Posted: 4 Min ReadProduct Insights

Office 365 Brings its Own Set of Challenges to Data Protection

Responsibility for data protection heightens when data enters the cloud

When data leaves the corporate perimeters and is shared in cloud applications, like Office 365, organizations remain responsible for its security, and must provide the same level of protection as within their managed environments. The cloud infrastructure makes the data protection task harder because organizations don’t own or manage the cloud infrastructure or its security postures. But, while the cloud presents its own challenges that must be specifically addressed, Office 365 is also just a new place where data can both reside and get lost, same as with other cloud channels and on-premise systems like networks, endpoints, and storage. If you have data protection controls and policies in place that work for your existing channels, and now you intend to extend into cloud applications like Office 365, then these five recommendations may save you from an epic fail:

  1. Data protection requires an enterprise-wide comprehensive approach. Single point protection is not good protection. Office 365 is one of the numerous outlets where data can get lost or exfiltrated, and the reality is that malicious actors are likely to try alternative methods if their initial attempt fails. Locking down O365 applications and email can be totally useless if data can be taken via USB, via a shadow application, or via a personal device. Data protection needs to encompass every platform and every possible egress point, such as emails, networks, roaming endpoints, storage systems as well as cloud. Independence from a specific computing platform, device, or OS is part of a sound comprehensive approach.
     
  2. Make data protection a top priority. A good enough approach is just as bad as it sounds. It may save money and time initially but it becomes very expensive in the long run when an organization suffers a painful data breach and all the consequences that come with it: affected brand reputation, financial responsibilities, and high fines due to compliance loss.
     
  3. Protect your critical content in its every form. You can’t protect what you don’t see, so visibility is an extremely important step to data protection. Structured and unstructured data, even content embedded in pictures, needs a data protection system that leverages advanced auto-discovery capabilities such as fingerprinting technologies, machine learning, and OCR that are found in highly reliable data loss prevention systems. To minimize false positives, the detection capabilities need to work in concert and take human input into account in the classification process of sensitive corporate data. Relying solely on your employees to classify data, no matter how much they are trained, is a dangerous approach.
     
  4. Bad emails come in and good emails go out. In Office 365, email security must be a two-pronged mission to both safeguard users from inbound email threats and protect sensitive outbound emails from ending up in the wrong hands. Modern email threats such as credential phishing, ransomware, and business email compromise can only be stopped with advanced, multi-layered detection and strong isolation of threats. On the other end, not all outbound sensitive emails must be blocked, for example, when they involve partners and customers. Sensitive emails and their attachments should be flagged by DLP on the fly and automatically protected with persistent encryption and digital rights in order to ensure that only trusted recipients can open them.
     
  5. Disjointed data protection solutions and point controls cause unnecessary overhead. A data protection system for Office 365 that is disconnected from the rest of the enterprise infrastructure means separate sets of policies to manage and different consoles. Additional alerts to triage, security gaps, and false positives due to lack of context compound the risk. It’s important to seek a platform approach for all data channels with native integrations among different protection controls, such as DLP, data classification, cloud access security brokers, email security, encryption, proxies, and authentication. A single platform delivers end-to-end data protection with consistent protection everywhere data resides, one set of policies and one console. Such an approach dramatically minimizes operational cost, reduces false alerts, provides context for data violations everywhere the data travels, and helps discovering anomalous user behavior across multiple vectors.

When data leaves the corporate perimeters and is shared in cloud applications, like Office 365, organizations remain responsible for its security, and must provide the same level of protection as within their managed environments.

According to Symantec’s 2018 Internet Security Threat Report, 90%of targeted threats still seek to identify and steal organizations’ sensitive information. Sensitive corporate information can be exposed in Office 365, and other cloud platforms like it. For example, say an organization sends an encrypted email to a third party with pre-release notes for a product launch. Normally, the visibility on the security of the email ends when the decryption key is provided to the recipient. Today’s data protection requires more. Persistent encryption and identity-based digital rights protect and track an email, and its attached documents, everywhere, making sure only the intended authorized recipients can open it.

Organizations must seek a powerful information-centric security approach via a cohesive platform that uniformly helps track and protect all their data whether it is at rest or in transit, on-premises or in the cloud, like in Office 365. With a single management console and one consistent set of policies, risk is managed, operational cost is minimized, security gaps are filled – all thanks to the visibility and context for data violations monitoring user’s risky behavior everywhere.

Click Here to watch our Data Protection for Office 365 demo to learn:

  • How to auto detect and protect sensitive data shared through Office 365 applications.
  • How to safely share data with third parties outside of your Active Directory environment.
  • How to maintain consistent visibility & identity access control of your data.

Learn more about Information Centric Security

Learn more about Data Loss Prevention

About the Author

Carmine Clementelli

Senior Manager of Product Marketing

Carmine Clementelli is a security expert and Senior Manager of Product Marketing for Data Loss Prevention, User and Entity Behavior Analytics, and Information Centric Security products at Symantec.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.