The IT community has come full-circle on security in the cloud. A few years ago, any IT professional would have shuddered to imagine storing information in someone else’s data center. Today, cloud and hybrid IT are facts-of-life for many businesses.
Cloud solutions like Office 365 (O365) have made huge strides in the security features included “out-of-the-box.” But having built-in tools available is one thing – ensuring they cover the full breadth of your security needs is another.
Filling the gaps across a whole suite of O365 applications may require third-party providers to reinforce native security. In fact, Gartner predicts that by 2020, 50% of Office 365 deployments will need to involve other vendors to enforce their security policies.
No IT professional wants to compromise their data. To safeguard your O365 deployment, you’ll need to pinpoint the areas where its native capabilities fall short of your needs. Then, determine where third-party products can shore up your defenses.
In our latest Spiceworks video meetup, we discussed Cisco’s cloud security and its ability to enhance Office 365’s built-in security tools. Here are the highlights with the key recommendations.
What to Do When “Built-in” Security Leaves You Exposed
There’s no doubt Office 365 offers great advantages to any organization. But it’s important to recognize its security features more as a set of tools than a security blanket.
For Alex Brothman, CIO of Gemini Diversified Services, a medical credentialing company, O365 has provided a means to decommission many services they were still running on-premises. It has also enabled his small-scale IT shop to introduce solutions that would have been too complex or expensive to implement otherwise.
Yet on the security front, he finds O365’s built-in tools don’t quite tick all their boxes. “By no means does it constitute ‘security-as-a-service’,” says Brothman. “Having those tools in place doesn’t guarantee they’re doing everything you need.”
Most services are there, he explains, but they’re passive. “You need to do the work to get them working.” In other cases, the O365 suite’s more advanced capabilities come at higher pricing tiers. To round out their security coverage, organizations like Brothman’s look to third-party solutions.
“Security is all about layers – double-checking and triple-checking,” mentions Sean Erhard, Head of the Advanced Threats Group for Cisco. “You never rely on just one thing.” Instead, security admins should incorporate continuous analysis based on inputs from different sources. In many cases, advanced security solutions from Cisco add powerful capabilities in remediation after-the-fact.
For example, O365 conducts an initial scan of incoming email and this catches a lot of potential threats. “But Cisco Cloud Email Security doesn’t stop there,” says Erhard. “You’re able to use the power of the cloud to keep hunting for malicious attachments missed by the initial 1-millisecond scan.”
At the same time, Cisco Endpoint Security brings a 30-day recording of every endpoint in the cloud. This is possible thanks to a team of 300 analysts who detect attackers. “You can get huge advantages by moving to the cloud, but you have to do it in the right way.”
For Better Protection, Consider a Cloud Access Security Broker
Office 365 components like SharePoint and OneDrive are huge repositories of data. For IT professionals, controlling who and how they access that data is top priority.
The threats are everywhere. User error and inadequate communication on security policies are common culprits. For example, many applications ask users for “high-risk” permissions. “Users think ‘oh well, it’s work-related’ and click the link. Now the app has access to way more than it needs – like file or email access,” says Chris Martin, Softchoice’s Cisco Practice Lead.
Email remains king among attack vectors and is responsible for over 80% of breaches. Malicious attachments and stolen credentials are the weapons of choice. “When one of your executives starts blasting spam because their account’s been compromised – that’s something IT has to fix right away,” adds Martin.
The ubiquity of Office 365 makes it an attractive target for attackers. The suite does come with native antivirus and malware protection. But Sean warns against relying on these alone, since they often fail to detect threats before they’re downloaded. Cisco cloud security extends the work of these native tools, adding another layer of protection. It also shifts much of the “heavy lifting” from your IT department to the cloud, says Martin.
To ensure consistent security across O365, Martin recommends a cloud access security broker (CASB) such as Cisco CloudLock. “It’s easy to send out an email with a share link. But how do you know who is accessing that data?”. To help answer this question, CloudLock monitors access activity across the O365 environment. It also flags changes in behavior that may signal malicious intent.
But the most exciting development in security is around user impersonation, says Martin. Security admins spend much of their time responding to incidents, in addition to their regular duties. This lack of time limits their ability to detect anomalies – until it’s too late.
Cisco cloud security normalizes the profile of a given device, he explains. The solution automates the analysis of every activity from the profile to detect changes. It’s designed to flag anomalies that may go unnoticed by human observers, such as changes in the exact time or size of data transfers. “If the system beacons out for updates every day at noon, then one day it changes to one o’clock – nobody’s going to notice that,” he explains.
“But if you’re impersonating another user, you’re going to be accessing data from the web differently, and the CASB will detect it.”
Ensuring Protection Doesn’t Impede Productivity
While data protection is critical, many O365 deployments succeed or fail on another measure – user adoption. IT departments feel the pressure to ensure security doesn’t slow users down or impact their productivity. Striking the right balance is a challenge. But Martin also calls for IT professionals to be realistic. “We’re not going to control shadow IT anymore,” he says. “How can we reduce the risk to our corporate IT, assets and users and not step on their toes?”
To address the problem, organizations could onboard a SIEM (Security Information and Event Management). This tool could flag risks with minimal interruption to users, he suggests. Meanwhile, Brothman’s organization, Gemini Diversified Services, experienced hiccups when implementing MFA (Multi-Factor Authentication) as part of the cloud transition. “Users griped,” he mentions. “But security is so important that small hiccups can’t be something that prevents it.”
IT also faces a challenge in averting security infractions without shutting users out, argues Martin. “IT often comes back with the response of ‘you shouldn’t have done that’”, he explains. But IT is better served by the clear communication of security policies – and the reasons behind them. “We want to attract the best and brightest in the new generation of the workforce,” he contends. For users, being disconnected without knowing why can be very troubling.
In response, Martin says Cisco has acquired Duo, a leader in the access space. Instead of disconnecting affected users outright, the technology emphasizes a measured response to incidents. Rather than instant excommunication from the cloud, the solution imposes gradual limitations as it assesses the threat.
It also makes the user a participant in the process, serving notice as soon as it detects a threat.
“Rather than reporting a ticket or finding out after-the-fact, the system notifies and involves the user right away”, Sean says. “We notice that being part of the process from the moment of detection is appreciated by users”.
Cloud without Compromise
Office 365 may be the world’s most-adopted cloud service. But this application suite alone may not meet 100% of your security needs. With advanced security capabilities from Cisco, you can take full advantage of O365 knowing your data is safe.
To conclude, here are some final thoughts from our panel:
- Remember – no single tool will meet all your needs
- Start by hardening the areas that are most important to your organization
- Do anything you can do to simplify the lives of your security admins
- Know how your organization stores and accesses data – this is a common blind spot
- Understand that security is about layers and increments, rather than giant leaps
Have questions about enhancing your Office 365 with Cisco? Softchoice helps you to evaluate, implement and manage Cisco cloud security. Learn more in our Cisco showcase page.
If you want to watch the video meetup, click below to view the recording.