2016 the securitygap: protecting healthcare data in o365
- 2. poll: what is your biggestconcern with moving to o365?
- 3. STORYBOAR office 365 isthe leading SaaS productivity suite: market share has tripled year over year 2014 2015 google apps office 365 other 16.3% 7.7% 76% 22.8% 25.2%52%
- 4. STORYBOAR the traditional approach to securityis inadequate
- 5. STORYBOAR the office 365security stack shared responsibility model enterprise (CASB) end-user devices visibility & analytics data protection identity & access control application storage servers network
- 6. STORYBOAR healthcare security needs: mitigatingthreats while empowering users ■ Visibility and control over corporate data ■ Restrict access on unmanaged devices ■ Prevent account hacking ■ Limit external sharing
- 7.
- 8. STORYBOAR cloud and access: ■External sharing is made easier than ever with Office 365 ■ Granular access controls should be based on context (e.g. device type, user, geo) ■ DLP is critical to securing PHI in risky contexts ○ Complete security solutions should be content-aware, apply DLP at download
- 9. STORYBOAR mobile: protect data acrossall devices, managed and unmanaged ■ Demand for byod continues to rise ■ Employees have rejected mdm and mam ■ IT must securely enable access to frequently used apps
- 10. STORYBOAR identity: centralized identity managementis key to securing data ■ Cloud app identity management should maintain the best practices of on-prem identity ■ Limit potential breaches with contextual multi-factor auth for high risk logins
- 11. STORYBOAR ■ BYOD blindspot- O365 DLP is not geared toward protecting data on BYOD ■ High operational overhead - Complex to configure and maintain ■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office 2016 on PCs ■ High cost - Must have top of the line license ■ Point solution - Support focused on Office 365, what about other cloud apps? office 365 native dlp limitations
- 12. STORYBOAR casb security: a data-centricapproach o365 requires a new security architecture ■ cross-device, cross-platform agentless data security ■ real-time protection ■ limit high-risk activities like external file sharing ■ detailed logging for compliance and audit
- 13. STORYBOAR managed devices application access modedata protection unmanaged devices / byod in the cloud ● profile-agent ● VPN+IP-restriction ● DLP/DRM/encryption ● Device controls, e.g PIN ● Agentless Selective wipe ● Client apps: allow/block ● OneDrive ● Sharepoint API ● Quarantine DLP ● Block external shares ● Alert on DLP events office 365 use case real-time inline data protection on any device Legacy Auth Apps e.g Office 2010 ● Full access Modern Auth Apps e.g Office 2013+ ● profile agent ● VPN+IP-restriction ● certificates ● Full access ● Browser ● ActiveSync Mail ● Client apps ● Reverse-proxy + AJAX-VM ● ActiveSync Proxy
- 14. STORYBOAR secure office 365 + byod challenge: ■Inadequate native O365 security ■ Controlled access from any device ■ Limit external sharing ■ Interoperable with existing infrastructure, e.g. Bluecoat, ADFS solution: ■ Real-time data visibility and control powered by Citadel ■ DLP policy enforcement at upload or download ■ Quarantine externally-shared sensitive files in cloud ■ Controlled unmanaged device access via Omni fortune 50 healthcare firm
- 15. STORYBOAR challenge: ■ Existing solution,AT&T Toggle, was obsolete ■ HIPAA compliant BYOD ■ Migration path to Office 365 solution: ■ Agentless deployment ■ Preservation of employee privacy ■ DLP of PII, PCI & PHI ■ Selective wipe; device PIN & encryption ■ Improved mobility for care providers major US hospital system secure office 365 + byod
- 16.
- 17. resources: more info aboutoffice 365 security ■ whitepaper: definitive guide to casbs ■ case study: ad agency secures o365 ■ infographic: cloud adoption in healthcare
- 18.
Editor's Notes
- #3 What is your biggest concern with moving to Office 365? Visibility into how corporate data is being used Control over access to data Encryption of sensitive data Potential for breaches Something else
- #5 The old approach to the problem is to secure the infrastructure. Historically this has been where the spend for large organizations has been. Secure your network, put agents on every trusted device to manage the device etc. Fact is that the "trusted device" approach makes you more vulnerable to breaches since users take their devices home for the weekend, and come back infected on monday. Malware Mondays! Issues with this approach - cumbersome. expensive to administer since you have to manage every device and network. And usability is poor too, especially when it comes to mdm One of the big problems with this architecture -- unmanaged devices accessing the cloud directly. No visibility or control for IT teams. Complex to deploy/ Poor user experience/ Data-sync proliferation/ BYOD blindspot
- #8 we think CASBs provide a better approach to cloud security. It starts with discovery.
- #10 “By 2018, more than half of all bring your own device (BYOD) users that currently have an MDM agent will be managed by an agentless solution” - Gartner Inseparable
- #15 Competition: Skyhigh, Netskope, Adallom
- #17 in: CA, NY, MA, IL, N Founded: Jan 2013/ HQ: Campbell, CA/ Employees: 50/ Funding: $35M, Tier 1 Venture Capital Firms