Raise your hand if your organization has either deployed Office 365 already, or is planning to in the near future. I bet you raised your hand. Microsoft has quickly become the 800 pound gorilla in the battle for cloud productivity dominance and shows no signs of slowing down.
On balance, this momentum is great, but if you're new to the public cloud, it can be daunting to prioritize the many security challenges that a complicated app like O365 brings. Unmanaged device access. External file sharing. PUBLIC cloud app! Storage for your organization's most sensitive data. Host for all of your email. Productivity application. This list goes on and on. You can't do it all at once, so where do you start?
A couple of years back, many organizations were fearful of anything "public cloud." Today, however, most enterprises have realized that Microsoft has more security personnel and budget, and therefore more ability to securely deploy and operate an application in the cloud than the enterprise can on premises. The challenge lies in the fact that while Microsoft might be able to operate the cloud securely, there is still the question of your enterprise using the cloud securely.
Fortunately, Bitglass has been able to help hundreds of enterprises go down the path of secure cloud usage, with Office 365 leading the way as the most popular application secured by Bitglass. At a certain level of scale, patterns emerge in the way that customers attack problems - patterns we can all learn from. In the case of Office 365, a majority of enterprises (across every industry) are starting their Office 365 security deployments by:
- Controlling unmanaged device access - a very common policy is to provide full access to Office 365 from managed devices (email, web, client apps), but more restricted access from unmanaged/BYOD devices (email, web, but no OneDrive sync client access). This helps these organizations strike a balance between access for employees and risk mitigation for the organization. BYOD access is available, but you don't have employees sync'ing 10GB of sensitive OneDrive data to grandma's unpatched home PC.
- Controlling external file sharing - many enterprises have OneDrive and Sharepoint licenses built into their Microsoft licenses, but have those services disabled. Why? The big bad share button, that's why. With cloud file sharing, it couldn't possibly be easier to "collaborate" a sensitive financial document right out the front door of the building. Organizations get a handle on this by using Bitglass to search OneDrive for data matching data leakage prevention policies, and then take action such as quarantine, notify, or block.
As their Cloud Access Security Broker deployment matures, we see the policies get more sophisticated, layering in cloud encryption, contextual multifactor authentication, rights management, data tracking, upload DLP, and more.
Whether you're in the early stages of Office 365 evaluation, or already starting to deploy, I'd urge you to reach out to us and learn more. In the meantime, learn how this Fortune 100 company uses Bitglass to solve the challenges outline in this blog post.