Safely Enabling Office 365

Seth Hammerman, CISSP Director Channels West

© 2015 Netskope. All Rights Reserved. 2

Office 365 is experiencing strong growth

* April 2015 Microsoft earnings call** http://mspartner.microsoft.com

•Added 3.2 million subscribers in Q3, 2015*

•35 percent growth quarter-over-quarter*

•60% of Fortune 500 is on Office 365**

12.4 million+ subscribersand growing strong

© 2015 Netskope. All Rights Reserved. 3

Anytime, anywhere access is good for users, but IT needs to safely enable Office 365

CreateDelete

DownloadEdit

Login AttemptLogin Failed

Login SuccessfulLogout

PostShare

UploadView

View All

Office 365 users (on-campus, mobile, remote)

© 2015 Netskope. All Rights Reserved.

Keys to Safely Enabling Office 365

4

Policy and Access Control

Risk ManagementAnomaly Detection

Forensics

Data Governance

Access and Policy ControlBest Practices for O365

Extend Access and Usage Policies to O365

Right-Size your Admin Privileges

Extend Single Sign On

Enforce detailed Usage policies

Coach Users

Log ALL activity for both Users and Admins

Consider Mobile access in every access and usage policy –

40% of all Cloud app traffic is from Mobile Devices

© 2015 Netskope. All Rights Reserved. 7

Lack of control presents a risk• Users with unfettered access to all data from

anywhere on any device presents a security challenge

• No distinction between users accessing Office 365 from personal or corporate device

• Sharing in the cloud is easy. Sharing sensitive data publicly in the cloud is just as easy

• Office 365 admin access to read everyone’s email could present a privacy issue

• Difficult to coach users away from unsanctioned cloud apps to Office 365

© 2015 Netskope. All Rights Reserved. 8

Criteria for controlling access

OU and Active Directory informationManaged vs. Unmanaged devicesGeographic and Network LocationExternal CollaboratorsAdmin privileges

Access Control

© 2015 Netskope. All Rights Reserved. 9

Act

Coach users that attempt uploads from one app to another (ex: OneDrive to DropBox)Don’t share files from OneDrive outside the CompanyBlock upload of PII attachments in Outlook, but allow other attachmentsEncrypt all PCI in Yammer regardless of when uploadedAlert on any downloads from OneDrive to a mobile device

Contextual Policies

© 2015 Netskope. All Rights Reserved. 10

Create transparency through coaching

• Let users know when they are out of policy

• Coach users with customizable, automated messages

• Steer them to Office 365 when they attempt to use an unsanctioned app

Data GovernanceBest Practices in O365

Protect data in Office 365 and its Ecosystem

Find and secure sensitive content in Office 365 apps, whether it was uploaded today or two years ago.

Identify sensitive content on its way to or from an O365 app or any of its ecosystem apps, especially OneDrive

Protect Data across your O365 Ecosystem. When you enforce DLP policies in O365, extend those policies across all the apps in the Suite, plus those outside apps that integrate with O365

© 2015 Netskope. All Rights Reserved. 13

Unanswered questions around data governance in Office 365

• What data sits in Office 365 ?

• Is there any sensitive data that is accessible to people outside my organization ?

• How can I make sure I have the same classification capabilities across all corporate assets ?

• How can I make sure the appropriate department custodian can review sensitive content in office 365

• How do I prevent sensitive files from being uploaded to Office 365 ?

© 2015 Netskope. All Rights Reserved.

Lack of visibility into data stored in Office 365 presents risk

14

::

::

::

Data Visibility

::

::

::

© 2015 Netskope. All Rights Reserved.

Data Forensics

16

© 2015 Netskope. All Rights Reserved.

Secure the Data

17

::

Prevent sharing and encrypt data

© 2015 Netskope. All Rights Reserved. 18

Quarantine Repository

Quarantine workflow

© 2015 Netskope. All Rights Reserved. 19

Legal Hold Repository

Legal Hold workflow

Legal Hold

Risk Management, Anomaly Detection, and Forensics

Detect and Manage Security Threats

Protect your apps from risky Users, including one that have had

their cred’s compromised in a Data Breach

Quarantine content uploaded by those Users and create a

workflow to verify the authenticity of the Content

Detect Anomalous Behavior, especially anomalies that could be

signs of Security Threats, Data Leakage, etc.

© 2015 Netskope. All Rights Reserved. 22

Key requirements for mitigating risk associated with activities in Office 365

• Create an audit trail of user activity

• Detect unusual usage patterns in Office 365

• Report when Office 365 user credentials have been compromised in a past data breach

• Identify account hijacking and other security exploits taking place in Office 365

Machine Learning based AnomaliesUser, App and Enterprise Risk evaluation Updated Threat detection and Password BreachesSplunk like search CapabilitiesMitigation and policies

© 2015 Netskope. All Rights Reserved.

Risk management, anomaly detection, and forensics

23

Risk, anomalies,

forensics

© 2015 Netskope. All Rights Reserved.

Summary:Keys to Safely Enabling Office 365

24

Policy and Access Control

Risk ManagementAnomaly Detection

Forensics

Data Governance

Thank You