Post on 13-Apr-2017
Office 365 Security - How to Secure Access Control in Office 365 EnvironmentsHow to mitigate risks in a complex Hybrid Directory environment
Confidential2
oMarket Trendso Infrastructure security challengesoThe solution
Agenda
Market Trends
Organizations have used AD to authenticate since 2001
2003
2013-TODAYOrganizations begin taking the cloud seriously
2007Collaboration heats up
2009Server 2008R2 -new forest level
2001AD replaces NT
2008Add new resource forest for security
2010Upgrades, M&As,BYOD, security risks
TODAYFuture-ready Windows Infrastructure
2004Email is now business critical
Office 365 adoption is growing rapidly
22 million consumers ( 55% YOY growth from 12.4 M) and 70 million commercial customers who have active Office 365 subscriptions.
In the commercial segment, Office 365 had a 57 percent month-over-month jump in the latest 2016 quarter
Year over year growth about 1 million subscribers a month adopting O365
Audience Poll – Office 365 Adoption
Confidential7
• Reduce infrastructure, licensing and maintenance costs eliminating on premise infrastructure and finding storage efficiencies
• Empower workforce to operate from anywhere from any device
• Increase scalability and business continuity
Why do organizations move to the cloud?
Confidential8
Why do organizations move to the cloud?
• Office 365 *requires* an Azure AD instance
• Azure AD provides the Directory Service for Office 365 applications
• Azure AD integrates with on-prem AD creating a HYBRID Directory environment
Hybrid Environment: Azure AD Connect Synchronization Workflow
9
Confidential10
Summary: How Hybrid Directory was ‘created’
90% of Companies use AD-On prem
O365 Adoption Growing at %70 YoY
AAD has over 10M tenants
75% of Orgs. > 500 users synch on-prem
AD AAD
How important is protecting on-prem AD resources?
75% of enterprises with more than 500 employees sync their on prem. AD accounts to AzureAD/O365 (AD on prem. is authoritative)
Hybrid Directory Security Challenges
What is the surface attack area? AD On prem
Active AD licenses
500Million
Companies using AD to authenticate
90%
95 million of those accounts are under attack every single day (Microsoft )
Daily Authentic-
ations
10 Billion
Accounts under
attack each day
95 Million
What is the surface attack area? Azure AD
Number of Azure AD accounts
Number of Azure AD tenants
Microsoft’s user identity management systems, process over 13 billion login attempts, over 10 million (per day) of these logins are cyber-attacks
Dailylogons
MS Cloud daily
Cyberattacks
10 Million
700 Million
1.3 Billion
10 Million
Business challenges
• Data Exfiltration• Insider threats• Compliance Failures• Prolonged Operational Downtime • Revenue loss due to downtime,
loss of productivity and potentially fines
• No Permission Baselining• No automatic remediation• Lack of Detailed auditing• Labor-intense/error-prone• Lack of granular delegation• Disjointed administration• Manual DR Processes
Technical challenges
Dangers and pitfalls if you don’t secure AD on-prem
Hybrid Directory Challenges faced by businesses
What’s the solution?
Quest Software AD Security Lifecycle Methodology
Continually Assess
• Who has access to what sensitive data and how did they get that access?
• Who has elevated privileged permissions in AD, servers and SQL DBs?
• What systems are vulnerable to security threats?
Detect and Alert
• How will I know if any suspicious privileged account activities have occurred?
• Have any changes occurred that could be significant of an insider threat?
• How will I know, quickly, if an intrusion has happened?
• Could we be under brute-force attack right now?
Remediate and Mitigate
• Is access control allowing those whitelisted in and blacklisted out?
• Do my users have the lowest level of user rights possible to do their jobs?
• Are my sensitive resources protected?
• How much time will it take me to manually remediate unauthorized changes?
Investigate and Recover
• How can I be sure that ‘it’ doesn’t happen again?
• How can I test my business continuity plan without going off line?
• How long will it take us to recover from an AD security incident, manually?
• What is my AD RTO after a disaster?
• Can I secure access to my DC before next time?
Active Directory Security Suite componentsIT Security Search & Recovery Manager FE• Investigate AD security Incidents
• Continuously test your AD business continuity plan
• Recover from a security incident
• Improve your RTO after a disaster
• Secure access to AD DC data
Enterprise Reporter• Report on elevated permission in
AD
• visibility of open shares across servers
• Understand Which servers have vulnerable security settings
Active Roles & GPOAdmin• Enforce permission
blacklisting/whitelisting in AD
• Implement AD least-privilege access model
• Prevent unauthorized access to sensitive resources
• Auto-Remediate unauthorized activities
Change Auditor for AD• Detect suspicious privileged AD
activities
• Alert on potential AD insider threats
• Notify in real time of unauthorized intrusions against AD
• Detect and alert on brute-force attacks
Hybrid Directory Solution protects all the way around
Confidential24
• Organizations moving to Office 365 have real and significant security challenges around Active Directory
• On-premises AD remains the core of security even in a cloud/hybrid environment
• Quest offers the only end to end AD Security solution in the market
• Don’t let your on-premises AD be your Hybrid Achilles Heel!
Secure your Active Directory to Mitigate risk in O365
Confidential25
• OnDemand Webcasts:• Alvaro Vitta and Nathan O'Bryan MSFT MVP - by Redmond magazine: What you need to know about Active Directory Hybrid Governance• Alvaro Vitta and Sherwin McAdams of NIST - Hybrid Management Strategies for Securing a Hybrid Environment
Learn more today
Azure Active Directory and Office 365 Security - Don’t Let Your On-Premises AD Be Your Achilles Heel
Managing the Insider Threat with Active Directory Security