the security gap: protecting healthcare data in office 365
TRANSCRIPT
webinaraugust 17
2016
the security gap:
protecting healthcare
data in o365
poll:what is your
biggest concern with
moving to o365?
STORYBOARDS
office 365 is the leading SaaS productivity suite:market share has tripled year over year
2014 2015
google apps office 365
other
16.3%
7.7%
76%
22.8%
25.2%52%
STORYBOARDS
the traditional approach to
security is inadequate
STORYBOARDS
the office 365 security stackshared responsibility model
enterprise(CASB)
end-user devicesvisibility & analytics
data protectionidentity & access control
applicationstorageserversnetwork
STORYBOARDS
healthcare security needs:mitigating threats while empowering users
■ Visibility and control over corporate data■ Restrict access on unmanaged devices■ Prevent account hacking■ Limit external sharing
STORYBOARDS
components of o365 security
identity
cloud
access
mobile
STORYBOARDS
cloud and access:
■ External sharing is made easier than ever with Office 365
■ Granular access controls should be based on context (e.g. device type, user, geo)
■ DLP is critical to securing PHI in risky contexts○ Complete security solutions should
be content-aware, apply DLP at download
STORYBOARDS
mobile:protect data across all devices, managed and unmanaged
■ Demand for byod continues to rise
■ Employees have rejected mdm and mam
■ IT must securely enable access to frequently used apps
STORYBOARDS
identity:centralized identity management is key to securing data
■ Cloud app identity management should maintain the best practices of on-prem identity
■ Limit potential breaches with contextual multi-factor auth for high risk logins
STORYBOARDS
■ BYOD blindspot - O365 DLP is not geared toward protecting data on BYOD
■ High operational overhead - Complex to configure and maintain
■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office 2016 on PCs
■ High cost - Must have top of the line license
■ Point solution - Support focused on Office 365, what about other cloud apps?
office 365 native dlp limitations
STORYBOARDS
casb security:a data-centric approach
o365 requires a new security architecture
■ cross-device, cross-platform agentless data security
■ real-time protection■ limit high-risk activities like external
file sharing
■ detailed logging for compliance and audit
STORYBOARDS
managed devices
application access mode data protection
unmanaged devices /
byod
in the cloud
● profile-agent● VPN+IP-restriction
● DLP/DRM/encryption ● Device controls, e.g PIN● Agentless Selective wipe● Client apps: allow/block ● OneDrive
● Sharepoint API● Quarantine DLP● Block external shares● Alert on DLP events
office 365 use casereal-time inline data protection on any device
Legacy Auth Apps e.g Office 2010
● Full access
Modern Auth Apps e.g Office 2013+
● profile agent● VPN+IP-restriction● certificates
● Full access
● Browser● ActiveSync Mail● Client apps
● Reverse-proxy + AJAX-VM● ActiveSync Proxy
STORYBOARDS
secure office 365 + byod
challenge: ■ Inadequate native O365 security■ Controlled access from any device■ Limit external sharing■ Interoperable with existing
infrastructure, e.g. Bluecoat, ADFS
solution: ■ Real-time data visibility and control
powered by Citadel■ DLP policy enforcement at upload
or download■ Quarantine externally-shared
sensitive files in cloud ■ Controlled unmanaged device
access via Omni
fortune 50 healthcare firm
STORYBOARDS
challenge:
■ Existing solution, AT&T Toggle, was obsolete
■ HIPAA compliant BYOD■ Migration path to Office 365
solution: ■ Agentless deployment ■ Preservation of employee privacy■ DLP of PII, PCI & PHI
■ Selective wipe; device PIN & encryption
■ Improved mobility for care providers
major US hospital system
secure office 365 + byod
STORYBOARDS
our mission
total data
protection
resources:more info about office 365 security
■ whitepaper: definitive guide to casbs
■ case study: ad agency secures o365
■ infographic: cloud adoption in healthcare
STORYBOARDS
bitglass.com@bitglass