The best ways to bridge the Office 365 security gap

by David Shephard, Vice President Sales Asia Pacific and Japan at Bitglass

As Microsoft’s Office 365 productivity suite continues to see mass adoption throughout the business world, IT leaders are becoming increasingly aware of the security challenges posed by cloud environments and easy access to corporate data from outside the corporate network.

 Rather than being chained to a desk or relying on a company-issued laptop, employees are free to work the way they want. Given this newfound flexibility for employees, IT leaders are quickly realising that security strategies and practices that worked in an on-premise world are no longer effective.

A shared responsibility

When an organisation adopts Office 365, the task of IT security becomes a shared exercise. Microsoft takes responsibility for security of the application, servers, and network infrastructure while the enterprise retains responsibility for end-user devices, data protection, and identity management.

This shared model requires something of a balancing act from every organisation’s IT team. While IT still has some visibility over corporate data, it is not as extensive as it was when that data was being stored on-premise. Every enterprise that deploys cloud must find a solution to manage user access and prevent unauthorised activities.

Key security components

Comprehensive security for SaaS apps like Office 365 requires a strategic approach that encompasses the cloud platform, endpoint devices, user access, and user identity:

  • The cloud platform is the data-at-rest in an application. Unfortunately, though, app vendors provide limited in-app visibility and no cross-app visibility.
  • Endpoint device management is a critical component of an organisation’s security as employees turn to personal BYO devices to access the cloud. IT needs a way to securely enable access to the cloud from these unmanaged devices without imposing unnecessary restrictions on employees.
  • Secure and straightforward user access is vital for the business benefits of the platform to be realised. Policies and tools should be in place to control access to authorised parties.
  • User identity management techniques for apps like Office 365 must prevent all unauthorised accesses and should adhere to identity best practices. Where tools like single sign-on are the norm on-premises, a similarly full-featured solution should be used in the cloud.

Native Office 365 capabilities

While Office 365 does provide some of these security components, there are many gaps that need to be addressed and managed.

One is the BYOD ‘blind spot’ as platforms like Office 365 have not been designed to manage the security of data stored on personal devices. There is also high operational overhead involved in implementing the platform’s native security measures as it is complex to configure and maintain.

Deployment can also be difficult as Microsoft’s endpoint security solutions must be installed on each device and require regular updates.

Finally, Office 365 doesn’t provide any protection for other cloud apps that might be in use within the organisation, which means a separate solution will need to be found for all other cloud apps.

Read more: Microsoft takes on Gmail: pay for Office 365 and you and four Outlook users get more security, no ads, and a 50 GB inbox

The benefits of next-gen cloud access security brokers

Organisations are finding that making use of a cloud access security broker (CASB) is the best way forward. These emerging next-gen solutions deliver cross-device and cross-application security and real-time data protection. They also limit high-risk activities such as external file sharing and unmanaged access.

A CASB works by using a combination of proxies and APIs to intermediate traffic between users and the applications they are accessing. Where a user attempts to log into a corporate cloud application, they are automatically redirected through the CASB proxy which can manage their access and usage.

The CASB can also continually monitor the flow of data for granular visibility into user accesses and activity involving sensitive regulated data. This ensures that an organisation is able to enforce policies around data access and use, even where BYO devices are used.

By taking advantage of a Next-Gen CASB, an organisation can enjoy the significant business benefits offered by Office 365 with confidence that important data remains secure at all times.

Tags IT LeadersOffice 365Bitglass

Show Comments