State of Office 365 Adoption & Risk A Dive into the Data
Jim Reavis, CEO, Cloud Security Alliance Brandon Cook, VP, Marketing, Skyhigh Networks
Q4 2016 Office 365 Usage and Risk Report
Brandon Cook, Skyhigh Networks
Hard Data on O365 Usage
Anonymized usage data 30+ million
users
78 countries worldwide
600+ companies across 28 industries
Office 365 Adoption vs Usage – It’s Just Starting
• Penetration rate of Office 365 in the enterprises has increased from 87.3% to 91.4% in 9 months
• But, active usage has tripled in same time.
• Growth driven by pricing model and new features
Office 365 Utilization by App
• OneDrive is top app (bundled with Office and Exchange Online)
• Exchange Online utilization still relatively small
Office 365 Now World’s Most Popular Enterprise Cloud Service
Office 365 Usage by Industry
Office 365 is Home to Sensitive Data
Collaboration within Office 365 (OneDrive, SharePoint) is Growing
37.2% of O365 files are shared today
Sensitive Data Shared Externally 9.2% of Externally Shared Docs Contain Sensitive Data
O365 Threat Funnel
Office 365 Data Under Siege
O365 Data Loss Scenarios
Leveraging CASBs to Address O365 Data Loss Scenarios Encryption
Leveraging CASBs to Address O365 Data Loss Scenarios
API controls (OAuth)
Encryption
Leveraging CASBs to Address O365 Data Loss Scenarios
Granular DLP on shadow cloud services
API controls (OAuth)
Encryption
Leveraging CASBs to Address O365 Data Loss Scenarios
User behavior, privileged user, and geolocation analytics
Granular DLP on shadow cloud services
API controls (OAuth)
Encryption
Leveraging CASBs to Address O365 Data Loss Scenarios
Device-based access controls
User behavior, privileged user, and geolocation analytics
Granular DLP on shadow cloud services
API controls (OAuth)
Encryption
Leveraging CASBs to Address O365 Data Loss Scenarios
Security Configuration audit
Device-based access controls
User behavior, privileged user, and geolocation analytics
Granular DLP on shadow cloud services
API controls (OAuth)
Encryption
Leveraging CASBs to Address O365 Data Loss Scenarios Collaboration
controls
Security Configuration audit
Device-based access controls
User behavior, privileged user, and geolocation analytics
Granular DLP on shadow cloud services
API controls (OAuth)
Encryption
Top 7 O365 CASB Uses Cases Ranked Ad
optio
n
1. Prevent unauthorized data from being shared externally 70%
2. Prevent high-value data from being stored in the cloud 65%
3. Block download of O365 data to personal devices 55%
4. Detect compromised accounts, insider/privileged user threats 40%
5. Capture an audit trail of activity for forensic investigations 30%
6. Prevent access to personal O365 instances 20%
7. Prevent proliferation of malware 15%
Guidance from the Cloud Security Alliance (CSA
Jim Reavis – CEO, Cloud Security Alliance
Awareness, Opportunism, Strategy in securing your Cloud experience • Visibility into cloud usage today and plans for tomorrow
Awareness, Opportunism, Strategy in securing your Cloud experience • Visibility into cloud usage today and plans for tomorrow • Data security: think about the entire data lifecycle and
address security in all phases
Awareness, Opportunism, Strategy in securing your Cloud experience • Visibility into cloud usage today and plans for tomorrow • Data security: think about the entire data lifecycle and
address security in all phases • Strong Identity & Access Management strategy
Awareness, Opportunism, Strategy in securing your Cloud experience • Visibility into cloud usage today and plans for tomorrow • Data security: think about the entire data lifecycle and
address security in all phases • Strong Identity & Access Management strategy • Due diligence with your providers
Awareness, Opportunism, Strategy in securing your Cloud experience • Visibility into cloud usage today and plans for tomorrow • Data security: think about the entire data lifecycle and
address security in all phases • Strong Identity & Access Management strategy • Due diligence with your providers • Understand how software development is different in cloud
Awareness, Opportunism, Strategy in securing your Cloud experience • Visibility into cloud usage today and plans for tomorrow • Data security: think about the entire data lifecycle and
address security in all phases • Strong Identity & Access Management strategy • Due diligence with your providers • Understand how software development is different in cloud • Learn about new "cloud-driven" security practices like
DevSecOps
Lots of free tools and research to make your transition easier • CSA Guidance, Cloud Controls Matrix, CSA
STAR and much more – https://cloudsecurityalliance.org/
• Get your CCSK & CCSP!
Questions?
Top Related