windows 10 and office 365: double trouble for …...private and confidential 2 windows 10 driving...
TRANSCRIPT
Private and Confidential
Windows 10 and Office 365: Double Trouble for Cloud Security?
Phil DiCorpo, Sr. Director, Product Management
Private and Confidential 2
Windows 10 Driving Office 365 Adoption
Windows 10’s universal app turns
any windows 10 phone or laptop
into a desktop
The only way to utilize
functionality is via
Office 365
Private and Confidential 3
Microsoft’s Office 365 Land-and-Expand has Begun
Migration from on-
premises Office
365 in the cloud
has just begun and
will continue to
grow rapidly
Private and Confidential 4
Microsoft Driving Adoption through Bundling
Office 365
automatically
enables OneDrive
for attachments
across all users
Private and Confidential 5
It’s Working – Office 365 Surpasses SFDC, Box, Google
Private and Confidential 6
Office 365 is Home to Business-Critical Data
Even in it’s early
stages, Office 365
is receiving
massive volumes
of corporate data
Private and Confidential 7
Sensitive Data within Office 365
Organizations are
storing highly
sensitive data
within
SharePoint and
OneDrive today
Private and Confidential 8
The Average Enterprise Collaborates with 72 Business Partners via OneDrive and SharepPoint
Enterprises are
connecting to a
large number of
partners,
customers, and
vendors via
Office 365
Private and Confidential 9
Users Store Their Corporate Passwords on OneDrive
Users are
uploading a
concerning
number of
documents that
expose their
organization to
risk
Private and Confidential 10
Visibility
Challenges
• Companies use an average of 57 file-sharing services
• Employees store sensitive data in Office 365
Security Requirements
• Which users are using high-risk unsanctioned services?
• Where is sensitive data stored in Office 365, and
who’s sharing with who?
IT Security Challenges for Office 365 Customers
Private and Confidential 11
Threat Protection
Challenges
• 85% of companies have insider threat anomalies
• 92% have employee credentials for sale
Security Requirements
• How do we identify insider threats and compromised accounts?
• How do we monitor privilege access and track all user and admin activity for forensics?
IT Security Challenges for Office 365 Customers
Private and Confidential 12
Compliance
Challenges
• 17% of all files uploaded contain sensitive data
• 18% of files are shared with personal email addresses
Security Requirements
• Are we in compliance with industry regulations and internal policies?
• How do we understand publicly shared data and restrict sharing to trusted business partners?
IT Security Challenges for Office 365 Customers
Private and Confidential 13
Data Security
Challenges
• Data protection/residency policies require encryption
• 94% of employees want access to cloud on mobile
Security Requirements
• How do we encrypt sensitive data while preserving search?
• How do we support BYOD without putting sensitive data at risk?
IT Security Challenges for Office 365 Customers
Private and Confidential 14
The Cloud Needs a Control Point aka CASB
Data flowing to Shadow IT
Data flowing from Sanctioned Cloud
CASB
Private and Confidential 15
Gartner’s #1 security technology of 2015: Cloud Access Security Broker (CASB)
Private and Confidential 16
Addressing IT Security Challenges: Step 2 – Threat Protection
Enterprise Integrations Integrate with Firewalls – Proxies – SIEMs – AD – RMS – SSO – DLP – Key Brokers – CSPs
• Identify all users and groups for file-sharing and collaboration services
• Standardize and coach users to use Office 365
• Perform on-demand data scan to identify sensitive content
Visibility
Private and Confidential 17
Addressing IT Security Challenges: Step 2 – Threat Protection
Enterprise Integrations Integrate with Firewalls – Proxies – SIEMs – AD – RMS – SSO – DLP – Key Brokers – CSPs
Threat Protection
• Detect anomalous activity while minimizing false positives
• Identify and prevent data exfiltration via shadow IT • Log user activity and generate audit trail for compliance and forensics
Private and Confidential 18
Addressing IT Security Challenges: Step 3 – Compliance
Enterprise Integrations Integrate with Firewalls – Proxies – SIEMs – AD – RMS – SSO – DLP – Key Brokers – CSPs
• Enforce DLP policies to protect sensitive and regulated data
• Review DLP violations and take action with closed-loop remediation
• Enforce internal and external collaboration policies
Compliance
Private and Confidential 19
Addressing IT Security Challenges: Step 2 – Data Security
Enterprise Integrations Integrate with Firewalls – Proxies – SIEMs – AD – RMS – SSO – DLP – Key Brokers – CSPs
• Encrypt unstructured data while preserving critical functionality • Enable access and actions based on user, device, data, and location
• Increase authentication requirements based on anomalous activity
Data Security
Private and Confidential 20
My Call to Action – Help You Become an Enabler
“We have gone from CIO to CI-NO. I want to become the Chief Enabler for my business - Skyhigh lets me do that!” - Brian Lillie, CIO. Equinix
Start with Visibility – O365 Audit
1. Sensitive content in O365 (.PST, encrypted, password files)
2. Sensitive docs shared externally
3. Administrator setting report
4. High-risk behavioral anomalies
5. Actionable recommendations
Private and Confidential 21
Backup
Private and Confidential 22
Visibility Use Cases for CASB
Understand use and risk, enable services in demand
Usage Analytics
Private and Confidential 23
Visibility Use Cases for CASB
Understand use and risk, enable services in demand
Usage Analytics
Standardize and coach users to sanctioned cloud
services
Just-in-time Coaching
Private and Confidential 24
Visibility Use Cases for CASB
Understand use and risk, enable services in demand
Usage Analytics
Standardize and coach users to sanctioned cloud
services
Just-in-time Coaching
Govern cloud usage; streamline cloud service
risk assessment
Cloud Governance
Private and Confidential 25
Visibility Use Cases for CASB
Understand use and risk, enable services in demand
Usage Analytics
Standardize and coach users to sanctioned cloud
services
Just-in-time Coaching
Perform on-demand scan to identify sensitive data in
sanctioned services
On-demand Data Scan
Govern cloud usage; streamline cloud service
risk assessment
Cloud Governance
Private and Confidential 26
Threat Protection Use Cases for CASB
Detect data exfiltration attempts via shadow IT
User Behavior Analytics for Shadow IT
Global Construction
Company
Private and Confidential 27
Threat Protection Use Cases for CASB
Detect data exfiltration attempts via shadow IT
User Behavior Analytics for Shadow IT
Global Construction
Company
Identify and prevent malicious or accidental
insider threats
User Behavior Analytics for Sanctioned IT
Private and Confidential 28
Threat Protection Use Cases for CASB
Detect data exfiltration attempts via shadow IT
User Behavior Analytics for Shadow IT
Global Construction
Company
Identify and prevent malicious or accidental
insider threats
User Behavior Analytics for Sanctioned IT
Detect compromised accounts and enable
stepped-up authentication
Geo-location Analytics
Private and Confidential 29
Threat Protection Use Cases for CASB
Detect data exfiltration attempts via shadow IT
User Behavior Analytics for Shadow IT
Global Construction
Company
Provide audit trail of all activities for forensics and
investigations
Activity Monitoring
Identify and prevent malicious or accidental
insider threats
User Behavior Analytics for Sanctioned IT
Detect compromised accounts and enable
stepped-up authentication
Geo-location Analytics
Private and Confidential 30
Compliance Use Cases for CASB
Enforce DLP to protect sensitive data and comply
with internal policies
Cloud DLP
Private and Confidential 31
Compliance Use Cases for CASB
Enforce DLP to protect sensitive data and comply
with internal policies
Cloud DLP
Enforce DLP to comply with regulatory requirements (PCI,
HIPAA, etc.)
Industry-specific DLP Templates
Private and Confidential 32
Compliance Use Cases for CASB
Enforce DLP to protect sensitive data and comply
with internal policies
Cloud DLP
Enforce DLP to comply with regulatory requirements (PCI,
HIPAA, etc.)
Industry-specific DLP Templates
Deploy closed-loop remediation workflow with
enterprise DLP
Closed-loop Policy Enforcement
Private and Confidential 33
Compliance Use Cases for CASB
Enforce DLP to protect sensitive data and comply
with internal policies
Cloud DLP
Enforce DLP to comply with regulatory requirements (PCI,
HIPAA, etc.)
Industry-specific DLP Templates
Deploy closed-loop remediation workflow with
enterprise DLP
Closed-loop Policy Enforcement Collaboration Control
Enforce internal and external collaboration policies
Private and Confidential 34
Data Security Use Cases for CASB
Contextual Access Control
Enforce access control policies for
managed/unmanaged devices
Private and Confidential 35
Data Security Use Cases for CASB
Contextual Access Control
Enforce access control policies for
managed/unmanaged devices
Encrypt structured data while preserving functionality
Function-preserving Encryption
Private and Confidential 36
Data Security Use Cases for CASB
Contextual Access Control
Enforce access control policies for
managed/unmanaged devices
Encrypt structured data while preserving functionality
Function-preserving Encryption
Encrypt unstructured data while preserving search
Search-Preserving Encryption
Private and Confidential 37
Data Security Use Cases for CASB
Contextual Access Control
Enforce access control policies for
managed/unmanaged devices
Encrypt structured data while preserving functionality
Function-preserving Encryption
Encrypt unstructured data while preserving search
Search-Preserving Encryption
Protect intellectual property with digital rights
management
Rights Management System
Private and Confidential 38
Skyhigh Deployment Architecture
API
AD / LDAP
HSM via KMIP
SIEM
Reverse Proxy
Enterprise Connector
On-Prem DLP
Integrations
• Deployed in production and proven at scale at some of the world’s largest enterprises
• Enables both API- and proxy-based control as recommended by Gartner
• Enterprise connector deployed as a lightweight software application or VM available for installation on Windows, Linux, or Mac
On- and Off-
Network Users Partner and Customers
Private and Confidential 39
Visibility: Usage Analytics
• Identify users and groups using cloud-based file-sharing and collaboration services
• Understand the risk of each service based on 50+ attributes
• Eliminate the use of high-risk services through blocking and education
Private and Confidential 40
Visibility: Coaching
• Educate users on the risk of unsanctioned high-risk services
• Coach users over to Office
365 with just-in-time educational messages
• Reduce cost, lower risk and drive preferred behavior without creating help desk calls
Private and Confidential 41
Visibility: On-Demand Data Scan
• Examine existing content to identify sensitive data (PII, PHI, personal email folders, etc.)
• Identify documents shared
with personal email address • Identify content subject to
eDiscovery/litigation hold requirements
Private and Confidential 42
Threat Protection: Behavioral Analytics
• Leverage machine learning to detect insider threat stemming from inappropriate privileged access, excessive access, and data exfiltration
• Take into account the context of the user, application, data, action, device, and location
• Improve accuracy by leveraging comprehensive data models incorporating user behaviors across cloud services
Private and Confidential 43
Threat Protection: Privileged User Monitoring
• Audit administrative privileges across all users and identify dormant accounts and accounts not matching an AD user
• Edit permissions to provide appropriate levels of access for administrators
• Monitor all activities including escalation of privileges, user provisioning, and sensitive data access
Private and Confidential 44
Threat Protection: Geo-location Analytics
• Provide visualization and data on users accessing Office 365 from different geographies
• Leverage machine learning to detect compromised accounts
• Identify cross-region access indicative of impossible travel
Private and Confidential 45
Threat Protection: Activity Monitoring
• Provide audit trail of all user and admin actions for compliance and investigations
• Track over 85 actions using Office 365’s Activity Monitoring APIs
• Provide visibility into internal and external content sharing
Private and Confidential 46
Compliance: Cloud Data Loss Prevention
• Ensure compliance with PCI DSS, HIPAA, HITECH, GLBA, SOX, CIPA, FISMA, and FERPA
• Enforce granular DLP policies based on keywords, regular expressions, file characteristics, and user activity
• Utilize pre-built industry templates or leverage the investment made in on-premise DLP systems and workflow
Private and Confidential 47
Compliance: Policy Violations
• Review all policy violations via a consolidated interface
• Understand the severity and nature of each incident
• Respond efficiently to DLP, access, and collaboration policy violations from within Skyhigh or or feed incidents into an existing SIEM
Private and Confidential 48
Compliance: Closed-Loop Policy Enforcement
• Review policy violations with all key details to determine appropriate action
• Take action via alert, block, tombstone, or quarantine in response to DLP violations
• Leverage closed-loop remediation with enterprise DLP systems
Private and Confidential 49
Compliance: Skyhigh Integration with Enterprise DLP
Office Users
Mobile Users
Company
On-prem DLP
For those files that violate the DLP policy, Skyhigh can quarantine/tombstone the files in Office 365.
As new files are added/modified in Office 365, Skyhigh scans the files per the company’s DLP policy.
Skyhigh monitors Office 365 for content changes.
A list of Office 365 files needing additional examination by the on-prem DLP solution is sent to the on-prem Skyhigh Enterprise Connector.
The Skyhigh Enterprise Connector retrieves the files and passes them via ICAP to the DLP solution for further examination.
Enterprise Connector
BLOCK
Private and Confidential 50
Compliance: Internal & External Collaboration
• Identify all internal and external collaborators within a service
• Understand the details of sensitive data shared with each collaborator
• Identify risky external parties with
access to sensitive information
Private and Confidential 51
Compliance: Secure Collaboration
• Protect data by enforcing granular sharing permission policies based on domain whitelist / blacklist and the sensitivity of content
• Enforce policies seamlessly without impacting user behavior
• Notify users to facilitate ongoing education
Private and Confidential 52
Data Security: Contextual Access Control
• Enforce access control policies based on user, device, data, and geography
• Support BYOD and create separate policies for managed and unmanaged devices
• Define permissions to view, edit, and download based on context
Private and Confidential 53
Data Security: Adaptive Policies
• Create policies that adapt to context such as user reputation and data sensitivity
• Force additional authentication automatically based on policies
• Protect against insider threats and compromised accounts proactively
Private and Confidential 54
Data Security: Encryption
• Protect unstructured data with peer- and academia-reviewed encryption
• Preserve application functionality such as search
• Control your own encryption keys
Private and Confidential 55
Data Security: Rights Management System
• Protect Intellectual property using integrations with RMS systems
• Define an enforce a circle of trust for any given document
• Proven integration with Microsoft RMS
Private and Confidential 56
The Skyhigh Difference for O365
Proven Integration with Enterprise DLP
Large scale deployments and high availability with multiple Enterprise DLP servers
Granular closed-loop remediation
Support for SharePoint Online
Enables DLP, on-demand scanning, and activity monitoring
Supports selective monitoring of sites within SharePoint
Proven at Scale in Large Enterprises
Proven at large enterprises across 2M+ users
Deployed at enterprises with hundreds of thousands of users
Searchable Symmetric Encryption
Peer and academia-reviewed schemes that support ability to search encrypted files
Ensures security by keeping the search index encrypted
Multiple Modes of Integration
Supports both API- and proxy-based integration for flexibility and comprehensive policy enforcement
Patented SSO integration for transparent intermediation
Private and Confidential 57
Sample Skyhigh for Office 365 Customers
“Skyhigh helps us securely enable high-impact cloud services like Office 365 while ensuring data security and compliance with HIPAA and HITECH.” - Mark Dunkerley, InfoSec Manager, Adventist Health System
Private and Confidential 58
Skyhigh for Office365 Feature Support Matrix
Feature API/Proxy OneDrive SharePoint OWA Azure Yammer
Visibility
Usage Analytics NA GA GA - - GA
Coaching NA GA GA - - GA
On-Demand Data Scan API Beta Beta - - CY’Q4
Threat Detection
Behavioral Analytics Either CY’Q4 CY’Q4 CY’Q4 CY’Q4 CY’Q4
Privileged User Monitoring Either CY’Q4 CY’Q4 CY’Q4 CY’Q4 CY’Q4
Geo-location Analytics Either CY’Q4 CY’Q4 CY’Q4 CY’Q4 CY’Q4
Activity Monitoring Either CY’Q4 CY’Q4 CY’Q4 CY’Q4 CY’Q4
Compliance
Cloud Data Loss Prevention* Either CY’Q4 CY’Q4 - - Beta
Policy Violations* API CY’Q3 CY’Q3 - - CY’Q3
Closed Loop Policy Enforcement* API CY’Q4 CY’Q4 - TBD
Integration with Enterprise DLP API Beta Beta - - CY’Q4
Internal & External Collaboration API CY’Q4 CY’Q4 - - -
Secure Collaboration API CY’Q3 CY’Q3 - - -
Data Security
Contextual Access Control* Proxy Beta Beta Beta - Beta
Adaptive Policies Proxy CY’Q4 CY’Q4 - - CY’Q4
Encryption* Proxy Beta Beta - - Beta
Rights Management System Proxy Alpha Alpha - - TBD
* Starred features represent new versions of features that already exist within the product today