According to a new study by Skyhigh Networks, almost three quarters (71.4 percent) of corporate Office 365 users have at least one compromised account each month. This number is based on a survey of 600 enterprises and 27 million users. In addition to these compromised accounts, 57.1 percent have “at least one insider threat,” and 45.9 percent have at least one “privileged user threat.” Despite this, Microsoft is continually evolving its security solutions to keep Office 365 secure, and trusted by more enterprises than ever. In addition to Office 365 security, there are steps you can take to ensure security in the cloud.
One example of Microsoft ensuring Microsoft Cloud App Security, which was released earlier this year, and brings IT leaders the same level of “visibility and control” to SaaS applications as they have in their on-premises network. With this new offering, IT managers receive notifications of suspicious user activity and can utilize a cloud app discovery tool to analyze which cloud services users are connecting to. The Cloud App Security tool also allows IT decision-makers to “approve or revoke privileges to connect third-party services to Office 365.”
Additionally, Microsoft has extended its Customer Lockbox tool, which, Microsoft’s chief information security officer, Brent Arsenault, said provides IT leaders with “new approval rights, greater transparency and enhanced control over their data in Office 365.” This update will speed up the security troubleshooting process; in previous versions of the tool, multiple levels of approval were needed within the vendor before a Microsoft engineer could respond to the issue.
However, even with Microsoft’s technology updates, common sense security measures are still needed to minimize the risk of a breach. A surprising statistic from Skyhigh Network’s study found that users are still using unencrypted files to store their passwords, and what’s worse, many are naming these files with obvious keywords like “passwords.” In 2016, Skyhigh found 204 instances of this, which is up from 143 in 2015. This makes a hacker’s job easier than it has to be, but the good news is it’s an easy fix. Given the high frequency of security threats, a strict approach to data security, including encryption utilization, is needed in order to minimize the risk of a data breach.
Of course, IT leaders are often stretched in many different directions, and may not have the bandwidth necessary to have their eyes on everything to make sure the proper security measures are being taken. Taking advantage of Office 365 through a Managed Service Provider (MSP) means that IT leaders can trust a team of experienced professionals to handle data security, while they focus on their organization’s strategic goals. An MSP can provide security compliance management support to their clients, and can also provide additional security enhancements like Datapipe’s single-sign-on solution.
Datapipe’s Managed Cloud for Office 365 supports all three models of identity management for Office 365, including cloud identity, synchronized identity, and federated identity. The synchronized and federated models by definition have a hybrid component and Datapipe can manage the entire hybrid stack. Through the federated model, Datapipe can setup and manage a robust single-sign-on solution across a company’s SaaS applications with the same identity management mechanism used for Office 365. This solution greatly simplifies account management when employees join or leave the organization, reducing the risk of unauthorized accounts still having access.
Cybercriminals may be becoming more sophisticated, but that doesn’t mean enterprises need to be afraid to take advantage of SaaS programs like Office 365. With the right partner, and proper safeguards in place, enterprises can rest easy knowing that their data is in good hands. To learn more about Datapipe’s Managed Office 365 solution, click here.