windows 10 and office 365: double trouble for …...private and confidential 2 windows 10 driving...

Private and Confidential

Windows 10 and Office 365: Double Trouble for Cloud Security?

Phil DiCorpo, Sr. Director, Product Management

Private and Confidential 2

Windows 10 Driving Office 365 Adoption

Windows 10’s universal app turns

any windows 10 phone or laptop

into a desktop

The only way to utilize

functionality is via

Office 365


Microsoft’s Office 365 Land-and-Expand has Begun

Migration from on-

premises Office

365 in the cloud

has just begun and

will continue to

grow rapidly


Microsoft Driving Adoption through Bundling

Office 365

automatically

enables OneDrive

for attachments

across all users


It’s Working – Office 365 Surpasses SFDC, Box, Google


Office 365 is Home to Business-Critical Data

Even in it’s early

stages, Office 365

is receiving

massive volumes

of corporate data


Sensitive Data within Office 365

Organizations are

storing highly

sensitive data

within

SharePoint and

OneDrive today


The Average Enterprise Collaborates with 72 Business Partners via OneDrive and SharepPoint

Enterprises are

connecting to a

large number of

partners,

customers, and

vendors via

Office 365


Users Store Their Corporate Passwords on OneDrive

Users are

uploading a

concerning

number of

documents that

expose their

organization to

risk


Visibility

Challenges

• Companies use an average of 57 file-sharing services

• Employees store sensitive data in Office 365

Security Requirements

• Which users are using high-risk unsanctioned services?

• Where is sensitive data stored in Office 365, and

who’s sharing with who?

IT Security Challenges for Office 365 Customers


Threat Protection

Challenges

• 85% of companies have insider threat anomalies

• 92% have employee credentials for sale


• How do we identify insider threats and compromised accounts?

• How do we monitor privilege access and track all user and admin activity for forensics?



Compliance

Challenges

• 17% of all files uploaded contain sensitive data

• 18% of files are shared with personal email addresses


• Are we in compliance with industry regulations and internal policies?

• How do we understand publicly shared data and restrict sharing to trusted business partners?



Data Security

Challenges

• Data protection/residency policies require encryption

• 94% of employees want access to cloud on mobile


• How do we encrypt sensitive data while preserving search?

• How do we support BYOD without putting sensitive data at risk?



The Cloud Needs a Control Point aka CASB

Data flowing to Shadow IT

Data flowing from Sanctioned Cloud

CASB


Gartner’s #1 security technology of 2015: Cloud Access Security Broker (CASB)


Addressing IT Security Challenges: Step 2 – Threat Protection

Enterprise Integrations Integrate with Firewalls – Proxies – SIEMs – AD – RMS – SSO – DLP – Key Brokers – CSPs

• Identify all users and groups for file-sharing and collaboration services

• Standardize and coach users to use Office 365

• Perform on-demand data scan to identify sensitive content

Visibility


Addressing IT Security Challenges: Step 2 – Threat Protection


Threat Protection

• Detect anomalous activity while minimizing false positives

• Identify and prevent data exfiltration via shadow IT • Log user activity and generate audit trail for compliance and forensics


Addressing IT Security Challenges: Step 3 – Compliance


• Enforce DLP policies to protect sensitive and regulated data

• Review DLP violations and take action with closed-loop remediation

• Enforce internal and external collaboration policies

Compliance


Addressing IT Security Challenges: Step 2 – Data Security


• Encrypt unstructured data while preserving critical functionality • Enable access and actions based on user, device, data, and location

• Increase authentication requirements based on anomalous activity

Data Security


My Call to Action – Help You Become an Enabler

“We have gone from CIO to CI-NO. I want to become the Chief Enabler for my business - Skyhigh lets me do that!” - Brian Lillie, CIO. Equinix

Start with Visibility – O365 Audit

1. Sensitive content in O365 (.PST, encrypted, password files)

2. Sensitive docs shared externally

3. Administrator setting report

4. High-risk behavioral anomalies

5. Actionable recommendations


Backup


Visibility Use Cases for CASB

Understand use and risk, enable services in demand

Usage Analytics




Usage Analytics

Standardize and coach users to sanctioned cloud

services

Just-in-time Coaching




Usage Analytics


services


Govern cloud usage; streamline cloud service

risk assessment

Cloud Governance




Usage Analytics


services


Perform on-demand scan to identify sensitive data in

sanctioned services

On-demand Data Scan

Govern cloud usage; streamline cloud service

risk assessment

Cloud Governance


Threat Protection Use Cases for CASB

Detect data exfiltration attempts via shadow IT

User Behavior Analytics for Shadow IT

Global Construction

Company





Global Construction

Company

Identify and prevent malicious or accidental

insider threats

User Behavior Analytics for Sanctioned IT





Global Construction

Company


insider threats


Detect compromised accounts and enable

stepped-up authentication

Geo-location Analytics





Global Construction

Company

Provide audit trail of all activities for forensics and

investigations

Activity Monitoring


insider threats


Detect compromised accounts and enable

stepped-up authentication

Geo-location Analytics


Compliance Use Cases for CASB

Enforce DLP to protect sensitive data and comply

with internal policies

Cloud DLP





Cloud DLP

Enforce DLP to comply with regulatory requirements (PCI,

HIPAA, etc.)

Industry-specific DLP Templates





Cloud DLP


HIPAA, etc.)


Deploy closed-loop remediation workflow with

enterprise DLP

Closed-loop Policy Enforcement





Cloud DLP


HIPAA, etc.)


Deploy closed-loop remediation workflow with

enterprise DLP

Closed-loop Policy Enforcement Collaboration Control

Enforce internal and external collaboration policies


Data Security Use Cases for CASB

Contextual Access Control

Enforce access control policies for

managed/unmanaged devices






Encrypt structured data while preserving functionality

Function-preserving Encryption








Encrypt unstructured data while preserving search

Search-Preserving Encryption








Encrypt unstructured data while preserving search

Search-Preserving Encryption

Protect intellectual property with digital rights

management

Rights Management System


Skyhigh Deployment Architecture

API

AD / LDAP

HSM via KMIP

SIEM

Reverse Proxy

Enterprise Connector

On-Prem DLP

Integrations

• Deployed in production and proven at scale at some of the world’s largest enterprises

• Enables both API- and proxy-based control as recommended by Gartner

• Enterprise connector deployed as a lightweight software application or VM available for installation on Windows, Linux, or Mac

On- and Off-

Network Users Partner and Customers


Visibility: Usage Analytics

• Identify users and groups using cloud-based file-sharing and collaboration services

• Understand the risk of each service based on 50+ attributes

• Eliminate the use of high-risk services through blocking and education


Visibility: Coaching

• Educate users on the risk of unsanctioned high-risk services

• Coach users over to Office

365 with just-in-time educational messages

• Reduce cost, lower risk and drive preferred behavior without creating help desk calls


Visibility: On-Demand Data Scan

• Examine existing content to identify sensitive data (PII, PHI, personal email folders, etc.)

• Identify documents shared

with personal email address • Identify content subject to

eDiscovery/litigation hold requirements


Threat Protection: Behavioral Analytics

• Leverage machine learning to detect insider threat stemming from inappropriate privileged access, excessive access, and data exfiltration

• Take into account the context of the user, application, data, action, device, and location

• Improve accuracy by leveraging comprehensive data models incorporating user behaviors across cloud services


Threat Protection: Privileged User Monitoring

• Audit administrative privileges across all users and identify dormant accounts and accounts not matching an AD user

• Edit permissions to provide appropriate levels of access for administrators

• Monitor all activities including escalation of privileges, user provisioning, and sensitive data access


Threat Protection: Geo-location Analytics

• Provide visualization and data on users accessing Office 365 from different geographies

• Leverage machine learning to detect compromised accounts

• Identify cross-region access indicative of impossible travel


Threat Protection: Activity Monitoring

• Provide audit trail of all user and admin actions for compliance and investigations

• Track over 85 actions using Office 365’s Activity Monitoring APIs

• Provide visibility into internal and external content sharing


Compliance: Cloud Data Loss Prevention

• Ensure compliance with PCI DSS, HIPAA, HITECH, GLBA, SOX, CIPA, FISMA, and FERPA

• Enforce granular DLP policies based on keywords, regular expressions, file characteristics, and user activity

• Utilize pre-built industry templates or leverage the investment made in on-premise DLP systems and workflow


Compliance: Policy Violations

• Review all policy violations via a consolidated interface

• Understand the severity and nature of each incident

• Respond efficiently to DLP, access, and collaboration policy violations from within Skyhigh or or feed incidents into an existing SIEM


Compliance: Closed-Loop Policy Enforcement

• Review policy violations with all key details to determine appropriate action

• Take action via alert, block, tombstone, or quarantine in response to DLP violations

• Leverage closed-loop remediation with enterprise DLP systems


Compliance: Skyhigh Integration with Enterprise DLP

Office Users

Mobile Users

Company

On-prem DLP

For those files that violate the DLP policy, Skyhigh can quarantine/tombstone the files in Office 365.

As new files are added/modified in Office 365, Skyhigh scans the files per the company’s DLP policy.

Skyhigh monitors Office 365 for content changes.

A list of Office 365 files needing additional examination by the on-prem DLP solution is sent to the on-prem Skyhigh Enterprise Connector.

The Skyhigh Enterprise Connector retrieves the files and passes them via ICAP to the DLP solution for further examination.

Enterprise Connector

BLOCK


Compliance: Internal & External Collaboration

• Identify all internal and external collaborators within a service

• Understand the details of sensitive data shared with each collaborator

• Identify risky external parties with

access to sensitive information


Compliance: Secure Collaboration

• Protect data by enforcing granular sharing permission policies based on domain whitelist / blacklist and the sensitivity of content

• Enforce policies seamlessly without impacting user behavior

• Notify users to facilitate ongoing education


Data Security: Contextual Access Control

• Enforce access control policies based on user, device, data, and geography

• Support BYOD and create separate policies for managed and unmanaged devices

• Define permissions to view, edit, and download based on context


Data Security: Adaptive Policies

• Create policies that adapt to context such as user reputation and data sensitivity

• Force additional authentication automatically based on policies

• Protect against insider threats and compromised accounts proactively


Data Security: Encryption

• Protect unstructured data with peer- and academia-reviewed encryption

• Preserve application functionality such as search

• Control your own encryption keys


Data Security: Rights Management System

• Protect Intellectual property using integrations with RMS systems

• Define an enforce a circle of trust for any given document

• Proven integration with Microsoft RMS


The Skyhigh Difference for O365

Proven Integration with Enterprise DLP

Large scale deployments and high availability with multiple Enterprise DLP servers

Granular closed-loop remediation

Support for SharePoint Online

Enables DLP, on-demand scanning, and activity monitoring

Supports selective monitoring of sites within SharePoint

Proven at Scale in Large Enterprises

Proven at large enterprises across 2M+ users

Deployed at enterprises with hundreds of thousands of users

Searchable Symmetric Encryption

Peer and academia-reviewed schemes that support ability to search encrypted files

Ensures security by keeping the search index encrypted

Multiple Modes of Integration

Supports both API- and proxy-based integration for flexibility and comprehensive policy enforcement

Patented SSO integration for transparent intermediation


Sample Skyhigh for Office 365 Customers

“Skyhigh helps us securely enable high-impact cloud services like Office 365 while ensuring data security and compliance with HIPAA and HITECH.” - Mark Dunkerley, InfoSec Manager, Adventist Health System


Skyhigh for Office365 Feature Support Matrix

Feature API/Proxy OneDrive SharePoint OWA Azure Yammer

Visibility

Usage Analytics NA GA GA - - GA

Coaching NA GA GA - - GA

On-Demand Data Scan API Beta Beta - - CY’Q4

Threat Detection

Behavioral Analytics Either CY’Q4 CY’Q4 CY’Q4 CY’Q4 CY’Q4

Privileged User Monitoring Either CY’Q4 CY’Q4 CY’Q4 CY’Q4 CY’Q4

Geo-location Analytics Either CY’Q4 CY’Q4 CY’Q4 CY’Q4 CY’Q4

Activity Monitoring Either CY’Q4 CY’Q4 CY’Q4 CY’Q4 CY’Q4

Compliance

Cloud Data Loss Prevention* Either CY’Q4 CY’Q4 - - Beta

Policy Violations* API CY’Q3 CY’Q3 - - CY’Q3

Closed Loop Policy Enforcement* API CY’Q4 CY’Q4 - TBD

Integration with Enterprise DLP API Beta Beta - - CY’Q4

Internal & External Collaboration API CY’Q4 CY’Q4 - - -

Secure Collaboration API CY’Q3 CY’Q3 - - -

Data Security

Contextual Access Control* Proxy Beta Beta Beta - Beta

Adaptive Policies Proxy CY’Q4 CY’Q4 - - CY’Q4

Encryption* Proxy Beta Beta - - Beta

Rights Management System Proxy Alpha Alpha - - TBD

* Starred features represent new versions of features that already exist within the product today

windows 10 and office 365: double trouble for …...private and confidential 2 windows 10 driving...

Documents