Back to blog

Managing Security in your Office 365 Environment: Part Two

Dec 7, 2016 by Emma Robinson

Are you really in control of your Office 365 security? Read part one of this blog series here.
The Importance of Monitoring
Microsoft’s recent blog on dealing with ransomware notes that a top priority for securing your organisation must be user awareness and education. All the firewalls and anti-virus tools in the world aren’t going to help protect you from poor security practice. This blog post will take a look at the trends and figures surrounding IT security practices, as well as how crucial continuous monitoring can be when it comes to protecting your Office 365 environment.
ClubCISO is a forum for EMEA chief information security officers working in public and private enterprises. It’s completely independent of vendors, and surveys its members annually to help them benchmark and compare their security postures. In the context of cloud services, like Office 365, ClubCISO’s most recent (2016) findings make interesting reading. For example:

So it looks like it’s not just front line staff that might need better awareness training.
Assuming you have all your anti-malware protection in place, you’ve developed watertight policies, and you’ve educated your users, how do you make sure everything is complied with? ClubCISO has another worrying statistic for us:
Only 12 per cent of the organisations surveyed manage compliance with information security policies by using continuous monitoring.
Interestingly, there is a difference between the way compliance is managed between geographies. In the US, for example, there’s a corporate perception that enforcement is key. In Europe – by way of contrast – the approach has historically been heavy on regulation (for example, GDPR) but light on enforcement. That’s reflected in ClubCISO’s survey, which indicates that businesses tend to react to incidents ‘after the horse has bolted’ rather than keeping a continual check on things.
As with so many things, a sensible balance between policy and enforcement is what’s needed.
Why Office 365 is great – and not so great – for monitoring security compliance
Compared with tracking user activity across multiple sites using traditional methods, Office 365’s built-in reporting provides a comprehensive solution. The trouble is that it can be almost too complex to help you manage compliance efficiently or to deal rapidly with a security situation.
It’s likely that your employees perform millions of actions on Office 365 every day. If an incident occurs and you’re tasked with finding out what happened, who was responsible, and what action needs to be taken, that can be like trying to find a needle in a haystack as the native Office 365 Audit Log shows you all your activity in one large, unwieldy view.
That’s where Cogmotive Discover & Audit can help. It helps you segment and visualise Office 365 activity easily, and using its advanced search capabilities, you can isolate events or threats for investigation. For example, has something happened to an important document in SharePoint Online? Quickly discover who viewed it, modified it or deleted it, regardless of location or device. In fact, Discover & Audit will help you identify the location, device and user, and pinpoint suspicious user locations and irregular sign-in activity.
With Discover & Audit, you can identify external attacks such as brute force password attacks or user credential leaks. You can produce an audit log of activity in Office 365 for a particular user (maybe someone who is leaving to work for a competitor), or a particular timeframe. And you can validate that your Office 365 security policies are working effectively. You can even create new policies based on real activity and vulnerabilities.
Discover & Audit – Audit Log: Is there activity on your Office 365 account from locations you don’t recognise?
Discover & Audit – Sign ins after Multiple Failures: Numerous failed sign-ins on this Azure AD could indicate a brute force attack (the screenshot above has been altered to make the user anonymous).
Office 365 is good for security
Think back to our previous blog, and the Cerber attack we talked about, it’s clear that any local files and shares would be the most vulnerable to rapid infection once it’s triggered. That’s not necessarily the case with cloud resources, and in any case you’re likely to be able to recover files more easily from OneDrive and SharePoint Online. Suddenly, the cloud seems a much more attractive option.
If your policies and user education programmes are up to scratch then Office 365 provides all the tracking and auditability you should need. Discover & Audit then enhances that capability by making reporting and monitoring easier, faster and more efficient.
Want to find out more about Discover & Audit? Read more about what the solution can do here, or sign up for a free 14-day trial.
Cogmotive is the leading global provider of enterprise level reporting and analytics applications for Office 365. Find out more now.