5 security questions to ask when deploying o365
TRANSCRIPT
webinarapril 12
2017
5 Security Questions to
Ask When Deploying Office 365
STORYBOARDS
office 365 is the leading SaaS productivity suite:deployed in over a third of organizations, office 365 is
2015
google apps office 365
other
16.3%
7.7%
76%
22.8%
25.2%
52%40.7%
24.5%
34.8%
2016
STORYBOARDS
1. what is your responsibility in protecting data?
enterprise(CASB)
end-user devicesvisibility & analytics
data protectionidentity & access control
applicationstorageserversnetwork
3
STORYBOARDS
2. do you need to protect O365 data end-to-end?
■ Cloud data doesn’t exist only “in Office 365”
■ Requirements for a complete solution
○ Granular access control
○ Visibility
○ DLP
STORYBOARDS
■ BYOD blindspot - O365 DLP is not geared toward protecting data on BYOD
■ High operational overhead - Complex to configure and maintain
■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office 2016 on PCs
■ High cost - Must have top of the line license
■ Point solution - Support focused on Office 365, what about other cloud apps?
office 365 native dlp:complex, costly, and doesn’t work across apps
STORYBOARDS
3. can we control access from both managed & unmanaged devices?
API-based controls● Protect data-at-rest
Proxy-based controls● At access, apply DLP protection to data● Control access to Office 365
STORYBOARDS
4. do I need real-time visibility and control?
■ Apply granular DLP to data-at-rest and upon access
■ Context-awareness should distinguish between users, managed and unmanaged devices, and more
■ Flexible policy actions (DRM, quarantine, remove share, etc) required to mitigate overall risk
STORYBOARDS
5. how can you protect against unauthorized access?
■ Cloud app identity management should maintain the best practices of on-prem identity
■ Cross-app visibility into suspicious access activity with actions like step-up multifactor authentication
STORYBOARDS
1. what is your responsibility in protecting data?
2. do you need to protect cloud data end-to-end?
3. can you control access from both managed & unmanaged devices?
4. do you need real-time visibility and control?
5. can you protect against unauthorized access?
recap: 5 questions to ask when deploying Office 365
STORYBOARDS
managed devices
application access mode data protection
unmanaged devices &
mobiles
in the cloud
● profile-agent● VPN+IP-restriction
● DLP/DRM/encryption ● Device controls, e.g PIN● Agentless Selective wipe● Client apps: allow/block ● OneDrive
● Sharepoint ● API● Quarantine DLP● Block external shares● Alert on DLP events
office 365 use case:real-time inline data protection on any device
Legacy Auth Apps e.g Office 2010
● Full access
Modern Auth Apps e.g Office 2013+
● profile agent● VPN+IP-restriction● certificates
● Full access
● Browser● ActiveSync Mail● Client apps
● Reverse-proxy + AJAX-VM● ActiveSync Proxy
10
casb security
real-time, inline cloud DLP
granularaccess controls
integrated identity
management
STORYBOARDS
client■ 180,000 employees■ Among the largest US healthcare orgs
challenge■ HIPAA Compliant cloud and mobile■ Controlled access to Office 365 from
managed & unmanaged devices■ Control external sharing■ Real-time inline data protection
solution■ Real-time inline protection on any device■ Contextual access control on managed &
unmanaged devices (Omni)■ Real-time DLP on any device■ API control in the cloud■ Agentless BYOD with selective wipe■ Enterprise-wide for all SaaS apps
secure office 365 + byod
majorhealthcare firm
STORYBOARDS
secure salesforce
+ office 365
13
client■ 20,000 employees■ Global presence■ $6T in assets under management
challenge■ Needed complete CASB for enterprise-wide
migration to SaaS■ Security for Office 365■ Encryption of data-at-rest in Salesforce
solution■ Searchable true encryption of data in
Salesforce■ Real-time inline DLP on any device
(Citadel)■ Contextual access control on managed &
unmanaged devices (Omni)■ API control in the cloud■ Discover breach & Shadow IT
financial services client
STORYBOARDS
our mission
total data
protection est. jan 2013
200+ customer
s
tier 1 VCs
resources:more info about office 365 security
■ whitepaper: definitive guide to casbs
■ case study: fortune 100 healthcare firm secures o365
■ video: securing office 365
STORYBOARDS
bitglass.com@bitglass