In the Cloud, On the Ground: Securing Office 365 and Hybrid Environments

Written by

Within the last two decades, companies have spent billions, and more likely trillions, converting analog information to digital. At the same time, we’re producing data at rates few could imagine a generation ago. Now we’re generating and saving vast amounts of important data in the cloud, mostly within the Office 365 platform. 

With breaches and ransomware hitting the headlines, is all of your data – both in the cloud in Office 365 and on-premise – really safe?

Do you have a handle on your “dark data”?
Just like the final scene of Raiders of the Lost Ark, when a crate of priceless artifacts seems destined to be lost forever in a massive warehouse, companies have held on to so much data that they’ve lost track of what they have. 

“Dark data”— what Gartner refers to as enterprise information that’s collected and stored, but lacking in practical business value - is like the extra tools and supplies we squirrel away in the garage just in case we might need them someday. 

Companies are often reluctant to part with their dark data, but storing and locking down extra data can be risky: especially if it includes customer and employee PII and valuable intellectual property. Office 365 is part of dark data problem.

While about half of security pros believe their organization will face a major, disruptive attack in the next year, many enterprises focus on productivity without worrying whether their data is safe from hackers, insiders, competitors and even hostile nation states. 

Just like that junk drawer in your kitchen you dread opening, you’ve got to face reality to better protect your company from security threats. 

Your data is everywhere
If your company is like most, you’re storing sensitive information both on-premise and in the cloud via Office 365 and myriad cloud repositories. Imagine the globally accessible file shares, SharePoint sites, OneDrive folders and externally shared links. It’s a major risk. 


Your data is in danger of slipping through the cracks – hybrid environments create new security challenges and increase the risk of security incidents: As data flows between on-premise storage and cloud repositories like Office 365, IT must be able to answer fundamental data security questions about security and appropriate use. 

Isn’t Office 365 security enough?
Office 365 has native security features that provide some protection for data that remains within the platform and never leaves but in reality, data never rests. Office 365 is blind to data that resides on-premise. 
From a security standpoint, the platform’s native security cannot provide unified control for cloud and on-premise data - resulting in duplicate processes, applications, alerting, and reporting for hybrid environments.

It can be extremely difficult, or impossible, to quickly pinpoint which OneDrive folders, SharePoint sites, and Exchange mailboxes a user or group can access. It’s even harder to find at-risk data, identify sensitive folders and objects that have been shared externally, and remediate permissions that are no longer needed.

Cloud-centric security isn’t enough
To bolster security, companies are performing routine data-focused risk assessments, demanding more comprehensive security features from SaaS/IaaS vendors, and filling gaps with third-party security solutions. Cloud-focused security solutions try to answer some of these questions and address some of the associated security challenges. 

For example, cloud-access security brokers help quell unauthorized use of cloud services (shadow IT), block access to unsanctioned cloud apps, and prevent unauthorized data from external sharing. They usually operate in-line between users and cloud services as a forward and/or as a reverse proxy. 

While these functions are valuable, cloud-only solutions are blind to on-premise infrastructure, mostly blind to hybrid infrastructures, and lack advanced security features that enterprises have become accustomed to with best-in-class data-centric audit and protection products. 

Where do I start?
Companies that take the next step and automate retention and disposition policies for their files - automatically archiving and deleting what they don’t need - will be better protected from insider threats and cyber-attacks.

The consensus among analysts and security professionals is that to achieve maximum visibility and protection in Office 365, you must enhance Microsoft’s native capabilities using integrated security products - especially for hybrid environments. Here are some ways you can better protect your organization:

Plan for a hybrid future
While enterprises continue to adopt a cloud-first approach, business-critical applications will continue to be hosted on-premise for some time – it’s a walk not a sprint. Your security must address who’s accessing your data on-premise and in the cloud, and provide visibility to ensure that only the right people have access to data at all times, all use is monitored, and abuse is flagged.

Find Your Hidden Sensitive Data 
If your company relies on Office 365, you must determine where your sensitive data – what’s covered under GDPR, HIPAA, SOX, PCI-DSS, and other regulations - is located. You’ve got to flag it before you can protect it, remain compliant, and shore up defenses against data breaches. Microsoft’s built-in classification requires manual rule creation and tagging-which can be especially cumbersome in large environments - and won’t extend to on-premise data stores. Your security must provide context around the sensitive content so you can gain back control of your data. 

Beef Up Security
Microsoft provides basic (static) threat modeling, but the native tools lack in-depth context about the user behaviors across all products and can’t detect when accounts are exhibiting suspicious behavior on-premise. These native tools are no substitute for dynamic, behavior-based threat detection. If your security team is buried in false positives, bolster your security with advanced user and entity behavior analytics (UEBA) that’s capable of working across hybrid environments.

Reduce Risk and Achieve a Least Privilege Model 
Microsoft provides limited permission visibility and sensitive data discovery, doesn’t help prioritize remediation efforts, offers no way to simulate changes, and lacks centralized mechanism to make changes to both Azure AD group membership and container permissions. These limitations make it very difficult to get to and sustain a least privilege model. You must pinpoint and prioritize your biggest risks, whether they’re on-premise or in Office 365, and remediate them before they cause security concerns. 

Turn to Data Owner-Driven Access Governance
Involving data owners in the permissions review process is critical to sustaining a least privilege model. However, Microsoft does not make it easy to identify data owners in Office 365, and doesn’t involve them in critical access governance workflows, such as entitlement reviews. Automating your entitlement reviews and authorization workflows saves time, reduces IT burden, and helps you make better access control decisions.

What’s hot on Infosecurity Magazine?