robert brzezinski - office 365 security & compliance: cloudy collaboration...really?
TRANSCRIPT
Robert Brzezinski, CHPS, CISABizWit LLC Information Security Risk ManagementColumbus, OHwww.bizwit.us
OFFICE 365 SECURITY AND COMPLIANCECLOUDY COLLABORATION … REALLY?
(C) 2011 - 2016 BizWit LLC
1.Understand Office 365 security and compliance
2.Satisfying business, security and compliance needs
3.Verify configuration4.Define audit scope5.Make educated decision
OFFICE 365 SECURITY AND COMPLIANCE
(C) 2011 - 2016 BizWit LLC
OFFICE 365 SECURITY AND COMPLIANCE
1. How hackers break in?2. Office 365 and Federal regulations?3. Email protection4. Protecting data and collaboration
environment5. Protecting user credentials 6. Meeting Compliance requirements7. Is the Cloud right for you?
(C) 2011 - 2016 BizWit LLC
Protection of Sensitive Data - # 1 driver for security spending (SANS)Regulatory Compliance - # 2 driver for security spending (SANS)
(C) 2011 - 2016 BizWit LLC
SECURITY PRIORITIES AND OFFICE 365
PRIORITY
Source: Verizon 2015 Data Breach Investigation Report (DBIR) Threats and Security Incidents
(C) 2011 - 2016 BizWit LLC
SECURITY PRIORITIES AND OFFICE 365
Source: Verizon 2016 Data Breach Digest (DBD)
(C) 2011 - 2016 BizWit LLC
Source: 2015 Verizon DBIR
• Email • Phishing / Malware• Malicious website• Compromised
credentials• Email mistakes
• Lost data or device• Compromised data• Compromised
credentials• Privilege misuse
Threat actions
HOW HACKERS BREAK IN? SECURITY PRIORITIES AND OFFICE 365
FBI – Business Email Compromise 2013-15Exposed Dollars Loss $800 M – $1.2 B
OFFICE 365 TRUST CENTER - COMPLIANCE WITH FEDERAL REGULATIONS
Top 10 compliance standards of Office 365: HIPAA, FedRAMP/FISMA, SSAE16, GLBA, PIPEDA, FERPA, EU, ISO 27001Office 365 receives FedRAMP Authority to Operate (ATO) from HHS OIGFBI CJIS Addendum
Office 365 listed in CSA Security, Trust & Assurance Registry (STAR)
(C) 2011 - 2016 BizWit LLC
OFFICE 365 PROTECTION OF SENSITIVE DATA
• Malware / malicious links / ransom
• Connection / IP: white, black and safe list
• Anti-spoofing technologies: DMARC & DKIM, SPF
• Trusted domains / connectors
(C) 2011 - 2016 BizWit LLC
Protecting Inbound EmailExchange Online Protection (EOP)
Phishing & Malware
Advanced Threat Protection (ATP)
OFFICE 365 PROTECTION OF SENSITIVE DATA
(C) 2011 - 2016 BizWit LLC
Protecting Outbound Email and DataMail flow rules• Malware + / Flag external• Data Loss Prevention (DLP)• Encryption / decryption• Secure attachments• Email supervisory workflow• Incident reporting
Mobile device access
Miscellaneous Errors
DLP & ENCRYPTION
(C) 2011 - 2016 BizWit LLC
OFFICE 365 PROTECTION OF SENSITIVE DATA
OFFICE 365 EMAIL COMPLIANCE
(C) 2011 - 2016 BizWit LLC
• Data Loss Prevention (DLP)• eDiscovery• Litigation Hold• Retention policies• Archiving• Auditing reports• Non-owner mailbox access• Admin and external admin log• Configuration changes by
admin• Admin role group changes
Privilege Misuse
OFFICE 365 PROTECTION OF SENSITIVE DATA
(C) 2011 - 2016 BizWit LLC
Protecting Data - SharePoint CollaborationSites Architecture• Data Containers / Logical SeparationPermissions and sharing• Very granular permissions• External sharing blockingData Loss Prevention (DLP) & Alerting• SharePoint / OneDrive and Exchange• Malware scanning• Alerts for e.g. content changes
Miscellaneous Errors
OFFICE 365 PROTECTION OF SENSITIVE DATA
(C) 2011 - 2016 BizWit LLC
Protecting Data with Rights Management Services
• Encrypt attachments• Limit access and editing
capabilities• Manage content expiry• View document use
Miscellaneous Errors
Information Rights Management for SharePoint and for Desktop / Email
• Protect / encrypt documents in place (on laptop)
(C) 2011 - 2016 BizWit LLC
OFFICE 365 PROTECTION OF SENSITIVE DATA
Rights Management Services (RMS)
OFFICE 365 PROTECTION OF SENSITIVE DATA
(C) 2011 - 2016 BizWit LLC
Rights Management Services (RMS)
(C) 2011 - 2016 BizWit LLC
OFFICE 365 SHAREPOINT COMPLIANCE
• Data Loss Prevention (DLP)• eDiscovery• Retention policies &
Archiving• Auditing reports• Editing or viewing content• Editing users and permissions• Office 365 audit logRights Management Services / Information Rights Management
Privilege Misuse
Miscellaneous Errors
(C) 2011 - 2016 BizWit LLC
OFFICE 365 PROTECTION OF SENSITIVE DATA
Protecting User Credentials - Security Configuration
User management in Office 365• Admin, licensing and self-service• Azure AD (Active Directory)• Synchronization• Authentication & notification• IP ranges
• Multifactor Authentication (MFA)
Privilege Misuse
Miscellaneous Errors
(C) 2011 - 2016 BizWit LLC
OFFICE 365 PROTECTION OF SENSITIVE DATA
Protecting User Credentials – Alerting & Reporting
User access monitoring • Sign ins from unknown
sources • Sign ins from IP addresses
with suspicious activity • Users with anomalous sign
in activity • Password reset activity
Privilege Misuse
Miscellaneous Errors
(C) 2011 - 2016 BizWit LLC
• Exchange audit reports• Protect admins• Mail protection report -
operations• SharePoint reports• PowerShell
• Office 365 audit log reports
OFFICE 365 PROTECTION OF SENSITIVE DATA
Auditing & Reporting• Azure AD reports + premium
EVIL ADMIN
(C) 2011 - 2016 BizWit LLC
• Office 365 audit log reports• File and folder activity e.g. downloaded
files• Sharing activities• Synchronization• ….• Site administration• Exchange mailbox activities• User administration
OFFICE 365 COMPLIANCEAuditing & Reporting
OFFICE 365 – SECURITY AND COMPLIANCE
Security• Email protection – anti-phishing, anti-spoofing• Data protection – DLP, RMS, encryption• User access security controls - Azure AD, MFA• Operational and security alerts and reportingCompliance• eDiscovery, Legal Hold, DLP, auditing / reporting• Regulatory compliance – BAA, FedRAMP, CSA
Core for building information security strategy(C) 2011 - 2016 BizWit LLC
PRIORITY
(C) 2011 - 2016 BizWit LLC
OFFICE 365 SECURITY & AZURE SERVICES
THREAT INTELLIGENCE
OFFICE 365 SECURITY AND COMPLIANCE
Robert Brzezinski, MBA, CHPS, CISABizWit LLC Information Security Risk [email protected]
(C) 2011 - 2016 BizWit LLC
Better InfoSec image? ;o)