SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES

Transcription

1 SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES Netskope 2015

2 Enterprises are rapidly adopting Microsoft Office 365. According to the Netskope Cloud Report, the suite is among the top 10 used apps in enterprises. Office 365 is inherently enterprise-ready by objective measures. It is rated high in the Netskope Cloud Confidence Index, a yardstick adapted from the Cloud Security Alliance, and boasts key third-party certifications, flexible security settings, and privacy features. No matter how inherently enterprise-ready a cloud app is, though, IT also needs to maintain visibility and control over usage and data moving in and out of popular apps or ones that house business-critical data. This will help IT enforce security, compliance, and governance policies to reduce their overall risk. Here are three best practices gleaned from Netskope customers for safely enabling Office 365 and its ecosystem. There are three must do best practices: Extend your access and usage policies to Office 365 Protect data in Office 365 and its ecosystem Detect and manage security threats 2

3 EXTEND YOUR ACCESS AND USAGE POLICIES TO OFFICE 365 Extend your best identity and access management practices to Office 365 (and other cloud apps that are important to your business or may integrate with your Office 365 apps). Here are six that matter: 1. Right-size your admin privileges. If you employ a least privilege model in the rest of your systems, consider doing the same in Office 365. Rather than offer full admin privileges equally across the suite, give one admin privilege in Exchange and another in OneDrive, but not full access to both admins. 2. Extend single sign-on. Whether you re using Azure AD or a third-party SSO provider, extend your SSO framework to Office 365 apps, its ecosystem, and other business-critical apps. 3. Enforce usage policies granularly. Enforce policies granularly based on activity, content, device, geography, AD group, and other cloud apps. For example, if you want to prevent insiders from sharing outside of the company, enforce a Don t share outside of the company policy. And if you want people only to upload content to OneDrive but not other storage apps, enforce that policy across all cloud apps and provide coaching messages to users. Remember to extend any usage policy in Office 365 with ecosystem apps that may share data with the suite. 4. Coach users to use Office 365. Find unsanctioned cloud apps that provide similar functionality to Office 365 and automate a workflow that coaches users to use Office Log all usage activity for users and admins. Provide granular, detailed audit logs for all user and admin activity across all apps in the suite, not just Exchange or OneDrive, but Yammer, Lync, and SharePoint. Remember to do this in the ecosystem as well as in apps that could be part of an audit trail. For example, if a departing user downloads confidential content from OneDrive, uploads it to his Dropbox, and then shares it with his new employer, you ll want to identify that in your post-event audit. 6. Consider mobile access in all of your access and usage policies. Microsoft offers Intune, its MDM built into Office 365. As you roll out Office 365, ensure the devices accessing these apps meet your configuration requirements and that you can control access and wipe data if needed. Also, extend granular usage policies to mobile, and even differentiate between corporate- and personally-owned devices. For example, allow download from OneDrive to a corporate device but not to a personal one. 3

4 4 PROTECT DATA IN OFFICE 365 AND ITS ECOSYSTEM Protect sensitive content like personallyidentifiable information (PII), protected health information (PHI), payment card information (PCI), and source code in Office 365 and across the ecosystem. Here are three considerations: 1. Find and secure sensitive content in Office 365 apps. Identify sensitive content at rest in Office 365 whether it was uploaded yesterday or two years ago. Take action to secure it, including understanding what content is there and who s got access, encrypting it, or even quarantining the content or putting it in legal hold for later review. 2. Find and secure sensitive content en route to or from Office 365 apps. Identify sensitive content on its way to or from an Office 365 app or any of its ecosystem apps, and block, alert,require user justification, encrypt, or quarantine that content based on what it is, as well other contextual factors like AD group, location, device, etc. 3. Protect data across your Office 365 ecosystem. When you enforce your DLP policies in Office 365, extend those policies across all of the apps in the suite and those that integrate with your apps, even outside of the suite. Apps that facilitate workflows, e-signatures, and project management are prime candidates; if you re enforcing a Don t download to unmanaged mobile devices policy in your Office 365 apps such as SharePoint, OneDrive, and Lync, consider enforcing it in a workflow app that may route that same content to multiple users.

5 DETECT AND MANAGE SECURITY THREATS Identify and remediate internal and external security threats surrounding your Office 365 suite and their ecosystem. Here are three things to remember: 1. Protect your apps from risky users. Institute protections against risky users, including ones who have had their account credentials compromised in a data breach. According to Netskope, 13.6 percent of enterprise users have had their credentials stolen in a breach. Know who those users are and make sure they have updated their password in the Office 365 apps they re using (or they re participating in your single sign-on program). 2. Quarantine content uploaded by risky users. Quarantine content uploaded by risky users, including those whose account credentials have been compromised. From there, you can conduct a workflow to verify the authenticity of the content and ensure that the action is intended by the user and not malicious activity. 3. Detect anomalous behavior. Detect anomalies that could signal security threats, data leakage, or even the presence of malware. Prioritize anomalies from highest to lowest risk. Focus on activitybased anomalies such as excessive downloading or sharing, users logging in from multiple locations or devices, and failed logins. View activity trails surrounding anomalies in context (e.g., user, group, device, location, app, content) to understand how it happened, determine remediation, and report on it. Use this information to enhance and enrich your policies. 5

6 By extending the best practices you employ in your environment today to Microsoft Office 365, its ecosystem, and your other business-critical apps, you can safely enable the cloud for your enterprise. Want to learn more? Contact us to see a Netskope for Office 365 demo today! GET STARTED Netskope 2015 all rights reserved. 04/15 EB