Glass Class - Securing Office 365
Hi! My Name is Anurag Kahol. I'm the CTO at Bitglass. In this edition of Glass Class, we're going to talk about Office 365 Security. When you think of Office 365 Security, you can think of it in two aspects. One of the aspects is essentially usage of Office 365. What do you want to know about Office 365 at that point is: what are the types of files that are in Office 365? What are the sharing permissions on files in Office 365? Are there files which have DLP or sensitive content in them? On top of that, maybe there are files which are actually being externally shared which also have sensitive content in them which could be a policy violation.
All of these types of information are typically gathered using an API-type model where a CASB goes and crawls the Office 365 tenant and essentially gives you all of this information. Along with that, gives you certain controls like you can go in and disable sharing, for example, for certain files if they are violating these DLP-type patterns.
The other aspect of securing Office 365 is giving access to users to Office 365. Essentially, what that means is data coming out of Office 365 and going down to various types of devices. If you look at the promise of the cloud, it ends up being that you want to be able to allow access to users from anywhere with any device. For example, you can imagine that you have managed machines which you issue from your company, you have grandma's PC which you access when you go on vacation, and you have mobile devices which are also accessing Office 365.
Now, you may want to control what type of data is actually being allowed to be accessed from a managed device and what actually goes down in these other categories. For example on managed devices, you may allow Outlook clients but on grandma's PC you only want to allow OWA-based web email. A lot of these types of controls are essentially allowed through the use of a CASB which acts as a proxy.
The proxy at that point scans all the data that is being transferred between Office 365 and the device. It knows about the device and is able to apply controls to give you the security for the data that is coming out of Office 365. Combining both of these approaches gives you the security that you are looking for. Thanks for attending this version of Glass Class.