Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a Control Your Data: 3 Steps for Data Governance for Work from Home Staff
Similar a Control Your Data: 3 Steps for Data Governance for Work from Home Staff (20)
Más de Art Ocain
Más de Art Ocain (13)
Último
Último (20)
Control Your Data: 3 Steps for Data Governance for Work from Home Staff
- 1. Control Your Data 3 Steps for Data Governance for Work from Home Staff by Art Ocain, President & COO, MCSE, CCNA, VCP May 7, 2020
- 2. The Problem People are working from home Corporate-owned and BYOD devices – both may be ill-secured No corporate-controlled firewall Ability to access corporate data No control over the rest of the devices on their network Data is outside the corp perimeter This is particularly relevant through COVID-19 but mattered before and will matter again after we are past it.
- 3. The Risk Breach and data leak/loss Without controls, the risk is that files can be copied over VPN or from SharePoint and stolen from employees’ home networks. By hackers or malware accessing their home network By employees skipping jobs and taking their work with them to the new job By employees selling intellectual property for profit By employees who want to keep a local copy but accidentally breach the data This is particularly relevant through COVID-19 but mattered before and will matter again after we are past it.
- 4. Solution 1: Implement MFA and identity protection Over 90% of breaches begin with phishing via email. The answer to phishing is multi-factor authentication. All of your users at this point should have multi-factor authentication. If you are on Office 365 or G Suite, MFA is available. There are also 3rd-party products for MFA like Duo and Okta for on-premise email solutions. Advanced identity protection Block risky sign-ons Implement risk-based identity protection Addresses risk: hackers or malware accessing their home network This is particularly relevant through COVID-19 but mattered before and will matter again after we are past it.
- 5. Solution 2: Protect and manage the endpoints All computers that access corporate data, whether BYOD or corporate owned, should be managed. Monitoring Antivirus / Endpoint Detection & Response Patching URL Filtering Logging to SIEM/SOC Application governance and controls should be implemented with Intune. Control permissions for downloading and sharing data from corporate OneDrive or SharePoint accounts. Addresses risk: hackers or malware accessing their home network This is particularly relevant through COVID-19 but mattered before and will matter again after we are past it.
- 6. Solution 3: Implement data loss prevention Put classification labels on protected data in Office 365, SharePoint, and OneDrive Create a DLP policy in Office 365 Security & Compliance Center Prevent download of classified documents from OneDrive and SharePoint Enforce encryption and Azure Rights Management to make sure that only the indented recipient can read what you share with them via email, SharePoint, or OneDrive Create notification alerts if sensitive data is shared outside of the organization Set up Intune to prevent access to corporate data from non-managed PCs Review settings in SharePoint sites to verify external sharing policies are set appropriately for your organization Addresses risk: employee data breach This is particularly relevant through COVID-19 but mattered before and will matter again after we are past it.
- 7. Extra Credit! Control access to corporate applications with application proxy through Microsoft Azure Active Directory Configure SSO through Microsoft Azure Active Directory to corporate applications (both on-premises and cloud) Implement Microsoft Cloud App Security and log to a SIEM for SOC analysis. Addresses risk: employee data breach This is particularly relevant through COVID-19 but mattered before and will matter again after we are past it.