Add to collection(s) Add to saved
  1. No category
Uploaded by Ed Oteg

webcast

advertisement 
2016 Office 365 Security & Risk Benchmarks Report
John Pescatore, Director, SANS Institute
Brandon Cook, Sr. Director, Marketing, Skyhigh Networks
Private and Confidential
Agenda
• Housekeeping info
• Here’s what we will do
• 13:05 – 13:15 Securing Cloud Use – John Pescatore
• 13:15 – 13:30 Office 365 Adoption and Risk Stats – September 2016
• 13:30 – 13:45 Case Study - Western Union’s O365 Security Blueprint
• 13:45 – 13:55 Q&A
Thanks to our sponsor:
Q&A
Please use GoToWebinar’s
questions tool to submit
questions to our panel.
Realistic View of Cloud Risks
•
TSO was a cloud. ISPs were the cloud.
•
Outsourcing is outsourcing.
•
The use of a shared infrastructure is the major issue
•
The loss of transparency and visibility is an outsourcing
phenomenon
•
Separation of duties, change control and data leakage are the
major risk areas
•
Security controls and policies need to be extended to include
cloud services.
•
The biggest risk is the need to change business/mission
processes to match.
Follow the Money – Most Are Already Using a Cloud
Service
NIST Reference Architecture
CSA Reference Architecture
Hierarchy of Security Needs
•
•
CYA
•
Audit/certification
•
Someone else is using it
Visibility
•
Address lack of control and abundance of promises/claims
•
Early warning if something is going wrong
•
Extension of existing security controls
•
Testing of new approaches
•
Go back to CYA
Three Styles of Securing Public/Private Cloud
Low
• Security built into
cloud is used
Public
Cloud
Security "Pressure"
Medium
High
•Third-party security
running in cloud is
used
•Security is
performed outside
the cloud
•Custom/industry
security assessment
•No trust of the
cloud
•Security built into
VM is used
•Third-party security
running on VM is used
•Accept vendor
security claims
•Certification/
accreditation of
system
•Security is
performed outside
the VM
• SSAE 16 sufficient
• ISO 27001/2
• FISMA/FedRAMP
Private
Cloud
High
Trust of the Cloud
•Security product
certification
Low
Best Practices in Security Sensitive Sectors
 Security architecture for VMware/virtualized data centers
 3rd party trust processes updated (or created…) to deal with SaaS
 Email SaaS and CRM SaaS usually the “camel’s nose under the tent”
 When Dev/Test tries IaaS, security architecture adapted to cover hybrid
cloud
 Where are you on BYOD CYOIT and IoT?
Massive Migration to the Cloud
Shadow
Sanctioned
IaaS
Permitted
Apps & Data
Unmanaged Remote
On-Premises
Customer / Partner
Private and Confidential
11
CASB Provides a Single Control Point for All Cloud Apps - All Users
- All Devices
Shadow
Sanctioned
IaaS
Permitted
CASB
Unmanaged Remote
On-Premises
•
CASBs enforce security policies
consistently across multiple cloud
services
•
CASBs extend existing security
capabilities to the cloud (DLP, Access
Control, Activity Monitoring, Encryption)
Customer / Partner
Private and Confidential
12
Bottom Line
 There are no immovable objects for business use of cloud services
 Security built into virtualization and cloud is a key piece of solution, not entirety
 There is no such thing as using only one cloud service
 Security policies need to be extended to cloud services.
 Mobile and IoT are cloud first
O365 Usage – September 2016
Private and Confidential
14
Hard Data on SaaS Usage
Anonymized
usage data
30+ million
users
600+ companies
across 28 industries
78 countries
worldwide
20,000+ cloud
services analyzed
15
O365 Adoption vs Usage – It’s Just Starting
• Penetration rate of
Office 365 in the
enterprises has
increased from 87.3%
to 91.4% in 9 months
• But, active usage has
tripled in same time.
• Growth driven by
pricing model and new
features
16
O365 Utilization by App
• OneDrive is top app
(bundled with Office
and Exchange Online)
• Exchange Online
utilization still
relatively small
17
Office 365 Now World’s Most Popular Enterprise Cloud Service
18
O365 Usage by Industry
19
Office 365 is Home to Sensitive Data
17.4%
Of files in OneDrive
and SharePoint
Online contain
sensitive data
20
Collaboration within O365 (OneDrive, SharePoint) is Growing
37.2% of O365
files are shared
today
21
Sensitive Data Shared Externally
9.2% of Externally Shared Docs Contain Sensitive Data
22
23
O365 Data Under Siege
24
Case Study - Western Union’s O365
Security Blueprint
Private and Confidential
25
“Western Union Information Security Enablement Program”
Goal = Enable secure, user-centric solutions that drive productivity
Protect & Simplify Data
Protect & Simplify Access
WISE has a specific “Cloud Security” Component
Compliance (PCI-DSS), data
security driving use cases
Info Sec owns the project
and deployment
Private and Confidential
Started with Shadow IT
and Saleforce, Office 365
and others
27
Western Union’s 8-Step O365 Security Journey
Define core
security
and
compliance
use cases
Research
native
O365
capabilities
Determine
where 3rd
party
solutions
are needed
Discover
existing
cloud file
sharing and
collab
usage
Create
governance
policies
and cloud
service
categories
Private and Confidential
Consolidate
and
enforce
DLP
policies
Access
Control and
RMS
Protect
against
data
threats
28
Step 1: Defined Core Office 365 Security Use Cases
Visibility
•
•
•
Identify all users and
groups for file-sharing
and collaboration
services
Standardize and coach
users to use Office 365
Identify sensitive
content in SharePoint
and OneDrive
•
Detect compromised
accounts for Exchange
Online, SharePoint,
OneDrive
•
Identify potential misuse
•
Log user activity and
generate audit trail for
compliance and forensics
Data Security
Compliance
Threat Protection
•
Enforce DLP policies to
protect sensitive and
regulated data
•
Enforce DRM policies for
sensitive data in O365
applications
•
Review DLP violations and
take action with closedloop remediation
•
Enable access and actions
based on user, device,
data, and location
•
Enforce internal and
external collaboration
policies
•
Increase authentication
requirements based on
anomalous activity
Private and Confidential
29
Step 2: Started Journey with a Healthy Dose of Research
Private and Confidential
•
Investigated native controls
offered by Microsoft and others
•
Traded information with other
IT Security pros in his network
•
Identified capability gaps that
needed to be filled for broad
deployment
30
Step 3: Determined a Cloud Access Seurity Broker (CASB) was needed
"CASB is a required security platform
for organizations using cloud services.”
"Security leaders should deploy CASB
for the centralized control of multiple
services that would otherwise require
individual management.”
Private and Confidential
31
CASB Deployment Architecture
Reverse Proxy
API
CASB
Required Integrations
Partner and
Customers
On- and OffNetwork Users
On-Prem
DLP
Private and Confidential
HSM via
KMIP
SIEM
AD /
LDAP
32
Step 4: Identified and then Consolidated File Sharing and
Collaboration Services
Private and Confidential
•
Over 2,000 services used, 50
in collaboration
•
Proxies were missing over 50%
of cloud services
•
SharePoint growing virally
33
Step 5: Created governance policies and cloud service categories
Denied
30-60%
Permitted
20-40%
Approved
10-20%
34
Step 6: Enforced Broad/Specific DLP Policies for SharePoint & OneDrive
CASB monitors Office 365 for content
changes.
Company
As new files are added/modified in Office
365, CASB scans the files per the
company’s DLP policy.
Mobile Users
A list of Office 365 files needing additional
examination by the on-prem DLP solution
is sent to the on-prem Enterprise
Connector.
Office Users
On-prem DLP
The CASB retrieves the files and passes
them via ICAP to the DLP solution for
further examination.
BLOCK
CASB
Enterprise Connector
Private and Confidential
For those files that violate the DLP policy,
CASB can quarantine/tombstone the files
in Office 365.
35
Step 7: Access Control and Integration with Microsoft RMS
Private and Confidential
•
Protect Intellectual property
via access control policies
for unmanaged devices
•
Integrate with RMS systems
to define an enforce a circle
of trust for any given
document
36
Step 8: Protected Against Insider Threat and Compromised Accounts
Private and Confidential
•
Provide audit trail of all user
and admin actions for
compliance and
investigations
•
Track over 85 actions using
Office 365’s Activity
Monitoring APIs
•
Provide visibility into
internal and external
content sharing
37
How do I Start?
O365 Audit Report
Email: brandon@skyhighnetworks.com
1. Sensitive data in the O365(PII, PHI, payment data)
2. Sensitive docs shared externally
3. High-risk activities indicating insider threats or privileged
user abuse
4. Compromised account activity
5. Malware-infected files in O365
38
Resources
• SANS: https://www.sans.org/webcasts/archive/2016
• SANS CDI: https://www.sans.org/event/cyber-defenseinitiative-2016
• Skyhigh: https://www.skyhighnetworks.com/
• Questions: q@sans.org
• jpescatore@sans.org
Acknowledgements
Thanks to our sponsor:
And also to our speakers and to our attendees:
Thank you for joining us today
© 2016 The SANS™ Institute – www.sans.org
Related documents
ELEMENTS OF WEATHER SUMMARY
ELEMENTS OF WEATHER SUMMARY
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
Cloud Based Business Growth Support Processes
Cloud Based Business Growth Support Processes
Assignment 1
Assignment 1
Download
advertisement