These slides relate to controlling data governance as employees are working from home. Art Ocain, a certified Azure Administrator, Microsoft 365 Security Administrator, and Microsoft 365 Enterprise Administrator, discusses solutions to leverage the Microsoft 365 toolset to increase your security.
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Control Your Data: 3 Steps for Data Governance for Work from Home Staff
1. Control Your Data
3 Steps for Data Governance
for Work from Home Staff
by Art Ocain, President & COO, MCSE, CCNA, VCP
May 7, 2020
2. The Problem
People are working from home
Corporate-owned and BYOD devices – both
may be ill-secured
No corporate-controlled firewall
Ability to access corporate data
No control over the rest of the devices on
their network
Data is outside the corp perimeter
This is particularly relevant through COVID-19 but mattered before and will matter again after we are past it.
3. The Risk
Breach and data leak/loss
Without controls, the risk is that files can be
copied over VPN or from SharePoint and
stolen from employees’ home networks.
By hackers or malware accessing their
home network
By employees skipping jobs and taking
their work with them to the new job
By employees selling intellectual
property for profit
By employees who want to keep a local
copy but accidentally breach the data
This is particularly relevant through COVID-19 but mattered before and will matter again after we are past it.
4. Solution 1: Implement MFA and
identity protection
Over 90% of breaches begin with
phishing via email.
The answer to phishing is multi-factor
authentication.
All of your users at this point should
have multi-factor authentication. If
you are on Office 365 or G Suite, MFA
is available.
There are also 3rd-party products for
MFA like Duo and Okta for on-premise
email solutions.
Advanced identity protection
Block risky sign-ons
Implement risk-based identity
protection
Addresses risk: hackers or malware accessing
their home network
This is particularly relevant through COVID-19 but mattered before and will matter again after we are past it.
5. Solution 2: Protect and manage
the endpoints
All computers that access corporate
data, whether BYOD or corporate
owned, should be managed.
Monitoring
Antivirus / Endpoint Detection &
Response
Patching
URL Filtering
Logging to SIEM/SOC
Application governance and controls
should be implemented with Intune.
Control permissions for downloading
and sharing data from corporate
OneDrive or SharePoint accounts.
Addresses risk: hackers or malware accessing
their home network
This is particularly relevant through COVID-19 but mattered before and will matter again after we are past it.
6. Solution 3: Implement data
loss prevention
Put classification labels on protected data
in Office 365, SharePoint, and OneDrive
Create a DLP policy in Office 365 Security
& Compliance Center
Prevent download of classified documents
from OneDrive and SharePoint
Enforce encryption and Azure Rights
Management to make sure that only the
indented recipient can read what you share
with them via email, SharePoint, or
OneDrive
Create notification alerts if sensitive data is
shared outside of the organization
Set up Intune to prevent access to
corporate data from non-managed PCs
Review settings in SharePoint sites to
verify external sharing policies are set
appropriately for your organization
Addresses risk: employee data breach
This is particularly relevant through COVID-19 but mattered before and will matter again after we are past it.
7. Extra Credit!
Control access to corporate
applications with application proxy
through Microsoft Azure Active
Directory
Configure SSO through Microsoft Azure
Active Directory to corporate
applications (both on-premises and
cloud)
Implement Microsoft Cloud App
Security and log to a SIEM for SOC
analysis.
Addresses risk: employee data breach
This is particularly relevant through COVID-19 but mattered before and will matter again after we are past it.