Top Five Security Must-Haves for Office 365. Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering

Transcription

1 Top Five Security Must-Haves for Office 365 Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering

2 Today s Agenda Introductions & Company Overview Cloud App Trends, Risks & Security Gaps Securing Office 365 Top Issues Deployment Considerations

3 Who is Skyfence? What we do Enable organizations safe and productive use of corporate SaaS applications Why it s relevant The cloud app trend has created a visibility and control blind spot for IT that cannot be addressed by traditional controls Now part of Imperva (NYSE: IMPV) Acquired by Imperva February 2014 for $60M Imperva Background Founded in employees Customers in 75+ countries Enterprise Customers Highest returning IPO of 2011 Gartner WAF MQ: Imperva is alone as the Leader

4 Data Proliferation and the Shadow IT Blind Spot Customer-Facing Applications Moving to IaaS or PaaS providers Employee-Facing Applications are SaaS and Cloud Apps Authorized & Unauthorized Apps For 2013, the worldwide public cloud services reached a total market size of $45.7 billion, and is growing over 20%/year Traditional Data Center

5 The Security Gap for SaaS Applications Authorized Apps Unauthorized Apps

6 Popular Cloud Applications and Use Cases Secure Office 365 Users Endpoint access control Monitor & control uploads and downloads Prevent account takeover Collaboration and File Sharing Visibility over sharing of unstructured data Data security Manage AWS Console Users Risk based strong authentication Blocking/controlling certain high risk actions Prevent account takeover Line of Business Apps Sanctioned and unsanctioned Over 5000 apps supported

7 Securing Office 365 Top 5 Must-Haves

8 Office 365 Challenges and Risks Visibility and Control over Office 365 Users and Admins Lack of endpoint access control including control of BYOD Monitoring actions of users and admins across Exchange, SharePoint, OneDrive, CRM and BI Apps, Admin Portal and more Detect malicious behavior and credential theft respond proactively Office 365 Risks Users, Admins and Cyber Criminals BYOD access to Office 365 resources No control over which devices, managed and unmanaged, can access Office 365 Complexity of MDM integration across all O365 components Lack of monitoring and control of data flows No visibility into file and folder use Loss of sensitive data residing in Office 365 storage Takeover of user and admin accounts Preventing targeted attacks against accounts (CEO, CFO, etc.)

9 Must Have Capabilities for Securing Office User Access Control & Strong Authentication 5. Management of Privileged Accounts 2. Mobile Access and Endpoint Controls 4. Control Data & Manage Unauthorized File Sharing 3. Account Takeover Protection

10 1. User Access Control Consistent visibility & logs across all Office 365 activity One central point for event logs for Exchange, Lync, Yammer, SharePoint, OneDrive, Dynamic CRM, Power BI and Office 365 Admin Portal Control user access to Office 365 Active directory integration provides contextual data allowing departmental and responsibility based controls Risk based strong authentication for critical activities Require two-factor authentication for all logins, based on endpoint type (managed or unmanaged) Require two-factor identify verification based on behavioral context triggering threat, risk or access policy violation 1

11 2. Mobile Access and Endpoint Controls Control access to Office 365 Unmanaged endpoints can be blocked completely or selectively to block downloads and data modifications Enable MDM integration across all Office 365 components One central point for MDM integration across Exchange, Lync, Yammer, SharePoint, OneDrive, Dynamic CRM, Power BI and Office 365 Admin Portal Context aware strong authentication Require two-factor authentication for all logins, based on endpoint type (managed or unmanaged) Require two-factor identify verification based on behavioral context triggering threat, risk or access policy violation 2

12 3. Account Takeover Protection Detect and prevent Account Takeover (ATO) Stops the consequences of account takeover by detecting suspicious behavior that signals an account takeover Respond in real-time to block access or request stronger identity verification with out-of-band one-time passwords Monitor privileged user activity Anomalous admin access to mail account management is detected 3

13 4. Monitor and Control Document Collaboration & Sharing Monitor all document flows to and from endpoints accessing Office 365 cloud storage (OneDrive, SharePoint) Monitor who is uploading, downloading and sharing which files and folders Restrict editing to online documents only, prevent document downloads Control which endpoints can upload, download or share files Use granular policies to ensure control over files and folders (e.g. block downloads to unmanaged endpoints, restrict sharing of directories with sensitive information) Require online editing of documents from unmanaged endpoints Restrict editing to online documents only, prevent users from downloading documents 4

14 5. Management of Privileged Accounts & Admins Control access to Office 365 Management web portal Granular role based access for SysAdmins Log all administrative activities Require strong authentication for privileged activities 5

15 Deployment for Office 365 (3) Application responds to Skyfence Gateway requests providing access (2) Skyfence Gateway proxies user requests to application. Skyfence analyzes the activities, logs events, challenge or block policy violations. Identity Provider (SSO infra) (1) Client authenticates via native application, thru IdP initiated or SP initiated Auto-Discovery Active-sync Mobile thick apps

16 Visibility and Control for Office 365 Apps Corporate employees, mobile workers and hackers Office 365 Applications Discover Rogue Collaboration and File Sharing Apps & Shadow IT User Access Control with Risk Based, Multi-factor Authentication Endpoint Access Control Monitor Activity of All Users & Administrators Integrate Office 365 Analytics with SIEM Prevent Account Takeover Attacks to Protect O365 Data

17 Metro Bank Uses Skyfence to Secure Office 365 Apps Background Fast Growing UK-based Bank 1400 Users relying on Office 365 Apps such as , Sharepoint, Yammer and One Drive Challenges Many colleagues/employees require remote access to Office 365 apps Native ip fencing was ineffective at controlling BYOD access Required non-intrusive approach no impact to end users Integrate with existing Airwatch MDM deployment Solution Benefits Global enforcement of access controls Consistent, detailed and clear visibility into all cloud app activity PCI DSS compliance for cloud access outside of the organization Rapid and simple deployment in the cloud

18 Next Steps: Free Cloud App Discovery for Businesses Free Download: For Windows and Mac Scans Web Proxy, SIEM and Firewall logs Quantify apps, users, activities & risk Includes free online support and Knowledge Base How Does It Work? Corporate Network 1 Scan 2 Review Results LOG Files Firewall / Web Proxy Cloud Discovery Tool Discovered Apps

19