Whether you’ve already deployed Office 365 or have plans to, security considerations around moving your business-critical apps to the cloud are paramount. From Exchange, Yammer, and SharePoint to OneDrive and the Administrator Portal, monitoring activity and securing access is critical to mitigating threats and protecting confidential data.
3. Who is Skyfence?
Gartner WAF MQ: Imperva is alone as the “Leader”
What we do
Enable organizations safe and productive use of corporate SaaS applications
Why it’s relevant
The cloud app trend has created a visibility and control blind spot for IT that cannot be addressed by traditional controls
Now part of Imperva (NYSE: IMPV)
Acquired by Imperva February 2014 for $60M Imperva Background
Founded in 2002
650+ employees
Customers in 75+ countries
4000+ Enterprise Customers
Highest returning IPO of 2011
4. Data Proliferation and the Shadow IT Blind Spot
Customer-Facing Applications
Moving to IaaS or PaaS providers
Employee-Facing Applications
are SaaS and Cloud Apps
Traditional Data Center
Authorized & Unauthorized Apps
For 2013, the worldwide public cloud services reached a total market size of $45.7 billion, and is growing over 20%/year
5. The Security Gap for SaaS Applications
Authorized Apps
Unauthorized Apps
6. Popular Cloud Applications and Use Cases Secure Office 365 Users Endpoint access control Monitor & control uploads and downloads Prevent account takeover Collaboration and File Sharing Visibility over sharing of unstructured data Data security Manage AWS Console Users Risk based strong authentication Blocking/controlling certain high risk actions Prevent account takeover Line of Business Apps Sanctioned and unsanctioned Over 5000 apps supported
8. Office 365 Challenges and Risks Visibility and Control over Office 365 Users and Admins Lack of endpoint access control including control of BYOD Monitoring actions of users and admins across Exchange, SharePoint, OneDrive, CRM and BI Apps, Admin Portal and more… Detect malicious behavior and credential theft – respond proactively
Users, Admins and Cyber Criminals
Lack of monitoring and control of data flows
Takeover of user and admin accounts
BYOD access to Office 365 resources
Office 365 Risks
•No visibility into file and folder use
•Loss of sensitive data residing in Office 365 storage
•No control over which devices, managed and unmanaged, can access Office 365
•Complexity of MDM integration across all O365 components
•Preventing targeted attacks against email accounts (CEO, CFO, etc.)
9. Must Have Capabilities for Securing Office 365 5. Management of Privileged Accounts 1. User Access Control & Strong Authentication 3. Account Takeover Protection 2. Mobile Access and Endpoint Controls 4. Control Data & Manage Unauthorized File Sharing
10. 1. User Access Control Consistent visibility & logs across all Office 365 activity
•One central point for event logs for Exchange, Lync, Yammer, SharePoint, OneDrive, Dynamic CRM, Power BI and Office 365 Admin Portal Control user access to Office 365
•Active directory integration provides contextual data allowing departmental and responsibility based controls Risk based strong authentication for critical activities
•Require two-factor authentication for all logins, based on endpoint type (managed or unmanaged)
•Require two-factor identify verification based on behavioral context triggering threat, risk or access policy violation
1
11. 2. Mobile Access and Endpoint Controls Control access to Office 365
•Unmanaged endpoints can be blocked completely or selectively to block downloads and data modifications Enable MDM integration across all Office 365 components
•One central point for MDM integration across Exchange, Lync, Yammer, SharePoint, OneDrive, Dynamic CRM, Power BI and Office 365 Admin Portal Context aware strong authentication
•Require two-factor authentication for all logins, based on endpoint type (managed or unmanaged)
•Require two-factor identify verification based on behavioral context triggering threat, risk or access policy violation
2
12. 3. Account Takeover Protection Detect and prevent Account Takeover (ATO)
•Stops the consequences of account takeover by detecting suspicious behavior that signals an account takeover
•Respond in real-time to block access or request stronger identity verification with out-of-band one-time passwords Monitor privileged user activity
•Anomalous admin access to mail account management is detected
3
13. 4. Monitor and Control Document Collaboration & Sharing Monitor all document flows to and from endpoints accessing Office 365 cloud storage (OneDrive, SharePoint)
•Monitor who is uploading, downloading and sharing which files and folders
•Restrict editing to online documents only, prevent document downloads Control which endpoints can upload, download or share files
•Use granular policies to ensure control over files and folders (e.g. block downloads to unmanaged endpoints, restrict sharing of directories with sensitive information) Require online editing of documents from unmanaged endpoints
•Restrict editing to online documents only, prevent users from downloading documents
4
14. 5. Management of Privileged Accounts & Admins Control access to Office 365 Management web portal
•Granular role based access for SysAdmins Log all administrative activities Require strong authentication for privileged activities
5
15. Deployment for Office 365
(1)Client authenticates via native application, thru IdP initiated or SP initiated
•Auto-Discovery
•Active-sync
•Mobile thick apps
(2) Skyfence Gateway proxies user requests to application. Skyfence analyzes the activities, logs events, challenge or block policy violations.
(3) Application responds to Skyfence Gateway requests providing access
Identity Provider (SSO infra)
16. Visibility and Control for Office 365 Apps
Corporate employees, mobile workers and hackers
Office 365 Applications Discover Rogue Collaboration and File Sharing Apps & Shadow IT User Access Control with Risk Based , Multi-factor Authentication Endpoint Access Control
Monitor Activity of All Users & Administrators Integrate Office 365 Analytics with SIEM Prevent Account Takeover Attacks to Protect O365 Data
17. Metro Bank Uses Skyfence to Secure Office 365 Apps Background Fast Growing UK-based Bank 1400 Users relying on Office 365 Apps such as Email, Sharepoint, Yammer and One Drive
Challenges Many colleagues/employees require remote access to Office 365 apps Native “ip fencing” was ineffective at controlling BYOD access Required non-intrusive approach – no impact to end users Integrate with existing Airwatch MDM deployment Solution Benefits Global enforcement of access controls Consistent, detailed and clear visibility into all cloud app activity PCI DSS compliance for cloud access outside of the organization Rapid and simple deployment in the cloud
18. Next Steps: Free Cloud App Discovery for Businesses
Scan
1
Review Results
2
Corporate Network
Discovered Apps
Cloud Discovery Tool
LOG Files
Firewall / Web Proxy Free Download: For Windows and Mac Scans Web Proxy, SIEM and Firewall logs Quantify apps, users, activities & risk Includes free online support and Knowledge Base www.skyfence.com/free
How Does It Work?