robert brzezinski - office 365 security & compliance: cloudy collaboration...really?

Robert Brzezinski, CHPS, CISABizWit LLC Information Security Risk ManagementColumbus, OHwww.bizwit.us

OFFICE 365 SECURITY AND COMPLIANCECLOUDY COLLABORATION … REALLY?

(C) 2011 - 2016 BizWit LLC

1.Understand Office 365 security and compliance

2.Satisfying business, security and compliance needs

3.Verify configuration4.Define audit scope5.Make educated decision

OFFICE 365 SECURITY AND COMPLIANCE

(C) 2011 - 2016 BizWit LLC


1. How hackers break in?2. Office 365 and Federal regulations?3. Email protection4. Protecting data and collaboration

environment5. Protecting user credentials 6. Meeting Compliance requirements7. Is the Cloud right for you?

(C) 2011 - 2016 BizWit LLC

Protection of Sensitive Data - # 1 driver for security spending (SANS)Regulatory Compliance - # 2 driver for security spending (SANS)

(C) 2011 - 2016 BizWit LLC

SECURITY PRIORITIES AND OFFICE 365

PRIORITY

Source: Verizon 2015 Data Breach Investigation Report (DBIR) Threats and Security Incidents

(C) 2011 - 2016 BizWit LLC

SECURITY PRIORITIES AND OFFICE 365

Source: Verizon 2016 Data Breach Digest (DBD)

(C) 2011 - 2016 BizWit LLC

Source: 2015 Verizon DBIR

• Email • Phishing / Malware• Malicious website• Compromised

credentials• Email mistakes

• Lost data or device• Compromised data• Compromised

credentials• Privilege misuse

Threat actions

HOW HACKERS BREAK IN? SECURITY PRIORITIES AND OFFICE 365

FBI – Business Email Compromise 2013-15Exposed Dollars Loss $800 M – $1.2 B

OFFICE 365 TRUST CENTER - COMPLIANCE WITH FEDERAL REGULATIONS

Top 10 compliance standards of Office 365: HIPAA, FedRAMP/FISMA, SSAE16, GLBA, PIPEDA, FERPA, EU, ISO 27001Office 365 receives FedRAMP Authority to Operate (ATO) from HHS OIGFBI CJIS Addendum

Office 365 listed in CSA Security, Trust & Assurance Registry (STAR)

(C) 2011 - 2016 BizWit LLC

OFFICE 365 PROTECTION OF SENSITIVE DATA

• Malware / malicious links / ransom

• Connection / IP: white, black and safe list

• Anti-spoofing technologies: DMARC & DKIM, SPF

• Trusted domains / connectors

(C) 2011 - 2016 BizWit LLC

Protecting Inbound EmailExchange Online Protection (EOP)

Phishing & Malware

Advanced Threat Protection (ATP)


(C) 2011 - 2016 BizWit LLC

Protecting Outbound Email and DataMail flow rules• Malware + / Flag external• Data Loss Prevention (DLP)• Encryption / decryption• Secure attachments• Email supervisory workflow• Incident reporting

Mobile device access

Miscellaneous Errors

DLP & ENCRYPTION

(C) 2011 - 2016 BizWit LLC


OFFICE 365 EMAIL COMPLIANCE

(C) 2011 - 2016 BizWit LLC

• Data Loss Prevention (DLP)• eDiscovery• Litigation Hold• Retention policies• Archiving• Auditing reports• Non-owner mailbox access• Admin and external admin log• Configuration changes by

admin• Admin role group changes

Privilege Misuse


(C) 2011 - 2016 BizWit LLC

Protecting Data - SharePoint CollaborationSites Architecture• Data Containers / Logical SeparationPermissions and sharing• Very granular permissions• External sharing blockingData Loss Prevention (DLP) & Alerting• SharePoint / OneDrive and Exchange• Malware scanning• Alerts for e.g. content changes



(C) 2011 - 2016 BizWit LLC

Protecting Data with Rights Management Services

• Encrypt attachments• Limit access and editing

capabilities• Manage content expiry• View document use


Information Rights Management for SharePoint and for Desktop / Email

• Protect / encrypt documents in place (on laptop)

(C) 2011 - 2016 BizWit LLC


Rights Management Services (RMS)


(C) 2011 - 2016 BizWit LLC

Rights Management Services (RMS)

(C) 2011 - 2016 BizWit LLC

OFFICE 365 SHAREPOINT COMPLIANCE

• Data Loss Prevention (DLP)• eDiscovery• Retention policies &

Archiving• Auditing reports• Editing or viewing content• Editing users and permissions• Office 365 audit logRights Management Services / Information Rights Management

Privilege Misuse


(C) 2011 - 2016 BizWit LLC


Protecting User Credentials - Security Configuration

User management in Office 365• Admin, licensing and self-service• Azure AD (Active Directory)• Synchronization• Authentication & notification• IP ranges

• Multifactor Authentication (MFA)

Privilege Misuse


(C) 2011 - 2016 BizWit LLC


Protecting User Credentials – Alerting & Reporting

User access monitoring • Sign ins from unknown

sources • Sign ins from IP addresses

with suspicious activity • Users with anomalous sign

in activity • Password reset activity

Privilege Misuse


(C) 2011 - 2016 BizWit LLC

• Exchange audit reports• Protect admins• Mail protection report -

operations• SharePoint reports• PowerShell

• Office 365 audit log reports


Auditing & Reporting• Azure AD reports + premium

EVIL ADMIN

(C) 2011 - 2016 BizWit LLC

• Office 365 audit log reports• File and folder activity e.g. downloaded

files• Sharing activities• Synchronization• ….• Site administration• Exchange mailbox activities• User administration

OFFICE 365 COMPLIANCEAuditing & Reporting

OFFICE 365 – SECURITY AND COMPLIANCE

Security• Email protection – anti-phishing, anti-spoofing• Data protection – DLP, RMS, encryption• User access security controls - Azure AD, MFA• Operational and security alerts and reportingCompliance• eDiscovery, Legal Hold, DLP, auditing / reporting• Regulatory compliance – BAA, FedRAMP, CSA

Core for building information security strategy(C) 2011 - 2016 BizWit LLC

PRIORITY

(C) 2011 - 2016 BizWit LLC

OFFICE 365 SECURITY & AZURE SERVICES

THREAT INTELLIGENCE


Robert Brzezinski, MBA, CHPS, CISABizWit LLC Information Security Risk [email protected]

(C) 2011 - 2016 BizWit LLC

Better InfoSec image? ;o)

http://www.bizwit.us/

mailto:[email protected]

robert brzezinski - office 365 security & compliance: cloudy collaboration...really?

Technology