Glass Class - The Failings of Office 365
Hi everyone. Today we're going to be talking about the limitations of Microsoft's built-in security for Office 365. I only have two minutes, so I'm not going to go through all of them, but we're going handle here at least a few of the top couple, the biggest ones that you need to keep in mind.
Number one, in-line data protection or lack thereof. Microsoft offers no ability to protect data in real time - so stopping things such as downloads of sensitive corporate data down to a BYOD device. That's a big limitation.
Number two is app support. Cloud access security brokers like Bitglass support a broad range of applications - not only SaaS apps, but infrastructure as a service apps, and even custom applications. Microsoft falls short in a number of those areas meaning that you have to go out and buy another security package from other vendors, potentially multiple other vendors, in order to fill in some of the gaps where Microsoft falls off.
Number three, agentless BYOD security. This is another big area, specifically because so many organizations have concerns about BYOD devices connecting into an app like Office 365 where they may not have the ability to take management control over that device. Now, while Office does support Intune, which is a traditional MDM, it also requires you as an organization to take full management control of that device, which may not be possible and your employees definitely won't like. So that's a big limitation.
Number four is encryption. Microsoft does offer some basic file-level encryption, but it doesn't allow the organization to control their own keys in a bring-your-own-key-type of scenario. It also does nothing to support field-level encryption for apps that have structured data stored in them, like a CRM app such as Salesforce - another big limitation.
The fifth one is UEBA, user behavior analytics - identifying suspicious traffic, not only within an app, but across applications, and taking action on that, such as step-up, multifactor auth, or blocking certain types of transactions from happening. This is critical in terms of your ability to meet your security needs as you move to public cloud applications, and you won't get it from Microsoft.
The last piece is integration. Organizations like yours have spent decades investing in a wide variety of security technologies. Oftentimes, as you move to the cloud, you want to continue to leverage those investments. A CASB like Bitglass allows you to integrate with those enterprise systems, not something that you're able to do with things like your SIEM, your premises DLP system, or other systems on prem if you choose the Microsoft built-in security.
There you have it. Some of the top limitations of Microsoft's built-in Office 365 security that you need to keep in mind when evaluating that versus a cloud access security broker. Thank you.