These Microsoft cloud security issues should have you thinking about Third party cloud security
Microsoft has done a great job of catching on to the cloud computing movement by evolving its core Office products into Office 365. Office 365 allows diverse teams to easily create and collaborate, no matter where they are in the world. Many Microsoft customers have made the transition from Exchange to 365 to reap the many advantages of operating in the cloud.
Unfortunately, a few glaring Microsoft cloud security issues have created critical vulnerabilities for customers. Many security admins believe that the native Office 365 cloud app security controls they get with their Microsoft license are sufficient to protect sensitive company data. Some will go for the Advanced Threat Protection (ATP) add-on, others will agonize over whether or not they need to upgrade to the prohibitively expensive E5 level just to get the security controls they need.
1. Identifying Account Takeovers
Of the three most critical Microsoft cloud security issues, weak account takeover detection has the potential to wreck the most havoc in your Office 365 environment. Account takeovers in cloud applications is on the rise, and email is still the most common external threat vector.
And yet, Microsoft’s native cloud security lacks the functionality to reliably detect compromised accounts, and the activity wrought by them. Customers that have not upgraded to an E5 license or purchased the ATP add-on will struggle to identify hijacked accounts, disable access, and quarantine the content created and shared using them.
A good third party cloud application security platform will provide system admins with detailed account takeover prevention and detection capabilities. These capabilities could include the ability to whitelist and blacklist logins from certain locations and/or IP addresses, malware and phishing detection for all emails (regardless of which domain sent them), as well as files and folders located in shared drives. Most comprehensive cloud security solutions will also provide visibility and control over abnormal file downloading, sharing, and emailing behavior.
Additionally, your account takeover prevention solution must include the ability to see what third party SaaS applications are granted OAuth permissions to users’ email accounts. Even friendly SaaS applications with read, send, delete, and manage permissions can be compromised. It is a best practice to maintain a list of sanctioned third party applications, and then require approval for new ones. A good cloud security platform can provide you with visibility into what SaaS applications have OAuth permissions to your cloud environment, what their potential risk factor is, and allow you to easily sanction, unsanction, and remove them.
2. Weak Data Loss Prevention Controls
Fundamentally, IT security is all about data loss prevention. Data loss prevention is a broad topic that deals with everything from data loss due to hardware malfunction to malicious data breaches. Here we’re going to focus on data loss that is due to an exposure incident, whether that incident is accidental or malicious. When it comes to data loss prevention for Office 365, you’re likely better off using a third party data loss prevention platform.
There are many data loss prevention tools available on the market today, some of which are focused specifically on cloud computing security. These tools provide customers with a variety of highly customizable data loss prevention policies and remediation actions. So, it’s difficult to justify Microsoft’s clunky controls.
For starters, there is no functionality for data loss prevention workflow options. If an email or file share triggers a policy, it is either blocked or encrypted. Admins do not have the option to route the offending content to a queue for review. Further, when documents in SharePoint and OneDrive are flagged by Microsoft data loss prevention, the document is blocked from being accessed by anyone beyond the document owner, the last person to make edits, and the site owner. The system has no sense that anyone beyond these users may have permissible access to the file.
Finally, Microsoft data loss prevention cannot detect policy violations that exist in scanned documents, images, or any file outside of a Microsoft Office file (Word, Xcel, etc.). It does not currently support optical character recognition in images. Therefore, if someone takes a picture of a credit card or social security card, for example, Microsoft’s out-of-the-box data loss prevention solution will not be able to flag it as containing sensitive information.
Most third party data loss prevention solutions have the ability to detect data loss prevention policy violations in many different types of files—including images. Additionally, the functionality to flag a policy violation and hold it until the administrator has a chance to review it and take appropriate action is a must for any team. A good data loss prevention tool solution also includes the ability to set up and customize a variety of automatic remediation actions.
3. Non-Microsoft SaaS Application Support
Does everyone in your organization exclusively use Microsoft applications? Not likely. And if you think they do, it’s likely because you don’t have the ability to see what apps are connected to your Office 365 environment.
According to Blissfully’s 2019 Annual SaaS Trends Report, the average employee uses at least eight different SaaS apps. If you’re just using Microsoft’s core security tools, you’re guaranteed to have some critical vulnerabilities in your data security architecture.
Using a third party cloud application security platform will provide you with greater visibility and control over your entire cloud application environment. So, if your team uses Office 365, Slack, Box, G Suite, and other cloud applications, you will be able to secure the data stored and shared in all of them. As mentioned above, you should also choose a solution that allows you to control all SaaS applications that have OAuth access to your environment, no matter what company developed it.
These Microsoft cloud security issues shouldn’t prevent you from using Office 365. On the contrary, there are many security benefits to moving your business operations to the cloud. But you must be aware of the potential pitfalls and vulnerabilities that cloud computing exposes, and understand the best ways to secure access to your environment and data. Microsoft cloud access security is a critical layer in your cybersecurity architecture when you transition to the cloud. Microsoft does provide some native security and compliance features, but you will have to pay for add-ons or upgrade to the E5 level to get the truly useful ones. Many admins are turning to third party cloud security solutions to protect their Office 365 environment and other SaaS applications because they find them more useful and easier to use.