Office 365 does not provide default visibility or audit logging of user activity, and certainly doesn't allow you to see across separate cloud applications. In other words, Microsoft won’t tell you that “Jenn” logged into your Salesforce.com account from San Jose, CA at 1:34pm and then 5 minutes later, “Jenn” logged into Office 365 from New York, NY. These are separate and distinct applications, but require consistent, cross- app visibility.
If you are in healthcare, financial services or any other highly regulated industry, visibility into employee activity is even more important, or you could risk operating out of compliance with regulations like HIPAA and PCI.
SOLUTION: CLOUD ACCESS SECURITY BROKER (CASB)
Complete visibility into corporate activity for Office 365 is more easily achievable than you think. When you implement a Cloud Access Security Broker, all data from Office 365 flows through a proxy. Since the CASB proxy sits in the data path, it has visibility into all data flowing through it. Any suspicious activity that takes place is then flagged, and an alert is automatically sent to your IT security team
Pro Tip: For many organizations, Office 365 is one of the first applications deployed as part of a “cloud first” strategy. Note that not all CASBs support all applications. When selecting a vendor, ensure that the CASB chosen supports not only your current applications, but cloud apps you expect to deploy in the future.
Stay tuned to find out more about Securing Office 365, and don't forget to subscribe to the blog to get new posts in your inbox!
To help provide more color on Office 365 security challenges, we have created The Definitive Guide to Office 365 Security. We're providing the entire document via a series of posts on this blog. Of course, if you binge watched all of Game of Thrones on Netflix in one sitting, you might want to binge-read the Definitive Guide by "streaming" it to your device right here.