Office 365 Security: How to Safeguard Your Data
-
Upload
bitglass -
Category
Technology
-
view
192 -
download
1
Transcript of Office 365 Security: How to Safeguard Your Data
Office 365 Security How to safeguard your data
August 31, 2016
Greg Schaffer - Vice President, Chief Information Security Officer, FirstBank
• 25 years information technology and information security experience• Current: Chief Information Security Officer at FirstBank, the third largest
bank in Tennessee • Previous: Information security leadership roles
– Assistant Vice President for Network and Information Technology Security at Middle Tennessee State University
– Metro Nashville’s first Chief Information Security Officer.
Rich Campagna - Vice President of Products, Bitglass• 15 years infosec product management and marketing experience• Current: VP Products at Bitglass• Previous:
– Sr. Director, Products & Marketing at F5 Networks– Sr. Director, Product Management (SSL VPN, NAC, Mobile) at Juniper
Copyright 2016© www.securitycurrent.com 2
Today’s Presenters
How To Safeguard Your Data• Public cloud apps like Office 365 are being widely
adopted in every major industry• Security & compliance top of the list of concerns.• Webinar Goal: Provide practical cloud** security
advice that you can apply immediately in your organization.
– Top concerns– Mitigating controls– Peer examples**Focus on Office 365
Copyright 2016© www.securitycurrent.com 3
Cloud Service Provider
Opportunities
Flexibility
Expertise
CSP Attribut
esWhat They
Protect
What You Protect
Identify Gaps
Security Gaps
▪Role Changes and Terminations▪Controlling External Access▪Audits▪Incident Response▪Shadow IT
Copyright 2016© www.securitycurrent.com 6
Cloud Access Security Brokers - Benefits
▪Single Sign-on▪Authorization/Access Control▪Logging & Alerts▪Data Leakage Prevention▪Encryption or Tokenization
Copyright 2016© www.securitycurrent.com 7
Cloud Access
Security Broker -
Deployments
API
Proxy
STORYBOARDS
office 365 is the leading SaaS productivity suite:market share has tripled year over year
2014 2015
google apps office 365
other
16.3%
7.7%
76%
22.8%
25.2%52%
Source: Bitglass 2015 Cloud Adoption Report
Office 365 – Benefits the Business
▪Accessibility▪Hardware Provisioning▪Up Front Costs▪Resource Management▪Disaster Recovery
Copyright 2016© www.securitycurrent.com 11
Security and Accessibility
▪Not Mutually Exclusive▪Both Essential Business Requirements▪Intersection = Goal
Copyright 2016© www.securitycurrent.com 12
Office 365 – Security Benefits
▪Infrastructure▪Authorization▪Two-factor Authentication▪Business Continuity
Copyright 2016© www.securitycurrent.com 13
Office 365 – Security Challenges
▪Access Control▪End User Device▪Fine-Grained Access▪Audits and Logs▪Data Loss Prevention▪Complementary User Entity Controls
Copyright 2016© www.securitycurrent.com 14
Traditional Approaches to Security Challenges
▪MDM▪VPN back to corporate▪Federated Identity Management▪Private Cloud▪User Behavioral Analytics▪DLP
Copyright 2016© www.securitycurrent.com 15
How CASBs Can Help Office 365
▪Policy Enforcement▪Data Handling▪Data Loss Prevention▪Compliance▪Remote and Unmanaged Device Access▪Access Logs and Behavioral Analysis
Copyright 2016© www.securitycurrent.com 16
STORYBOARDS
secure office 365 + byod
challenge
■ Inadequate native O365 security■ Managed & unmanaged device access
control■ Limit external sharing■ Interoperable with existing infrastructure,
e.g. Bluecoat, ADFS
competition
■ Skyhigh, Netskope, Adallom
solution
■ Real-time inline DLP on any device■ Contextual access control on managed &
unmanaged devices■ API control in the cloud■ Discover data breach & Shadow IT
17
fortune 50 healthcare
company
STORYBOARDS
secure salesforce
+ office 365
18
challenge
■ Needed complete CASB for enterprise-wide migration to SaaS
■ Security for Office 365
■ Encryption of data-at-rest in Salesforce
competition
■ Skyhigh, Ciphercloud, Bluecoat Perspecsys, Netskope, Adallom, Salesforce Shield
solution
■ Real-time inline DLP on any device■ Contextual access control on managed &
unmanaged devices■ API control in the cloud■ Searchable true encryption of data in
Salesforce w/ full control of encryption keys
■ Discover breach & Shadow IT
major bank20k
employees$6T in assets
STORYBOARDS
secure google apps +
byod
19
challenge
■ Mitigate data leakage risks in move to Google Apps
■ Control sensitive data stored in the cloud
■ Limit data-access based on device risk level
■ Govern external sharing
competition
■ Skyhigh, Netskope, Cloudlock, Elastica/Bluecoat
solution
■ Real-time inline data protection on any device
■ API control of data in the cloud
media/tech18k
employees192
countries
STORYBOARDS
total data
protection est. jan
2013
200+ custome
rs
tier 1 VCs
STORYBOARDS
our solutions
cloud mobile discovery
CONFIDENTIAL - ISG
STORYBOARDS
total data
protection
outside the firewall
22