3. STORYBOARDS
office 365 is the leading SaaS productivity suite:
no signs of slowing down
2014 2015
google apps
office 365
other
16.3%
7.7%
76%
22.8%
25.2%52%
5. STORYBOARDS
a security balancing act:
empower users, maintain control
■ Visibility and control over corporate data in Office 365
■ Prevent unauthorized access
■ Limit external sharing
■ Restrict access on unmanaged devices
○ Managing OneDrive sync, access in risky contexts, more
6. STORYBOARDS
The real risk vector
■ In an increasing number of security
breaches, findings show that user
"error" is the root cause
8. STORYBOARDS
cloud:
protect data-at-rest in o365
■ External sharing opens the door to
unintended leaks
○ API-based controls can restrict sharing
of sensitive data
■ Encryption, when needed
■ User behavior analytics, logging
9. STORYBOARDS
mobile:
protect cloud data sync’d to ANY device
■ Employees have rejected MDM and MAM
■ Protect data sync’d/downloaded to user
devices
■ Allow different levels of mobile access
based on device type, user, etc.
10. STORYBOARDS
access:
native security provides limited visibility
■ More access, greater risk of data leakage
○ Granular access controls can limit risky
access
■ DLP is critical to securing sensitive data in
risky contexts
○ Complete security solutions should be
content-aware, apply DLP at access
11. STORYBOARDS
identity:
centralized identity management is key to securing data
■ Cloud app identity management should
maintain the best practices of on-prem
identity
■ O365 can identify some but not all high-
risk logins
■ Prevent use of compromised credentials
with cross-app IAM, step-up MFA
12. STORYBOARDS
cloud apps can be secure:
but will they protect everything?
enterprise
(CASB)
end-user devices
visibility & analytics
data protection
identity & access control
application
storage
servers
network
12
13. STORYBOARDS
■ BYOD blindspot - O365 DLP is not geared toward protecting data on BYOD
■ High operational overhead - Complex to configure and maintain
■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office 2016
on PCs
■ High cost - Must have top of the line license
■ Point solution - Support focused on Office 365, what about other cloud apps?
office 365 native dlp:
complex, costly, and doesn’t work across apps
15. STORYBOARDS
benefits of using a casb
o365 requires a new security architecture
■ Cross-device, cross-application agentless
data security
■ Real-time data protection
■ Limit high-risk activities like external file
sharing, unmanaged access
■ User behavior analytics
16. STORYBOARDS
managed
devices
application access mode data protection
unmanaged
devices &
mobiles
in the cloud
● profile-agent
● VPN+IP-restriction
● DLP/DRM/encryption
● Device controls, e.g PIN
● Agentless Selective wipe
● Client apps: allow/block
● OneDrive
● Sharepoint
● API
● Quarantine DLP
● Block external shares
● Alert on DLP events
office 365 use case:
real-time inline data protection on any device
Legacy Auth Apps
e.g Office 2010
● Full access
Modern Auth Apps
e.g Office 2013+
● profile agent
● VPN+IP-restriction
● certificates
● Full access
● Browser
● ActiveSync Mail
● Client apps
● Reverse-proxy + AJAX-VM
● ActiveSync Proxy
16
17. STORYBOARDS
client
■ 180,000 employees
■ Among the largest US healthcare orgs
challenge
■ HIPAA Compliant cloud and mobile
■ Controlled access to Office 365 from managed &
unmanaged devices
■ Control external sharing
■ Real-time inline data protection
solution
■ Real-time inline protection on any device
■ Contextual access control on managed &
unmanaged devices (Omni)
■ Real-time DLP on any device
■ API control in the cloud
■ Agentless BYOD with selective wipe
secure
office 365
+ byod
major
healthcare
firm
18. STORYBOARDS
secure
salesforce +
office 365
18
■ 20,000 employees
■ Global presence
■ $6T in assets under management
challenge
■ Needed complete CASB for enterprise-wide
migration to SaaS
■ Security for Office 365
■ Encryption of data-at-rest in Salesforce
solution
■ Searchable true encryption of data in Salesforce
■ Real-time inline DLP on any device (Citadel)
■ Contextual access control on managed &
unmanaged devices (Omni)
financial
services
client
what are your office 365 migration plans?
Already deployed
Deployment in progress
Plan to deploy in the next year
No plans to deploy O365
what are your office 365 adoption plans?
Already deployed
Deployment in progress
Plan to deploy in the next year
No plans to deploy O365
“By 2018, more than half of all bring your own device (BYOD) users that currently have an MDM agent will be managed by an agentless solution” - Gartner
what cloud security functions are most important?
Cross-app identity management
Access controls
Data leakage prevention
Data protection for cloud data sync’d to devices
Cloud encryption