office 365 security and compliance it’s getting cloudy out...

Robert Brzezinski, CHPS, CISA

BizWit LLC

Information Security Risk Management

www.bizwit.us

Office 365 Security and ComplianceIt’s getting cloudy out there!

Office 365 Security and Compliance

1. Understand Office 365 security and

compliance

2. Satisfy business, security and compliance

needs

3. Verify configuration

4. Define audit scope

5. Focus On Security

and avoid compliance myopia.


1. How hackers break in?

2. Office 365 and Federal regulations?

3. Email protection

4. Protecting data and collaboration

environment

5. Protecting user credentials

6. Meeting Compliance requirements

7. Is the Cloud right for you?

Security Priorities and Office 365

Protection of Sensitive Data - # 1 driver for security spending (SANS)

Regulatory Compliance - # 2 driver for security spending (SANS)

Security Priorities and Office 365

Source: Verizon 2016 Data Breach Investigation Report (DBIR) Threats and Security Incidents

Insider and Privilege Misuse - Actors

FBI – Business Email Compromise 2013-15Exposed Dollars Loss $800 M – $1.2 B

How hackers break in? Security priorities and Office 365

• Email

• Phishing / Malware

• Malicious website

• Compromised credentials

• Email mistakes

• Lost data or device

• Compromised data

• Compromised credentials

• Privilege misuse

Office 365 Trust Center - Compliance with federal regulations

Top 10 compliance standards of Office 365:

HIPAA, FedRAMP/FISMA, SSAE16, GLBA, PIPEDA,

FERPA, EU, ISO 27001

Office 365 receives FedRAMP Authority to Operate (ATO) from HHS OIG

FBI CJIS Addendum

Office 365 listed in CSA Security, Trust & Assurance

Registry (STAR)

Office 365 Protection of Sensitive data

• Malware / malicious links / ransom

• Connection / IP: white, black

and safe list

• Anti-spoofing technologies: DMARC & DKIM, SPF

• Trusted domains / connectors

Protecting Inbound Email

Exchange Online Protection (EOP)

Advanced Threat Protection (ATP)

Phishing & Malware


• Malware + / Flag external

• Data Loss Prevention (DLP)• Encryption / decryption• Secure attachments

• Email supervisory workflow• Incident reporting

Protecting Outbound Email and Data

Mail flow rules

Mobile device access

Miscellaneous Errors


DLP & Encryption

Office 365 Email Compliance

• Data Loss Prevention (DLP)• eDiscovery• Litigation Hold• Retention policies• Archiving• Auditing reports

• Non-owner mailbox access

• Admin and external admin log

• Configuration changes by admin

• Admin role group changes

Privilege Misuse


Protecting Data - SharePoint Collaboration

Sites Architecture• Data Containers / Logical Separation

Permissions and sharing• Very granular permissions

• External sharing blocking

Data Loss Prevention (DLP) & Alerting• SharePoint / OneDrive and Exchange

• Malware scanning

• Alerts for e.g. content changesMiscellaneous

Errors


Protecting Data with Rights Management Services

• Encrypt attachments• Limit access and editing

capabilities

• Manage content expiry• View document use

Information Rights Management for

SharePoint and for Desktop / Email

• Protect / encrypt documents in place (on laptop)



Rights Management Services (RMS)

Office 365 SharePoint Compliance

• Data Loss Prevention (DLP)• eDiscovery• Retention policies & Archiving• Auditing reports

• Editing or viewing content

• Editing users and permissions

• Office 365 audit log

Rights Management Services / Information Rights Management

Privilege Misuse


Office 365 Protection of Sensitive Data

Protecting User Credentials - Security Configuration

User management in Office 365• Admin, licensing and self-service

• Azure AD (Active Directory)• Synchronization

• Authentication & notification

• IP ranges

• Multifactor Authentication (MFA)• AzureAD Identity Protection• Azure Privileged Identity Protection

Privilege Misuse



Protecting User Credentials - Alerting & Reporting

Privilege Misuse


User access monitoring • Sign ins from unknown sources • Sign ins from IP addresses with

suspicious activity • Users with anomalous sign in • Password reset activity

• AzureAD Identity Protection• Azure Privileged Identity Protection


Auditing & Reporting

• Exchange audit reports• Protect admins

• Mail protection report - operations

• SharePoint reports• PowerShell

• Office 365 audit log reports

• Azure AD reports + premium

Office 365 Compliance

Office 365 audit log reports• File and folder activity e.g. downloaded files

• Sharing activities

• Synchronization

• ….

• Site administration

• Exchange mailbox activities

• User administration

Auditing & Reporting

Office 365 Security & Compliance


Security• Email protection – anti-phishing, anti-spoofing

• Data protection – DLP, RMS, encryption

• User access security controls - Azure AD, MFA

• Operational and security alerts and reporting

Compliance• eDiscovery, Legal Hold, DLP, auditing / reporting

• Regulatory compliance – BAA, FedRAMP, CSA

Core for building information security strategy

PRIORITY

Office 365 Security & Azure Services

THREAT INTELLIGENCE - SIEM


Robert Brzezinski, CHPS, CISA

BizWit LLC

Information Security Risk Management

www.bizwit.us

[email protected]

Copyright 2016 John Klossner, www.jklossner.com

office 365 security and compliance it’s getting cloudy out...

Documents