Migrating to Office 365 introduces several new avenues for data leakage: one-click sharing, desktop sync clients, unmanaged device access, and more. Particularly risky for organizations subject to compliance mandates. In this webinar, we'll detail the security gaps in Office 365 and explore how new approaches to cloud security can help mitigate the threat of data leakage with real-world use cases. Join our webinar to find out which questions you should be asking about Office 365 security.
2. STORYBOAR
office 365 is the leading SaaS productivity suite:
deployed in over a third of organizations, office 365 is
2015
google apps
office 365
other
16.3%
7.7%
76%
22.8%
25.2%
52%
40.7%
24.5%
34.8%
2016
3. STORYBOAR
1. what is your responsibility in protecting data?
enterprise
(CASB)
end-user devices
visibility & analytics
data protection
identity & access control
application
storage
servers
network
3
4. STORYBOAR
2. do you need to protect O365 data end-to-end?
■ Cloud data doesn’t exist only “in Office
365”
■ Requirements for a complete solution
○ Granular access control
○ Visibility
○ DLP
5. STORYBOAR
■ BYOD blindspot - O365 DLP is not geared toward protecting data on BYOD
■ High operational overhead - Complex to configure and maintain
■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office 2016 on
PCs
■ High cost - Must have top of the line license
■ Point solution - Support focused on Office 365, what about other cloud apps?
office 365 native dlp:
complex, costly, and doesn’t work across apps
6. STORYBOAR
3. can we control access from both managed & unmanaged
devices?
API-based controls
● Protect data-at-rest
Proxy-based controls
● At access, apply DLP protection to data
● Control access to Office 365
7. STORYBOAR
4. do I need real-time visibility and control?
■ Apply granular DLP to data-at-rest and upon access
■ Context-awareness should distinguish between users,
managed and unmanaged devices, and more
■ Flexible policy actions (DRM, quarantine, remove
share, etc) required to mitigate overall risk
8. STORYBOAR
5. how can you protect against unauthorized access?
■ Cloud app identity management should
maintain the best practices of on-prem
identity
■ Cross-app visibility into suspicious access
activity with actions like step-up multifactor
authentication
9. STORYBOAR
1. what is your responsibility in protecting data?
2. do you need to protect cloud data end-to-end?
3. can you control access from both managed & unmanaged devices?
4. do you need real-time visibility and control?
5. can you protect against unauthorized access?
recap: 5 questions to ask when deploying Office 365
10. STORYBOAR
managed
devices
application access mode data protection
unmanaged
devices &
mobiles
in the cloud
● profile-agent
● VPN+IP-restriction
● DLP/DRM/encryption
● Device controls, e.g PIN
● Agentless Selective wipe
● Client apps: allow/block
● OneDrive
● Sharepoint
● API
● Quarantine DLP
● Block external shares
● Alert on DLP events
office 365 use case:
real-time inline data protection on any device
Legacy Auth Apps
e.g Office 2010
● Full access
Modern Auth Apps
e.g Office 2013+
● profile agent
● VPN+IP-restriction
● certificates
● Full access
● Browser
● ActiveSync Mail
● Client apps
● Reverse-proxy + AJAX-VM
● ActiveSync Proxy
10
12. STORYBOAR
client
■ 180,000 employees
■ Among the largest US healthcare orgs
challenge
■ HIPAA Compliant cloud and mobile
■ Controlled access to Office 365 from managed &
unmanaged devices
■ Control external sharing
■ Real-time inline data protection
solution
■ Real-time inline protection on any device
■ Contextual access control on managed &
unmanaged devices (Omni)
■ Real-time DLP on any device
■ API control in the cloud
■ Agentless BYOD with selective wipe
■ Enterprise-wide for all SaaS apps
secure
office 365
+ byod
major
healthcare
firm
13. STORYBOAR
secure
salesforce +
office 365
13
client
■ 20,000 employees
■ Global presence
■ $6T in assets under management
challenge
■ Needed complete CASB for enterprise-wide
migration to SaaS
■ Security for Office 365
■ Encryption of data-at-rest in Salesforce
solution
■ Searchable true encryption of data in Salesforce
■ Real-time inline DLP on any device (Citadel)
■ Contextual access control on managed &
unmanaged devices (Omni)
■ API control in the cloud
■ Discover breach & Shadow IT
financial
services
client
The problem organizations like your face is that cloud and mobile drive data beyond the firewall, leaving traditional security technologies ineffective.
If an employee connects from her personal iPad, over a public network, to a cloud app like Office 365, there is nothing your next-gen firewall, secure web gateway, DLP, or any other premises-based security product can do to protect that transaction.