todd bursch - amazon web services · microsoft office 365 –cloud hosted solution ….and because...
TRANSCRIPT
Copyright © 2017 Forcepoint | 1
Microsoft Office 365 – Make it a Secure
Journey for Digital Transformation
TODD BURSCHManager, Solution Architects
Copyright © 2018 Forcepoint. | 2
%
OF ORGANIZATIONSHAVE DEPLOYED
OFFICE 365
ONLY 1 in 20HAVE
FULLY MIGRATED
USERS TO OFFICE 3651
2
Source: 1)Barracuda 2017, 2) Skyhigh 2017
Copyright © 2018 Forcepoint. | 3
WHAT’S GETTING IN THE WAY OF THE SUCCESS?
SECURITY & COMPLIANCE
CONCERNS
WORKFORCE UNAWARE
OF CAPABILITIES
NETWORK ARCHITECTURE
IMPACTS USER EXPERIENCE70% of users don’t know how to use most of the Office 365 apps
69% of O365 customers experience bandwidth issue weekly
91% of organizations are very or moderately concerned about public cloud security.
Copyright © 2018 Forcepoint. | 4
THE TOP 5 O365 PROBLEMS
Users
Oversharing
data in
OneDrive
Attackers
stealing
credentials and
weak Office365
security policy
Audit & Control
Inappropriate
Admin
Actions
Discovery and
control of
Personal Data in
O365 for GDPR
purpose
Employees and
3rd parties
Accessing
Office365 from
BYOD devices
Copyright © 2018 Forcepoint. | 5
MICROSOFT OFFICE 365 – CLOUD HOSTED SOLUTION
Microsoft Office 365 is a cloud hosted solution & suite of services that a client can buy for a
monthly subscription. They maintain the software and platform that you use when you login
to the application on your IOS or Android phone or tablet or PC.
So what?
So what does that mean? Hosted? Maintained? Cloud? Secured???
Why would a client need another piece of software for an application that is managed by a
huge company like Microsoft ?
To answer that we need look as where we were before Cloud.
With locally operated software and security and then compare the enterprise cloud
deployment.
Copyright © 2018 Forcepoint. | 6
ON-PREM MICROSOFT OFFICE DEPLOYMENT
Before the world went cloud crazy we would buy servers, we would put an operating system
on them and load them with software like Microsoft server 2003, 2008, 2012R2 and create
file servers and application servers that would allow users to select servers they needed.
s
w
x
Internet
Network
Router
Firewall
s
w
x
s
w
x
s
w
x
We used active directory and SSO over our VLANs for segmentation
and set up firewalls to protect from people outside our domains.
DMZ’s, IPS, IDS, Network Monitoring and application logs, ICMP,0
SNMP, SSH and IPSEC… With this, you could see EVERYTHING!
Copyright © 2018 Forcepoint. | 7
MICROSOFT OFFICE 365 – CLOUD HOSTED SOLUTION
….and because all this equipment and software resided inside our building and
since we were the administrators, we had a sense of confidence that we knew what
was going on with our systems and software licenses. We could add security
whenever we needed and had total control over our domains.
So ….what’s changed??? EVERYTHING!!!
s
w
xRouter
Now you see… NOTHING.
Copyright © 2018 Forcepoint. | 8
ENTER THE CLOUD – ALSO KNOWN AS THE FOLLOWING:
SAAS – SOFTWARE AS A SERVICE
PAAS – PLATFORM AS A SERVICE
IAAS – INFRASTRUCTURE AS A SERVICE
FAAS - FUNCTION AS A SERVICE
WHAT DOES ANY OF THESE HAVE TO DO WITH OFFICE 365!?!?
Amazon, Microsoft,
IBM, Google,
Oracle, and a ton of
other tier providers
Copyright © 2018 Forcepoint. | 9
Pro
vid
er
Man
ag
ed
Pro
vid
er
Man
ag
ed
THE SHARED SECURITY MODEL
Enterprise ITInfrastructure
(as a Service)
Platform
(as a Service)
Software
(as a Service)
Identity & Access
Management
Client & Endpoint Protection
Data Classification &
Accountability
Identity & Access
Management
Client & Endpoint Protection
Data Classification &
Accountability
Identity & Access
Management
Client & Endpoint Protection
Data Classification &
Accountability
Identity & Access
Management
Client & Endpoint Protection
Data Classification &
Accountability
Databases
Security
Applications
Servers
Virtualization
Operating Systems
Data Centers
Networking
Storage
Databases
Security
Applications
Operating Systems
Databases
Security
Applications
Servers
Virtualization
Operating Systems
Data Centers
Networking
Storage
Databases
Security
Applications
Servers
Virtualization
Operating Systems
Data Centers
Networking
Storage
Cu
sto
mer
Man
ag
ed
Cu
sto
mer
Man
ag
ed
Cu
sto
mer
Man
ag
ed
Cu
sto
mer
Man
ag
ed
Pro
vid
er
Man
ag
ed
Servers
Virtualization
Data Centers
Networking
Storage
Copyright © 2018 Forcepoint. | 10
25% Shared
Broadly
THE NEED TO GAIN VISIBILITY & CONTROL OF CRITICAL DATA
18% Uploaded files
contain sensitive data
12.5% Broadly
shared files contain
sensitive data
Business Partners
Personal Email Users
28%
6.2%
Anyone with the link
5.5%
Skyhigh & Symantec 2017
2.7%
Publicly Accessible
Copyright © 2018 Forcepoint. | 11
THE FORMULA FOR SUCCESSFUL ADOPTION
Enhance Microsoft’s
Integrated Cloud SecurityImprove the visibility & protection against
advanced threats and data loss across
Office 365 and other cloud applications
Maintain Consistent
Complianceinto the Microsoft ecosystem and beyond
Take back control of
Unsanctioned ITimpacting the full adoption of Office
365 and maintain workforce
productivity with reduced risk.
Implement The Right
Network Architectureto improve user experience and reduce cost
as you fully adopt the Microsoft applications
and migrate users to the cloud
To foster innovation and
increase productivity
whilst maintaining compliance
and reducing risks
SUCCESSFUL
ADOPTION
Copyright © 2018 Forcepoint. | 12
Gain visibility & control of BYOD
access across O365 & Other Cloud Apps
Enterprise-class, hybrid cloud data protection
Detect and prevent advanced threats
Identify & prevent high risk user
behaviour including compromised
account access, and malicious users
ENHANCE MICROSOFT’S INTEGRATED CLOUD SECURITY
Reduce security operational costs and configuration
risk
Copyright © 2018 Forcepoint. | 13
TYPICAL DLP ARCHITECTURE
Cloud Email
Cloud Security Services
Geo LB
Cloud App
ScannersCloud Web
Web Gateway
DLP Endpoint
Endpoint
Manager
Data
Discovery
CrawlerOCR
DLP Manager
DLP Endpoints
Incident
Risk RankingICAP
Email GatewayDATA
Virtual Email
Gateway in Azure
Endpoint
Manager
Remote Site
Endpoint
Manager
Data
Discovery
CrawlerSDWAN
DMZ
On-Prem DLP Services
Network
DLP
Copyright © 2018 Forcepoint. | 14
TYPICAL CASB ARCHITECTURE
CASB Cloud Gateway
CASB Management
Portal
Geo LB
Geo LB
CASB Cloud Service
Cloud App
Scanners
Devices with CASB
Agent
(Forward Proxy)
IDP / ADFS
(SSO Integration)
Access from
Any Device
Cloud Web
Web Content
GatewayUsers
AD ClientCloud
Discovery
Tool
SIEM Client
Management API
Inline Protection
Copyright © 2018 Forcepoint. | 15
CLOUD APP CONTROL COMPARISON
DLP with Cloud Apps Web Security with Cloud App Control
Module
DLP & Web Security with CASB Security
Suite
• Real-time activity auditing & control for managed devices P P P
• Real-time activity auditing & control for BYODP
• Service APIs activity auditing (+API mitigation)P P
• Anomaly detection & UBAP P P
• Data at RestP P
• Configuration GovernanceP P
• Shadow-ITP P
• Full AD and SIEM integrationP P P
Copyright © 2018 Forcepoint. | 16
CLOUD AGENT – SUPPORTED ACTIONS
Permit (default)
Safe copy
Quarantine with note
Unshare internal
Unshare external
Unshare all
Copyright © 2018 Forcepoint. | 17
Forcepoint on Forcepoint
Office 365 and Human Point Strategy in
Action
PUBLIC
Copyright © 2018 Forcepoint. | 18
FORCEPOINT CYBER DEFENSE VISION
Vision: Provide world-class security to protect Forcepoint from insiders &
outsiders, with no compromise to Privacy & Productivity; Showcase
Forcepoint’s Human Point System-in-action
Mission: Protect Forcepoint’s Assets
18
PUBLIC
Copyright © 2018 Forcepoint. | 19
FORCEPOINT ON FORCEPOINT – OFFICE 365
Migrated 2000 employees to O365 in four
months
Wanted more than just “email in the cloud”
Forcepoint’s O365 adoption journey:
Copyright © 2018 Forcepoint. | 20
Design Principles that influence Forcepoint’s Security
Implementation Architecture
CYBER DEFENSE ANCHORS
Usability in A Growing, Dynamic Workplace
Fostering speed, efficiency, & scale
The “Visibility Through Usability” model
Entering the Zero-Perimeter World
Managing identity & data beyond the legacy
perimeter
Shift to an Continuous Risk Adaptive model
Security beyond “Black and White”
Human Centric behavior as a key
Privacy is Key
Respect for individual privacy and cultural
implications
Legal compliance
Bridging Physical and Digital Security Realms
Unified process and technology/tools
Forcepoint On Forcepoint
Be the Customer Zero, and lighthouse customer
Showcase Forcepoint’s vision of an human-
centric approach to security
PUBLIC
Copyright © 2018 Forcepoint. | 21
My data is now
stored everywhere
(including systems
beyond my control) and
accessed from anywhere
I have too many point
solutions with a
disjointed security policy
Cloud Apps Identified
1,633
Forcepoint SOC
receives
~7000 alerts/day
~35000 events/day
Forcepoint SOC utilizes
40 → 24
different security solutions
I am drowning in alerts
and cannot determine
critical signal
By the time I figure
out what is going on,
it’s too late to stop
the data exfil
TODAY’S CYBERSECURITY CHALLENGES –
FORCEPOINT IS NOT UNIQUE
Zero Perimeter World & People Mobility
PUBLIC
Copyright © 2018 Forcepoint. | 22
ENTERPRISE SECURITY ARCHITECTURE
SOC ANALYSTS
SIEM
Forcepoint
SMC
Forcepoint
Insider
Threat
INTERNET
EMPLOYEES
MALICIOUS
WEB
COMPROMISED
DATA
Forcepoint
DLP
Forcepoint
CASB
Forcepoint
Security
Forcepoint
NGFW
Data
Encryption
Forcepoint
Web
Security
Forcepoint
NGFW
Forcepoint
NGFW
Forcepoint
Web
Security
Awareness
Training
Forcepoint
Insider
Threat
CLOUD
Forcepoint
DLP
Forcepoint
Security
Forcepoint
Insider
Threat
Forcepoint
UEBA
Identity
&
Access
Mgmt
PUBLIC
Copyright © 2018 Forcepoint. | 23
DATA STORED EVERYWHERE
My data is now stored everywhere (including systems
beyond my control) and accessed from anywhere Identity &
Access MGMTForcepoint
Web Security
‣ Leverage Web Logs + CASB to determine application usage
‣ Perform Risk Assessment on the application
‣ Approved application is moved to a Managed or Governed
status
‣ Managed - Integrate Applications into corporate IAM
‣ Governed - DLP policies extended via CASB w/ CASB Dashboard
‣Action plan based on risk to govern/manage all cloud activity:
42 Current Managed cloud services, with 43 High-Risk Apps
queued up.
‣Governance of cloud prevents ~$4-million-per average data
breach cost, and assures compliance (ISO, GDPR, SOC 2, etc.)
FORCEPOINT IN ACTION – PROTECTION IN THE CLOUD
Forcepoint DLPForcepoint
CASB
PUBLIC
Copyright © 2018 Forcepoint. | 24
TOO MANY POINT SOLUTIONS
I am drowning in alerts that have too many point
solutions with a disjointed security policy
Forcepoint
NGFW
Forcepoint
UEBA
‣ Architecture Simplification & Improved Efficiency
‣ Tool chain reduction: 40% reduction in 2017!!!
‣ SMC allows for single pane of glass
‣ Security Manager allows cross-product policies
‣Reliable indicators improve signal-to-noise ratio
‣ Reduced “Unknown File Format” DLP blocks via Security Manager
tagging known bad domains – 50% reduction!
‣Mean time to resolution goes down 100%, and productivity goes up
as analysts can focus on other important tasks.
FORCEPOINT IN ACTION – UNIFIED POLICY
Forcepoint DLP
Forcepoint CASB
PUBLIC
Copyright © 2018 Forcepoint. | 25
RISK ADAPTIVE PROTECTION
By the time I figure out what is going on,
it’s too late to stop the data exfil Risk Adaptive
Protection
Forcepoint
UEBA
‣ RAP provides continuous risk evaluation
‣ Varying actions based on employee risk level and value of
the data
‣ UEBA to trigger downstream app controls
‣ Control: Block removable media (DLP)
‣ Control: Block emails to free-mail addresses (ESG)
‣ Control: Increase user log verbosity (NGFW)
‣ Automated orchestration saves significant analyst
costs sifting noise on key policies. Expecting
response time and exposure window reduced by as
much as 95%.
FORCEPOINT IN ACTION - RAP
Forcepoint DLP
Forcepoint CASB
PUBLIC
Copyright © 2018 Forcepoint. | 26
Forcepoint helps maintain compliance in five key ways
CONSISTENT COMPLIANCE AS USERS AND DATA MIGRATE TO OFFICE 365 ECOSYSTEM & BEYOND
MAINTAIN CONSISTENT COMPLIANCE ACROSS 365 & BEYOND
FORCEPOINT HELPS MAINTAIN COMPLIANCE INTO OFFICE 365 & OTHER CLOUD APPS
IN FIVE KEY WAYS:
Data protection
standards,
including data
migration and
sovereignty
Identify license
over-spend
across all cloud
applications
Auditing of
workforce
and supplier
access activity
Privileged
access
management,
segregation of
duty & risk
adaptive access
management
Benchmarking
Office 365 and other
cloud application
deployment and
configuration to
industry or
regulatory standards
Copyright © 2018 Forcepoint. | 27
CASB - MAINTAIN CONSISTENT COMPLIANCE FOR 365 & BEYOND
Copyright © 2018 Forcepoint. | 28
CASB - TAKE BACK CONTROL OF UNSANCTIONED IT
Identify use of all cloud apps (sanctioned and unsanctioned) and understand organizational risk
Work with employees to migrate to sanctioned alternative (for apps that are competing with Office 365 apps), and block access to ungoverned apps
On-board legitimate Line of Business IT that was not acquired via IT procurement process (& apply correct due-diligence)
1 2 3
Identify and take control of unsanctioned cloud applications impacting full adoption of O365
Copyright © 2018 Forcepoint. | 29
CASB - TAKE BACK CONTROL OF UNSANCTIONED IT
Copyright © 2018 Forcepoint. | 30
NETWORKINGSD-WAN connects sites directly to the Internet
for performance needed for Office 365
Traffic prioritization & link selection improves user experience
SECURITYOnce connected to the Internet, each site needs
strong security
OPERATIONSCentralized management of distributed
networking and security ties it all together
Rethink your network to improve user experience and reduce
cost as you fully adopt the Microsoft O365
IMPLEMENT THE RIGHT NETWORK ARCHITECTURE
Copyright © 2018 Forcepoint. | 31
FORCEPOINT NGFW BUSINESS VALUE SNAPSHOT
Copyright © 2018 Forcepoint. | 32
FORCEPOINT’S OFFICE 365 SECURITY & COMPLIANCE SOLUTION
Identify & manage the risk of unsanctioned
cloud apps and BYO device access
Centralize security and compliance
management and reporting
Provide security operations with actionable
security management information
Transform the effectiveness of the security
program with pro-active security
Visibility
Forcepoint provides centralized view of unsanctioned cloud app use
impacting the full adoption of O365
Single point of visibility and enforcement of BYOD and managed device
access for Office 365 and other sanctioned cloud application in use
Program
Efficacy
Forcepoint integrates into the Microsoft ecosystem to improve the
accuracy and efficacy of data protection programs
Detect and prevent advanced threats, compromised account access,
malicious users & reduce risk of data loss or theft
Dynamic
Enforcement
Uniquely, Forcepoint DLP integrates user risk scoring from
behavior analytics to automate security policy enforcement to
remediate fraudulent activity before it happens
Integrated
System
Forcepoint’s Human Point System provides an integrated view of
users, data and cloud applications.
Forcepoint analytics provides context into user actions across
disparate data sources including O365 to identify high risk activity
Removes the barriers to successful
adoption of Office 365
Extends Microsoft’s integrated security to increase efficacy and
drive increased value in investments
Reduce risks and operational costs through centralized visibility &
control of security & compliance across O365 & other cloud apps
Copyright © 2018 Forcepoint. | 33
NEXT STEPS
Introducing the Cloud Threat Assessment
Cloud Threat Assessment Report details your cloud-application risk posture:• Cloud usage patterns. How potentially harmful activities happen in cloud applications across your organization.
• Geographical usage. Which countries your data is traveling to and from (you may be surprised).
• Privileged users. Do you have more administrators than you need?
• Dormant users. Are you overspending on unused licenses?
• Riskiest users. Who are your riskiest users and why?
forcepoint.com/cloud-threat-assessment
Copyright © 2018 Forcepoint. | 34
Thank you