state of office 365 adoption & risk a dive into the data · state of office 365 adoption &...

State of Office 365 Adoption & Risk A Dive into the Data

Jim Reavis, CEO, Cloud Security Alliance Brandon Cook, VP, Marketing, Skyhigh Networks

Q4 2016 Office 365 Usage and Risk Report

Brandon Cook, Skyhigh Networks

Hard Data on O365 Usage

Anonymized usage data 30+ million

users

78 countries worldwide

600+ companies across 28 industries

Office 365 Adoption vs Usage – It’s Just Starting

• Penetration rate of Office 365 in the enterprises has increased from 87.3% to 91.4% in 9 months

• But, active usage has tripled in same time.

• Growth driven by pricing model and new features

Office 365 Utilization by App

• OneDrive is top app (bundled with Office and Exchange Online)

• Exchange Online utilization still relatively small

Office 365 Now World’s Most Popular Enterprise Cloud Service

Office 365 Usage by Industry

Office 365 is Home to Sensitive Data

Collaboration within Office 365 (OneDrive, SharePoint) is Growing

37.2% of O365 files are shared today

Sensitive Data Shared Externally 9.2% of Externally Shared Docs Contain Sensitive Data

O365 Threat Funnel

Office 365 Data Under Siege

O365 Data Loss Scenarios

Leveraging CASBs to Address O365 Data Loss Scenarios Encryption

Leveraging CASBs to Address O365 Data Loss Scenarios

API controls (OAuth)

Encryption

Leveraging CASBs to Address O365 Data Loss Scenarios

Granular DLP on shadow cloud services

API controls (OAuth)

Encryption

Leveraging CASBs to Address O365 Data Loss Scenarios

User behavior, privileged user, and geolocation analytics

Granular DLP on shadow cloud services

API controls (OAuth)

Encryption

Leveraging CASBs to Address O365 Data Loss Scenarios

Device-based access controls

User behavior, privileged user, and geolocation analytics

Granular DLP on shadow cloud services

API controls (OAuth)

Encryption

Leveraging CASBs to Address O365 Data Loss Scenarios

Security Configuration audit

Device-based access controls

User behavior, privileged user, and geolocation analytics

Granular DLP on shadow cloud services

API controls (OAuth)

Encryption

Leveraging CASBs to Address O365 Data Loss Scenarios Collaboration

controls

Security Configuration audit

Device-based access controls

User behavior, privileged user, and geolocation analytics

Granular DLP on shadow cloud services

API controls (OAuth)

Encryption

Top 7 O365 CASB Uses Cases Ranked Ad

optio

n

1. Prevent unauthorized data from being shared externally 70%

2. Prevent high-value data from being stored in the cloud 65%

3. Block download of O365 data to personal devices 55%

4. Detect compromised accounts, insider/privileged user threats 40%

5. Capture an audit trail of activity for forensic investigations 30%

6. Prevent access to personal O365 instances 20%

7. Prevent proliferation of malware 15%

Guidance from the Cloud Security Alliance (CSA

Jim Reavis – CEO, Cloud Security Alliance

Awareness, Opportunism, Strategy in securing your Cloud experience • Visibility into cloud usage today and plans for tomorrow

Awareness, Opportunism, Strategy in securing your Cloud experience • Visibility into cloud usage today and plans for tomorrow • Data security: think about the entire data lifecycle and

address security in all phases

Awareness, Opportunism, Strategy in securing your Cloud experience • Visibility into cloud usage today and plans for tomorrow • Data security: think about the entire data lifecycle and

address security in all phases • Strong Identity & Access Management strategy

Awareness, Opportunism, Strategy in securing your Cloud experience • Visibility into cloud usage today and plans for tomorrow • Data security: think about the entire data lifecycle and

address security in all phases • Strong Identity & Access Management strategy • Due diligence with your providers

Awareness, Opportunism, Strategy in securing your Cloud experience • Visibility into cloud usage today and plans for tomorrow • Data security: think about the entire data lifecycle and

address security in all phases • Strong Identity & Access Management strategy • Due diligence with your providers • Understand how software development is different in cloud

Awareness, Opportunism, Strategy in securing your Cloud experience • Visibility into cloud usage today and plans for tomorrow • Data security: think about the entire data lifecycle and

address security in all phases • Strong Identity & Access Management strategy • Due diligence with your providers • Understand how software development is different in cloud • Learn about new "cloud-driven" security practices like

DevSecOps

Lots of free tools and research to make your transition easier • CSA Guidance, Cloud Controls Matrix, CSA

STAR and much more – https://cloudsecurityalliance.org/

• Get your CCSK & CCSP!

Questions?