With more than 1.2 billion Microsoft® Office users and a 74-percent increase in commercial adoption of Microsoft Office 365® in 2015, it’s apparent that software-as-a-service (SaaS) applications provide tremendous value to end users. With easy setup and collaboration capabilities that change the way organizations do business, Microsoft Office 365 has become a staple application for most companies.
While incredibly useful tools to drive business productivity, these SaaS applications pose high levels of risk. For example, Microsoft OneDrive® or SharePoint® is used to easily store and share files, but what comes along with the ease of use are opportunities for accidental shares, when users unintentionally send access to the wrong people. Similarly, Exchange and Yammer® easily stores important, structured data for users, but these too are open to accidental data exposure or threat insertion risks, oftentimes acting as vectors or entry points for malware.
What follows are three key security requirements to safely enable Microsoft Office 365 applications:
Securely enabling SaaS applications begins with visibility into the applications themselves and who is using them. A next-generation firewall provides visibility across all user, folder and file activity, at the network level, to determine which applications are being used by which users, and defines the usage behavior (e.g., file upload or download, or access from personal accounts versus enterprise accounts). This helps to identify the related risks to determine whether a given SaaS application should be sanctioned, unsanctioned or tolerated. Categorizing SaaS applications controls usage at the network level, providing the visibility needed to define a SaaS usage policy to begin migrating users to sanctioned-only SaaS applications.
Policies to control sanctioned and unsanctioned SaaS applications are relatively straightforward: Either allow access without restriction or block usage outright. Tolerated applications, however, require a more granular and measured policy to control usage, particularly those controlled by a third party or business partner. To simultaneously increase security and provide more capabilities to end users, organizations can standardize on an enterprise-sanctioned application, such as Microsoft Office 365, to move users off tolerated applications altogether to ones that are sanctioned. Similarly, policy should be applied to move users off personal accounts to enterprise-owned, sanctioned accounts.
SaaS applications are often the first insertion point for malware and the last exfiltration point for data loss, and thus should be protected in the same manner as network applications. The ability to exert a consistent control and prevention policy is critical as it yields unparalleled visibility. This level of visibility allows organizations to inspect content for data risk violations as it moves to the cloud, controlling access to shared data via a contextual policy.
To learn more, read the Securing Your Microsoft Environment white paper.