What you need to know about Office 365



Similar documents
Visibility and Control for Sanctioned & Unsanctioned Cloud Apps

Top Five Security Must-Haves for Office 365. Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering

The Cloud App Visibility Blindspot

Cloud Access Security Broker. Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products

The Cloud App Visibility Blind Spot

ISSA Phoenix Chapter Meeting Topic: Security Enablement & Risk Reducing Best Practices for BYOD + SaaS Cloud Apps

Securing and Monitoring Access to Office 365

CASE STUDY. Global Airline Empowers Mobile Workforce for SaaS Apps while Reducing Risk

Dynamic Security for the Hybrid Cloud

Addressing Security for Hybrid Cloud

How to Grow and Transform your Security Program into the Cloud

Executive s Guide to Cloud Access Security Brokers

THE NEW FRONTIER FOR PROTECTING CORPORATE DATA IN THE CLOUD

Security of Cloud Computing for the Power Grid

SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES

Secure Cloud Computing

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Empowering Your Business in the Cloud Without Compromising Security

Assessment & Monitoring

The Netskope Active Platform

CLOUD ACCESS SECURITY BROKERS

PCI Compliance for Cloud Applications

SANS Top 20 Critical Controls for Effective Cyber Defense

Unified Identity Management

Safeguarding the cloud with IBM Dynamic Cloud Security

KEYS TO CLOUD APP SECURITY

Secure & Unified Identity

2H 2015 SHADOW DATA REPORT

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

Cloud App Security. Tiberio Molino Sales Engineer

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

The Case For A Cloud Access Security Broker

How To Protect Your Cloud From Attack

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Securing Endpoint Data While Enabling the Mobile Workforce

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

What is Security Intelligence?

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Securing the Cloud: Making Cloud an Opportunity to Enhance Security

Powering Security and Easy Authentication in a Multi-Channel World

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Vulnerability Management

How to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

IBM QRadar Security Intelligence April 2013

PENETRATION TESTING GUIDE. 1

CLOUD SECURITY. Solution Primer. Rafal Los. Renee Guttmann. Jason Clark. Director, Solutions Research Office of the CISO, Optiv

Cloud Security:Threats & Mitgations

Top 20 Critical Security Controls

WHITE PAPER AUGUST 2014

CLOUD SECURITY. Rafal Los. Renee Guttmann. Jason Clark SOLUTION PRIMER. Director, Information Security, Accuvant

IAAS REFERENCE ARCHITECTURES: FOR AWS

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Customer Cloud Architecture for Mobile.

Seeing Shapes in the Cloud How Identity & Security Give the Cloud Shape

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

PREVENTIA. Skyhigh Best Practices and Use cases. Table of Contents

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

The Sophos Security Heartbeat:

Application Security 101. A primer on Application Security best practices

Q1 Labs Corporate Overview

Security Issues in Cloud Computing

About SecuPi. Your business runs on applications We secure them. Tel Aviv, Founded

From Rivals to BFF: WAF & VA Unite OWASP The OWASP Foundation

SIEM is only as good as the data it consumes

Cyber Security Services: Data Loss Prevention Monitoring Overview

Securing the Database Stack

DYNAMIC DNS: DATA EXFILTRATION

Securing SharePoint 101. Rob Rachwald Imperva

Data In The Cloud: Who Owns It, and How Do You Get it Back?

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Architecting the Cloud

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Eliminating Cybersecurity Blind Spots

RSA Identity Management & Governance (Aveksa)

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

IBM Endpoint Manager Product Introduction and Overview

How to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Cloud Management. - assuring cloud services. Carl Lloyd. Business Lead, Service Assurance

A number of factors contribute to the diminished regard for security:

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Sarbanes-Oxley Compliance for Cloud Applications

Introduction to the Mobile Access Gateway

Attacks from the Inside

Cloud and Regulations: A match made in heaven, or the worst blind date ever?

Securing your Mobile Workforce with Okta and Espion

Automating User Management and Single Sign-on for Salesforce.com OKTA WHITE PAPER. Okta Inc nd Street Suite 350 San Francisco CA, 94107

Ben Hall Technical Pre-Sales Manager Barry Kew Pre-Sales Consultant

Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands

Transcription:

What you need to know about Office 365 Phoenix ISACA Dede Alexiadis Imperva Skyfence

Agenda Microsoft Office 365 basics Anytime Anywhere Let the data flow Risk and Governance Deployment Considerations Q & A 2 Confidential

Types of Cloud Adoption Customer-facing Applications Moving to IaaS or PaaS providers Employee-facing Applications are SaaS and Cloud Apps Traditional Data Center 53 Confidential

Why Cloud? Faster to collaboration Ease of trying something new Leveraging other experiences Operationally efficient, focus on the business Bridge into cloud 4 Confidential

Why Microsoft Office 365 Easy to setup and manage Access to all of the same tools Expanded collaboration features Anytime and Anywhere 5 Confidential

Anytime Anywhere 6 Confidential

Implications Legitimate User Un-federated Access Multiple Devices Multiple Locations Ability to Collaborate Malicious Actor Un-federated access Multiple Devices Multiple Locations Ability to Collaborate Malicious Insider Un-federated Access Multiple Devices Multiple Locations Ability to Collaborate Privileged Users Un-federated Access Multiple Devices Multiple Locations Administrative Access Ability to circumvent controls 7 Confidential

Device Control Managed vs Un-managed devices Least privilege access Activity based MFA User Fingerprint User Ease of Use 8 Confidential

Device Control Managed vs Un-managed devices Configuration assessment Activity based MFA User Fingerprint Administrator Ease of Use 9 Confidential

Proxy Inline Real-time blocking/ remediation Performance considerations CDN Self healing defendable Elastic API Non inline Not real time, no blocking API dependency No performance considerations 10 Confidential

Market Overview Cloud Access Security Brokers CASB named #1 in top 10 technologies for IT Security in 2014 By 2017, those making a strategic decision to invest in cloud apps for mission-critical workloads will consider CASB essential The CASB market will reach $500 million by year-end 2017 Two primary use cases for IT: Risk Assessment Most of the market in 2014, enterprise customers, all verticals Offline deployment 3 rd party logs, API, or web-access Monitoring & Enforcement Rapidly catching-up, expected 100% penetration by 2017 Inline deployment Forward / reverse proxies, SWG integrations, endpoint agents 11 Confidential

Challenges of Cloud Apps and Shadow IT Corporate Employees, Mobile Workers and Hackers Cloud Applications No visibility into who is using what apps No way to assess cloud apps risks and prioritize Unable to monitor and analyze all activity No endpoint control capabilities for cloud apps Cloud apps are a prime target for hackers and malicious insiders data exfiltration 612 Confidential

Visibility and Control for Cloud Applications Corporate Employees, Mobile Workers and Hackers Cloud Applications Cloud Security Suite Cloud Discovery & Governance (Offline) Discover Shadow IT Apps & Assess Risk Review User Entitlements to Find Dormant & Orphaned Accounts Centrally Assess Security & Configuration Settings of Cloud Apps Cloud Audit & Protection (Inline) Monitor Activity of Users & Admins Push to SIEM Endpoint & Data Access Controls with Risk-based MFA Detect Anomalies & Prevent Account Takeover Attacks 13 Confidential

Common Skyfence Use Cases for the Cloud Secure Office 365 Users Endpoint access control Monitor & control uploads and downloads Prevent account takeover Control Collaboration and File Sharing Visibility over sharing of unstructured data Data security Manage AWS Console Users Discovery of AWS console users Risk-based strong authentication Blocking/controlling high-risk actions Prevent account takeover Discover Line of Business Apps Sanctioned and unsanctioned Over 5,000 apps supported (Salesforce, NetSuite, etc.) 14 Confidential

See What You Are Missing Illuminate Shadow IT Free Download for Cloud App Discovery Windows and Mac versions Scans Web Proxy, SIEM, and Firewall logs Quantify apps, users, activities, & risk Includes free online support & Knowledge Base www.skyfence.com/cloud-discovery-free Corporate Network Network 1 Scan 2 Review Results LOG Files Firewall / Web Proxy Cloud Discovery Tool Discovered Apps 15 Confidential

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information