office 365 security and compliance it’s getting cloudy out...
TRANSCRIPT
Robert Brzezinski, CHPS, CISA
BizWit LLC
Information Security Risk Management
www.bizwit.us
Office 365 Security and ComplianceIt’s getting cloudy out there!
Office 365 Security and Compliance
1. Understand Office 365 security and
compliance
2. Satisfy business, security and compliance
needs
3. Verify configuration
4. Define audit scope
5. Focus On Security
and avoid compliance myopia.
Office 365 Security and Compliance
1. How hackers break in?
2. Office 365 and Federal regulations?
3. Email protection
4. Protecting data and collaboration
environment
5. Protecting user credentials
6. Meeting Compliance requirements
7. Is the Cloud right for you?
Office 365 Security and Compliance
Copyright 2016 John Klossner, www.jklossner.com
Security Priorities and Office 365
Protection of Sensitive Data - # 1 driver for security spending (SANS)
Regulatory Compliance - # 2 driver for security spending (SANS)
Security Priorities and Office 365
Source: Verizon 2016 Data Breach Investigation Report (DBIR) Threats and Security Incidents
Insider and Privilege Misuse - Actors
FBI – Business Email Compromise 2013-15Exposed Dollars Loss $800 M – $1.2 B
How hackers break in? Security priorities and Office 365
• Phishing / Malware
• Malicious website
• Compromised credentials
• Email mistakes
• Lost data or device
• Compromised data
• Compromised credentials
• Privilege misuse
Office 365 Trust Center - Compliance with federal regulations
Top 10 compliance standards of Office 365:
HIPAA, FedRAMP/FISMA, SSAE16, GLBA, PIPEDA,
FERPA, EU, ISO 27001
Office 365 receives FedRAMP Authority to Operate (ATO) from HHS OIG
FBI CJIS Addendum
Office 365 listed in CSA Security, Trust & Assurance
Registry (STAR)
Office 365 Protection of Sensitive data
• Malware / malicious links / ransom
• Connection / IP: white, black
and safe list
• Anti-spoofing technologies: DMARC & DKIM, SPF
• Trusted domains / connectors
Protecting Inbound Email
Exchange Online Protection (EOP)
Advanced Threat Protection (ATP)
Phishing & Malware
Office 365 Protection of Sensitive data
• Malware + / Flag external
• Data Loss Prevention (DLP)• Encryption / decryption• Secure attachments
• Email supervisory workflow• Incident reporting
Protecting Outbound Email and Data
Mail flow rules
Mobile device access
Miscellaneous Errors
Office 365 Protection of Sensitive data
DLP & Encryption
Office 365 Email Compliance
• Data Loss Prevention (DLP)• eDiscovery• Litigation Hold• Retention policies• Archiving• Auditing reports
• Non-owner mailbox access
• Admin and external admin log
• Configuration changes by admin
• Admin role group changes
Privilege Misuse
Office 365 Protection of Sensitive data
Protecting Data - SharePoint Collaboration
Sites Architecture• Data Containers / Logical Separation
Permissions and sharing• Very granular permissions
• External sharing blocking
Data Loss Prevention (DLP) & Alerting• SharePoint / OneDrive and Exchange
• Malware scanning
• Alerts for e.g. content changesMiscellaneous
Errors
Office 365 Protection of Sensitive data
Protecting Data with Rights Management Services
• Encrypt attachments• Limit access and editing
capabilities
• Manage content expiry• View document use
Information Rights Management for
SharePoint and for Desktop / Email
• Protect / encrypt documents in place (on laptop)
Miscellaneous Errors
Office 365 Protection of Sensitive data
Rights Management Services (RMS)
Office 365 SharePoint Compliance
• Data Loss Prevention (DLP)• eDiscovery• Retention policies & Archiving• Auditing reports
• Editing or viewing content
• Editing users and permissions
• Office 365 audit log
Rights Management Services / Information Rights Management
Privilege Misuse
Miscellaneous Errors
Office 365 Protection of Sensitive Data
Protecting User Credentials - Security Configuration
User management in Office 365• Admin, licensing and self-service
• Azure AD (Active Directory)• Synchronization
• Authentication & notification
• IP ranges
• Multifactor Authentication (MFA)• AzureAD Identity Protection• Azure Privileged Identity Protection
Privilege Misuse
Miscellaneous Errors
Office 365 Protection of Sensitive Data
Protecting User Credentials - Alerting & Reporting
Privilege Misuse
Miscellaneous Errors
User access monitoring • Sign ins from unknown sources • Sign ins from IP addresses with
suspicious activity • Users with anomalous sign in • Password reset activity
• AzureAD Identity Protection• Azure Privileged Identity Protection
Office 365 Protection of Sensitive Data
Auditing & Reporting
• Exchange audit reports• Protect admins
• Mail protection report - operations
• SharePoint reports• PowerShell
• Office 365 audit log reports
• Azure AD reports + premium
Office 365 Compliance
Office 365 audit log reports• File and folder activity e.g. downloaded files
• Sharing activities
• Synchronization
• ….
• Site administration
• Exchange mailbox activities
• User administration
Auditing & Reporting
Office 365 Security & Compliance
Office 365 Security & Compliance
Security• Email protection – anti-phishing, anti-spoofing
• Data protection – DLP, RMS, encryption
• User access security controls - Azure AD, MFA
• Operational and security alerts and reporting
Compliance• eDiscovery, Legal Hold, DLP, auditing / reporting
• Regulatory compliance – BAA, FedRAMP, CSA
Core for building information security strategy
PRIORITY
Office 365 Security & Azure Services
THREAT INTELLIGENCE - SIEM
Office 365 Security & Compliance
Robert Brzezinski, CHPS, CISA
BizWit LLC
Information Security Risk Management
www.bizwit.us
Copyright 2016 John Klossner, www.jklossner.com