2. STORYBOAR
office 365 is the leading SaaS productivity suite:
market share has tripled year over year
2014 2015
google apps
office 365
other
16.3%
7.7%
76%
22.8%
25.2%52%
5. STORYBOAR
the data blind spot:
enterprises can’t rely solely on native app security
enterprise
(CASB)
end-user devices
visibility & analytics
data protection
identity & access control
application
storage
servers
network
5
6. STORYBOAR
a security balancing act:
empower users, maintain control
■ Visibility and control over corporate data in Office 365
■ Prevent unauthorized access
■ Limit external sharing
■ Restrict access on unmanaged devices
○ Managing OneDrive sync, access in risky contexts,
more
8. STORYBOAR
cloud:
protect data-at-rest in o365
■ External sharing opens the door to
unintended leaks
○ API-based controls can restrict sharing
of sensitive data
■ User behavior analytics, logging
○ Little in-app visibility, no cross-app
visibility
○ Third-party solutions are built with
compliance in mind
9. STORYBOAR
access:
native security provides limited visibility
■ More access, greater risk of data leakage
○ Granular access controls can limit risky
access
■ DLP is critical to securing sensitive data in
risky contexts
○ Complete security solutions should be
content-aware, apply DLP at access
10. STORYBOAR
mobile:
distinguish between managed and unmanaged devices
■ Employees have rejected MDM and MAM
■ IT must securely enable access to
frequently used apps
■ Allow different levels of mobile access
based on device type, user, etc.
11. STORYBOAR
identity:
centralized identity management is key to securing data
■ Cloud app identity management should
maintain the best practices of on-prem
identity
■ O365 can identify some but not all high-
risk logins
■ Prevent use of compromised credentials
with cross-app IAM, step-up MFA
12. STORYBOAR
■ BYOD blindspot - O365 DLP is not geared toward protecting data on BYOD
■ High operational overhead - Complex to configure and maintain
■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office 2016
on PCs
■ High cost - Must have top of the line license
■ Point solution - Support focused on Office 365, what about other cloud apps?
office 365 native dlp:
complex, costly, and doesn’t work across apps
14. STORYBOAR
casb security:
a data-centric approach
o365 requires a new security architecture
■ Cross-device, cross-application agentless
data security
■ Real-time data protection
■ Limit high-risk activities like external file
sharing, unmanaged access
■ User behavior analytics
15. STORYBOAR
managed
devices
application access mode data protection
unmanaged
devices &
mobiles
in the cloud
● profile-agent
● VPN+IP-restriction
● DLP/DRM/encryption
● Device controls, e.g PIN
● Agentless Selective wipe
● Client apps: allow/block
● OneDrive
● Sharepoint
● API
● Quarantine DLP
● Block external shares
● Alert on DLP events
office 365 use case:
real-time inline data protection on any device
Legacy Auth Apps
e.g Office 2010
● Full access
Modern Auth Apps
e.g Office 2013+
● profile agent
● VPN+IP-restriction
● certificates
● Full access
● Browser
● ActiveSync Mail
● Client apps
● Reverse-proxy + AJAX-VM
● ActiveSync Proxy
15
16. STORYBOAR
client
■ 180,000 employees
■ Among the largest US healthcare orgs
challenge
■ HIPAA Compliant cloud and mobile
■ Controlled access to Office 365 from managed &
unmanaged devices
■ Control external sharing
■ Real-time inline data protection
solution
■ Real-time inline protection on any device
■ Contextual access control on managed &
unmanaged devices (Omni)
■ Real-time DLP on any device
■ API control in the cloud
■ Agentless BYOD with selective wipe
■ Enterprise-wide for all SaaS apps
secure
office 365
+ byod
major
healthcare
firm
17. STORYBOAR
secure
salesforce +
office 365
17
client
■ 20,000 employees
■ Global presence
■ $6T in assets under management
challenge
■ Needed complete CASB for enterprise-wide
migration to SaaS
■ Security for Office 365
■ Encryption of data-at-rest in Salesforce
solution
■ Searchable true encryption of data in Salesforce
■ Real-time inline DLP on any device (Citadel)
■ Contextual access control on managed &
unmanaged devices (Omni)
■ API control in the cloud
■ Discover breach & Shadow IT
financial
services
client
what are your office 365 migration plans?
Already deployed
Deployment in progress
Plan to deploy in the next year
No plans to deploy O365
“By 2018, more than half of all bring your own device (BYOD) users that currently have an MDM agent will be managed by an agentless solution” - Gartner
what cloud security functions are most important?
Cross-app identity management
Access controls
Data leakage prevention
Data protection for cloud data sync’d to devices
Cloud encryption