todd bursch - amazon web services · microsoft office 365 –cloud hosted solution ….and because...

Copyright © 2017 Forcepoint | 1

Microsoft Office 365 – Make it a Secure

Journey for Digital Transformation

TODD BURSCHManager, Solution Architects

Copyright © 2018 Forcepoint. | 2

%

OF ORGANIZATIONSHAVE DEPLOYED

OFFICE 365

ONLY 1 in 20HAVE

FULLY MIGRATED

USERS TO OFFICE 3651

2

Source: 1)Barracuda 2017, 2) Skyhigh 2017


WHAT’S GETTING IN THE WAY OF THE SUCCESS?

SECURITY & COMPLIANCE

CONCERNS

WORKFORCE UNAWARE

OF CAPABILITIES

NETWORK ARCHITECTURE

IMPACTS USER EXPERIENCE70% of users don’t know how to use most of the Office 365 apps

69% of O365 customers experience bandwidth issue weekly

91% of organizations are very or moderately concerned about public cloud security.


THE TOP 5 O365 PROBLEMS

Users

Oversharing

data in

OneDrive

Attackers

stealing

credentials and

weak Office365

security policy

Audit & Control

Inappropriate

Admin

Actions

Discovery and

control of

Personal Data in

O365 for GDPR

purpose

Employees and

3rd parties

Accessing

Office365 from

BYOD devices


MICROSOFT OFFICE 365 – CLOUD HOSTED SOLUTION

Microsoft Office 365 is a cloud hosted solution & suite of services that a client can buy for a

monthly subscription. They maintain the software and platform that you use when you login

to the application on your IOS or Android phone or tablet or PC.

So what?

So what does that mean? Hosted? Maintained? Cloud? Secured???

Why would a client need another piece of software for an application that is managed by a

huge company like Microsoft ?

To answer that we need look as where we were before Cloud.

With locally operated software and security and then compare the enterprise cloud

deployment.


ON-PREM MICROSOFT OFFICE DEPLOYMENT

Before the world went cloud crazy we would buy servers, we would put an operating system

on them and load them with software like Microsoft server 2003, 2008, 2012R2 and create

file servers and application servers that would allow users to select servers they needed.

s

w

x

Internet

Network

Router

Firewall

s

w

x

s

w

x

s

w

x

We used active directory and SSO over our VLANs for segmentation

and set up firewalls to protect from people outside our domains.

DMZ’s, IPS, IDS, Network Monitoring and application logs, ICMP,0

SNMP, SSH and IPSEC… With this, you could see EVERYTHING!


MICROSOFT OFFICE 365 – CLOUD HOSTED SOLUTION

….and because all this equipment and software resided inside our building and

since we were the administrators, we had a sense of confidence that we knew what

was going on with our systems and software licenses. We could add security

whenever we needed and had total control over our domains.

So ….what’s changed??? EVERYTHING!!!

s

w

xRouter

Now you see… NOTHING.


ENTER THE CLOUD – ALSO KNOWN AS THE FOLLOWING:

SAAS – SOFTWARE AS A SERVICE

PAAS – PLATFORM AS A SERVICE

IAAS – INFRASTRUCTURE AS A SERVICE

FAAS - FUNCTION AS A SERVICE

WHAT DOES ANY OF THESE HAVE TO DO WITH OFFICE 365!?!?

Amazon, Microsoft,

IBM, Google,

Oracle, and a ton of

other tier providers


Pro

vid

er

Man

ag

ed

Pro

vid

er

Man

ag

ed

THE SHARED SECURITY MODEL

Enterprise ITInfrastructure

(as a Service)

Platform

(as a Service)

Software

(as a Service)

Identity & Access

Management

Client & Endpoint Protection

Data Classification &

Accountability

Identity & Access

Management



Accountability

Identity & Access

Management



Accountability

Identity & Access

Management



Accountability

Databases

Security

Applications

Servers

Virtualization

Operating Systems

Data Centers

Networking

Storage

Databases

Security

Applications

Operating Systems

Databases

Security

Applications

Servers

Virtualization

Operating Systems

Data Centers

Networking

Storage

Databases

Security

Applications

Servers

Virtualization

Operating Systems

Data Centers

Networking

Storage

Cu

sto

mer

Man

ag

ed

Cu

sto

mer

Man

ag

ed

Cu

sto

mer

Man

ag

ed

Cu

sto

mer

Man

ag

ed

Pro

vid

er

Man

ag

ed

Servers

Virtualization

Data Centers

Networking

Storage


25% Shared

Broadly

THE NEED TO GAIN VISIBILITY & CONTROL OF CRITICAL DATA

18% Uploaded files

contain sensitive data

12.5% Broadly

shared files contain

sensitive data

Business Partners

Personal Email Users

28%

6.2%

Anyone with the link

5.5%

Skyhigh & Symantec 2017

2.7%

Publicly Accessible


THE FORMULA FOR SUCCESSFUL ADOPTION

Enhance Microsoft’s

Integrated Cloud SecurityImprove the visibility & protection against

advanced threats and data loss across

Office 365 and other cloud applications

Maintain Consistent

Complianceinto the Microsoft ecosystem and beyond

Take back control of

Unsanctioned ITimpacting the full adoption of Office

365 and maintain workforce

productivity with reduced risk.

Implement The Right

Network Architectureto improve user experience and reduce cost

as you fully adopt the Microsoft applications

and migrate users to the cloud

To foster innovation and

increase productivity

whilst maintaining compliance

and reducing risks

SUCCESSFUL

ADOPTION


Gain visibility & control of BYOD

access across O365 & Other Cloud Apps

Enterprise-class, hybrid cloud data protection

Detect and prevent advanced threats

Identify & prevent high risk user

behaviour including compromised

account access, and malicious users

ENHANCE MICROSOFT’S INTEGRATED CLOUD SECURITY

Reduce security operational costs and configuration

risk


TYPICAL DLP ARCHITECTURE

Cloud Email

Cloud Security Services

Geo LB

Cloud App

ScannersCloud Web

Web Gateway

DLP Endpoint

Endpoint

Manager

Data

Discovery

CrawlerOCR

DLP Manager

DLP Endpoints

Incident

Risk RankingICAP

Email GatewayDATA

Virtual Email

Gateway in Azure

Endpoint

Manager

Remote Site

Endpoint

Manager

Data

Discovery

CrawlerSDWAN

DMZ

On-Prem DLP Services

Network

DLP


TYPICAL CASB ARCHITECTURE

CASB Cloud Gateway

CASB Management

Portal

Geo LB

Geo LB

CASB Cloud Service

Cloud App

Scanners

Devices with CASB

Agent

(Forward Proxy)

IDP / ADFS

(SSO Integration)

Access from

Any Device

Cloud Web

Web Content

GatewayUsers

AD ClientCloud

Discovery

Tool

SIEM Client

Management API

Inline Protection


CLOUD APP CONTROL COMPARISON

DLP with Cloud Apps Web Security with Cloud App Control

Module

DLP & Web Security with CASB Security

Suite

• Real-time activity auditing & control for managed devices P P P

• Real-time activity auditing & control for BYODP

• Service APIs activity auditing (+API mitigation)P P

• Anomaly detection & UBAP P P

• Data at RestP P

• Configuration GovernanceP P

• Shadow-ITP P

• Full AD and SIEM integrationP P P


CLOUD AGENT – SUPPORTED ACTIONS

Permit (default)

Safe copy

Quarantine with note

Unshare internal

Unshare external

Unshare all


Forcepoint on Forcepoint

Office 365 and Human Point Strategy in

Action

PUBLIC


FORCEPOINT CYBER DEFENSE VISION

Vision: Provide world-class security to protect Forcepoint from insiders &

outsiders, with no compromise to Privacy & Productivity; Showcase

Forcepoint’s Human Point System-in-action

Mission: Protect Forcepoint’s Assets

18

PUBLIC


FORCEPOINT ON FORCEPOINT – OFFICE 365

Migrated 2000 employees to O365 in four

months

Wanted more than just “email in the cloud”

Forcepoint’s O365 adoption journey:


Design Principles that influence Forcepoint’s Security

Implementation Architecture

CYBER DEFENSE ANCHORS

Usability in A Growing, Dynamic Workplace

Fostering speed, efficiency, & scale

The “Visibility Through Usability” model

Entering the Zero-Perimeter World

Managing identity & data beyond the legacy

perimeter

Shift to an Continuous Risk Adaptive model

Security beyond “Black and White”

Human Centric behavior as a key

Privacy is Key

Respect for individual privacy and cultural

implications

Legal compliance

Bridging Physical and Digital Security Realms

Unified process and technology/tools

Forcepoint On Forcepoint

Be the Customer Zero, and lighthouse customer

Showcase Forcepoint’s vision of an human-

centric approach to security

PUBLIC


My data is now

stored everywhere

(including systems

beyond my control) and

accessed from anywhere

I have too many point

solutions with a

disjointed security policy

Cloud Apps Identified

1,633

Forcepoint SOC

receives

~7000 alerts/day

~35000 events/day

Forcepoint SOC utilizes

40 → 24

different security solutions

I am drowning in alerts

and cannot determine

critical signal

By the time I figure

out what is going on,

it’s too late to stop

the data exfil

TODAY’S CYBERSECURITY CHALLENGES –

FORCEPOINT IS NOT UNIQUE

Zero Perimeter World & People Mobility

PUBLIC


ENTERPRISE SECURITY ARCHITECTURE

SOC ANALYSTS

SIEM

Forcepoint

SMC

Forcepoint

Insider

Threat

INTERNET

EMPLOYEES

EMAIL

MALICIOUS

WEB

COMPROMISED

DATA

Forcepoint

DLP

Forcepoint

CASB

Forcepoint

Email

Security

Forcepoint

NGFW

Data

Encryption

Forcepoint

Web

Security

Forcepoint

NGFW

Forcepoint

NGFW

Forcepoint

Web

Security

Awareness

Training

Forcepoint

Insider

Threat

CLOUD

Forcepoint

DLP

Forcepoint

Email

Security

Forcepoint

Insider

Threat

Forcepoint

UEBA

Identity

&

Access

Mgmt

PUBLIC


DATA STORED EVERYWHERE

My data is now stored everywhere (including systems

beyond my control) and accessed from anywhere Identity &

Access MGMTForcepoint

Web Security

‣ Leverage Web Logs + CASB to determine application usage

‣ Perform Risk Assessment on the application

‣ Approved application is moved to a Managed or Governed

status

‣ Managed - Integrate Applications into corporate IAM

‣ Governed - DLP policies extended via CASB w/ CASB Dashboard

‣Action plan based on risk to govern/manage all cloud activity:

42 Current Managed cloud services, with 43 High-Risk Apps

queued up.

‣Governance of cloud prevents ~$4-million-per average data

breach cost, and assures compliance (ISO, GDPR, SOC 2, etc.)

FORCEPOINT IN ACTION – PROTECTION IN THE CLOUD

Forcepoint DLPForcepoint

CASB

PUBLIC


TOO MANY POINT SOLUTIONS

I am drowning in alerts that have too many point

solutions with a disjointed security policy

Forcepoint

NGFW

Forcepoint

UEBA

‣ Architecture Simplification & Improved Efficiency

‣ Tool chain reduction: 40% reduction in 2017!!!

‣ SMC allows for single pane of glass

‣ Security Manager allows cross-product policies

‣Reliable indicators improve signal-to-noise ratio

‣ Reduced “Unknown File Format” DLP blocks via Security Manager

tagging known bad domains – 50% reduction!

‣Mean time to resolution goes down 100%, and productivity goes up

as analysts can focus on other important tasks.

FORCEPOINT IN ACTION – UNIFIED POLICY

Forcepoint DLP

Forcepoint CASB

PUBLIC


RISK ADAPTIVE PROTECTION

By the time I figure out what is going on,

it’s too late to stop the data exfil Risk Adaptive

Protection

Forcepoint

UEBA

‣ RAP provides continuous risk evaluation

‣ Varying actions based on employee risk level and value of

the data

‣ UEBA to trigger downstream app controls

‣ Control: Block removable media (DLP)

‣ Control: Block emails to free-mail addresses (ESG)

‣ Control: Increase user log verbosity (NGFW)

‣ Automated orchestration saves significant analyst

costs sifting noise on key policies. Expecting

response time and exposure window reduced by as

much as 95%.

FORCEPOINT IN ACTION - RAP

Forcepoint DLP

Forcepoint CASB

PUBLIC


Forcepoint helps maintain compliance in five key ways

CONSISTENT COMPLIANCE AS USERS AND DATA MIGRATE TO OFFICE 365 ECOSYSTEM & BEYOND

MAINTAIN CONSISTENT COMPLIANCE ACROSS 365 & BEYOND

FORCEPOINT HELPS MAINTAIN COMPLIANCE INTO OFFICE 365 & OTHER CLOUD APPS

IN FIVE KEY WAYS:

Data protection

standards,

including data

migration and

sovereignty

Identify license

over-spend

across all cloud

applications

Auditing of

workforce

and supplier

access activity

Privileged

access

management,

segregation of

duty & risk

adaptive access

management

Benchmarking

Office 365 and other

cloud application

deployment and

configuration to

industry or

regulatory standards


CASB - MAINTAIN CONSISTENT COMPLIANCE FOR 365 & BEYOND


CASB - TAKE BACK CONTROL OF UNSANCTIONED IT

Identify use of all cloud apps (sanctioned and unsanctioned) and understand organizational risk

Work with employees to migrate to sanctioned alternative (for apps that are competing with Office 365 apps), and block access to ungoverned apps

On-board legitimate Line of Business IT that was not acquired via IT procurement process (& apply correct due-diligence)

1 2 3

Identify and take control of unsanctioned cloud applications impacting full adoption of O365


CASB - TAKE BACK CONTROL OF UNSANCTIONED IT


NETWORKINGSD-WAN connects sites directly to the Internet

for performance needed for Office 365

Traffic prioritization & link selection improves user experience

SECURITYOnce connected to the Internet, each site needs

strong security

OPERATIONSCentralized management of distributed

networking and security ties it all together

Rethink your network to improve user experience and reduce

cost as you fully adopt the Microsoft O365

IMPLEMENT THE RIGHT NETWORK ARCHITECTURE


FORCEPOINT NGFW BUSINESS VALUE SNAPSHOT


FORCEPOINT’S OFFICE 365 SECURITY & COMPLIANCE SOLUTION

Identify & manage the risk of unsanctioned

cloud apps and BYO device access

Centralize security and compliance

management and reporting

Provide security operations with actionable

security management information

Transform the effectiveness of the security

program with pro-active security

Visibility

Forcepoint provides centralized view of unsanctioned cloud app use

impacting the full adoption of O365

Single point of visibility and enforcement of BYOD and managed device

access for Office 365 and other sanctioned cloud application in use

Program

Efficacy

Forcepoint integrates into the Microsoft ecosystem to improve the

accuracy and efficacy of data protection programs

Detect and prevent advanced threats, compromised account access,

malicious users & reduce risk of data loss or theft

Dynamic

Enforcement

Uniquely, Forcepoint DLP integrates user risk scoring from

behavior analytics to automate security policy enforcement to

remediate fraudulent activity before it happens

Integrated

System

Forcepoint’s Human Point System provides an integrated view of

users, data and cloud applications.

Forcepoint analytics provides context into user actions across

disparate data sources including O365 to identify high risk activity

Removes the barriers to successful

adoption of Office 365

Extends Microsoft’s integrated security to increase efficacy and

drive increased value in investments

Reduce risks and operational costs through centralized visibility &

control of security & compliance across O365 & other cloud apps


NEXT STEPS

Introducing the Cloud Threat Assessment

Cloud Threat Assessment Report details your cloud-application risk posture:• Cloud usage patterns. How potentially harmful activities happen in cloud applications across your organization.

• Geographical usage. Which countries your data is traveling to and from (you may be surprised).

• Privileged users. Do you have more administrators than you need?

• Dormant users. Are you overspending on unused licenses?

• Riskiest users. Who are your riskiest users and why?

forcepoint.com/cloud-threat-assessment


Thank you

todd bursch - amazon web services · microsoft office 365 –cloud hosted solution ….and because...

Documents