SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES

Similar documents
Top Five Security Must-Haves for Office 365. Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering

APRIL CLOUD REPORT. Netskope Cloud Report for Europe, Middle East, and Africa

The Netskope Active Platform

Securing and Monitoring Access to Office 365

Securing Office 365 with MobileIron

APRIL CLOUD REPORT. Netskope Cloud Report Worldwide

Visibility and Control for Sanctioned & Unsanctioned Cloud Apps

Netskope Cloud Report

The Cloud App Visibility Blindspot

Executive s Guide to Cloud Access Security Brokers

Cloud Access Security Broker. Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products

Office 365 Adoption & Risk Report

How To Manage Security On A Networked Computer System

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Imperva Skyfence Secures Office 365 Access for Mobile Employees at Metro Bank

These materials are 2015 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.

Solve the Dropbox Problem with Enterprise Content Connectors. Whitepaper Solve the Dropbox Problem with Enterprise Content Connectors

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

How To Secure Shareware Kiteworks By Accellion

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Security Overview Enterprise-Class Secure Mobile File Sharing

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

How To Protect Your Mobile Device From Attack

What is OneDrive for Business?

Five Best Practices for Secure Enterprise Content Mobility

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

PCI Compliance for Cloud Applications

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

Securing Content: The Core Currency of Your Business. Brian Davis President, Net Generation

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Assessment & Monitoring

Speeding Office 365 Implementation Using Identity-as-a-Service

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

The BYOD of Tomorrow: BYOD 2.0. What is BYOD 1.0? What is BYOD 2.0? 3/27/2014. Cesar Picasso, MBA SOTI Inc. April 02, 2014

Google Identity Services for work

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools

PREVENTIA. Skyhigh Best Practices and Use cases. Table of Contents

With Great Power comes Great Responsibility: Managing Privileged Users

#ITtrends #ITTRENDS SYMANTEC VISION

Alexander De Houwer Technology Advisor Devices Win 10 Vincent Dal Technology Advisor Business Productivity

Enterprise Content Sharing: A Data Security Checklist. Whitepaper Enterprise Content Sharing: A Data Security Checklist

Secure Collaboration within Organizations, B2B and B2C.

Mobile Security and Management Opportunities for Telcos and Service Providers

Top. Reasons Legal Firms Select kiteworks by Accellion

Netskope Cloud Report. Report Highlights. cloud report. Three of the top 10 cloud apps are Storage, and enterprises use an average of 26 such apps

FileCloud Security FAQ

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Securing SharePoint 101. Rob Rachwald Imperva

Top. Enterprise Reasons to Select kiteworks by Accellion

NCSU SSO. Case Study

Mobile Data Leakage Prevention

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

May 14 th, 2015 INTRODUCING WATCHDOX. And The ABC s Of Secure File Sharing. Jeff Holleran VP Corporate Strategy BlackBerry

ShareFile Enterprise for healthcare

Windows Phone 8.1 in the Enterprise

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Andrej Zdravkovic Regional Vice President, Platform Solutions Intellinet

White paper. Four Best Practices for Secure Web Access

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Data Protection Act Bring your own device (BYOD)

Table of Contents CLOUD ADOPTION RISK REPORT INTRODUCTION...2 SENSITIVE DATA IN THE CLOUD...3

Enterprise Mobility Suite Overview. Joe Kuster Catapult Systems

I D C A N A L Y S T C O N N E C T I O N

CLOUD ACCESS SECURITY BROKERS

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Microsoft Windows Intune: Cloud-based solution

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Privilege Gone Wild: The State of Privileged Account Management in 2015

BYOD File Sharing Go Private Cloud to Mitigate Data Risks

The Essential Security Checklist. for Enterprise Endpoint Backup

The User is Evolving. July 12, 2011

Microsoft Enterprise Mobility Suite

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

SOOKASA WHITEPAPER CASB SECURITY OVERVIEW.

Protecting Data and Privacy in the Cloud

Secure Data Sharing in the Enterprise

Advanced Configuration Steps

Transcription:

SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES Netskope 2015

Enterprises are rapidly adopting Microsoft Office 365. According to the Netskope Cloud Report, the suite is among the top 10 used apps in enterprises. Office 365 is inherently enterprise-ready by objective measures. It is rated high in the Netskope Cloud Confidence Index, a yardstick adapted from the Cloud Security Alliance, and boasts key third-party certifications, flexible security settings, and privacy features. No matter how inherently enterprise-ready a cloud app is, though, IT also needs to maintain visibility and control over usage and data moving in and out of popular apps or ones that house business-critical data. This will help IT enforce security, compliance, and governance policies to reduce their overall risk. Here are three best practices gleaned from Netskope customers for safely enabling Office 365 and its ecosystem. There are three must do best practices: Extend your access and usage policies to Office 365 Protect data in Office 365 and its ecosystem Detect and manage security threats 2

EXTEND YOUR ACCESS AND USAGE POLICIES TO OFFICE 365 Extend your best identity and access management practices to Office 365 (and other cloud apps that are important to your business or may integrate with your Office 365 apps). Here are six that matter: 1. Right-size your admin privileges. If you employ a least privilege model in the rest of your systems, consider doing the same in Office 365. Rather than offer full admin privileges equally across the suite, give one admin privilege in Exchange and another in OneDrive, but not full access to both admins. 2. Extend single sign-on. Whether you re using Azure AD or a third-party SSO provider, extend your SSO framework to Office 365 apps, its ecosystem, and other business-critical apps. 3. Enforce usage policies granularly. Enforce policies granularly based on activity, content, device, geography, AD group, and other cloud apps. For example, if you want to prevent insiders from sharing outside of the company, enforce a Don t share outside of the company policy. And if you want people only to upload content to OneDrive but not other storage apps, enforce that policy across all cloud apps and provide coaching messages to users. Remember to extend any usage policy in Office 365 with ecosystem apps that may share data with the suite. 4. Coach users to use Office 365. Find unsanctioned cloud apps that provide similar functionality to Office 365 and automate a workflow that coaches users to use Office 365. 5. Log all usage activity for users and admins. Provide granular, detailed audit logs for all user and admin activity across all apps in the suite, not just Exchange or OneDrive, but Yammer, Lync, and SharePoint. Remember to do this in the ecosystem as well as in apps that could be part of an audit trail. For example, if a departing user downloads confidential content from OneDrive, uploads it to his Dropbox, and then shares it with his new employer, you ll want to identify that in your post-event audit. 6. Consider mobile access in all of your access and usage policies. Microsoft offers Intune, its MDM built into Office 365. As you roll out Office 365, ensure the devices accessing these apps meet your configuration requirements and that you can control access and wipe data if needed. Also, extend granular usage policies to mobile, and even differentiate between corporate- and personally-owned devices. For example, allow download from OneDrive to a corporate device but not to a personal one. 3

4 PROTECT DATA IN OFFICE 365 AND ITS ECOSYSTEM Protect sensitive content like personallyidentifiable information (PII), protected health information (PHI), payment card information (PCI), and source code in Office 365 and across the ecosystem. Here are three considerations: 1. Find and secure sensitive content in Office 365 apps. Identify sensitive content at rest in Office 365 whether it was uploaded yesterday or two years ago. Take action to secure it, including understanding what content is there and who s got access, encrypting it, or even quarantining the content or putting it in legal hold for later review. 2. Find and secure sensitive content en route to or from Office 365 apps. Identify sensitive content on its way to or from an Office 365 app or any of its ecosystem apps, and block, alert,require user justification, encrypt, or quarantine that content based on what it is, as well other contextual factors like AD group, location, device, etc. 3. Protect data across your Office 365 ecosystem. When you enforce your DLP policies in Office 365, extend those policies across all of the apps in the suite and those that integrate with your apps, even outside of the suite. Apps that facilitate workflows, e-signatures, and project management are prime candidates; if you re enforcing a Don t download to unmanaged mobile devices policy in your Office 365 apps such as SharePoint, OneDrive, and Lync, consider enforcing it in a workflow app that may route that same content to multiple users.

DETECT AND MANAGE SECURITY THREATS Identify and remediate internal and external security threats surrounding your Office 365 suite and their ecosystem. Here are three things to remember: 1. Protect your apps from risky users. Institute protections against risky users, including ones who have had their account credentials compromised in a data breach. According to Netskope, 13.6 percent of enterprise users have had their credentials stolen in a breach. Know who those users are and make sure they have updated their password in the Office 365 apps they re using (or they re participating in your single sign-on program). 2. Quarantine content uploaded by risky users. Quarantine content uploaded by risky users, including those whose account credentials have been compromised. From there, you can conduct a workflow to verify the authenticity of the content and ensure that the action is intended by the user and not malicious activity. 3. Detect anomalous behavior. Detect anomalies that could signal security threats, data leakage, or even the presence of malware. Prioritize anomalies from highest to lowest risk. Focus on activitybased anomalies such as excessive downloading or sharing, users logging in from multiple locations or devices, and failed logins. View activity trails surrounding anomalies in context (e.g., user, group, device, location, app, content) to understand how it happened, determine remediation, and report on it. Use this information to enhance and enrich your policies. 5

By extending the best practices you employ in your environment today to Microsoft Office 365, its ecosystem, and your other business-critical apps, you can safely enable the cloud for your enterprise. Want to learn more? Contact us to see a Netskope for Office 365 demo today! GET STARTED Netskope 2015 all rights reserved. 04/15 EB-57-1 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information