State of Office 365 Adoption & Risk A Dive into the Data Jim Reavis, CEO, Cloud Security Alliance Brandon Cook, VP, Marketing, Skyhigh Networks
Q4 2016 Office 365 Usage and Risk Report Brandon Cook, Skyhigh Networks
Hard Data on O365 Usage Anonymized usage data 30+ million users 600+ companies across 28 industries 78 countries worldwide
Office 365 Adoption vs Usage It s Just Starting Penetration rate of Office 365 in the enterprises has increased from 87.3% to 91.4% in 9 months But, active usage has tripled in same time. Growth driven by pricing model and new features
Office 365 Utilization by App OneDrive is top app (bundled with Office and Exchange Online) Exchange Online utilization still relatively small
Office 365 Now World s Most Popular Enterprise Cloud Service
Office 365 Usage by Industry
Office 365 is Home to Sensitive Data
Collaboration within Office 365 (OneDrive, SharePoint) is Growing 37.2% of O365 files are shared today
Sensitive Data Shared Externally 9.2% of Externally Shared Docs Contain Sensitive Data
O365 Threat Funnel
Office 365 Data Under Siege
O365 Data Loss Scenarios
Leveraging CASBs to Address O365 Data Loss Scenarios Encryption
Leveraging CASBs to Address O365 Data Loss Scenarios Encryption API controls (OAuth)
Leveraging CASBs to Address O365 Data Loss Scenarios Encryption API controls (OAuth) Granular DLP on shadow cloud services
Leveraging CASBs to Address O365 Data Loss Scenarios Encryption API controls (OAuth) Granular DLP on shadow cloud services User behavior, privileged user, and geolocation analytics
Leveraging CASBs to Address O365 Data Loss Scenarios Encryption API controls (OAuth) Granular DLP on shadow cloud services Device-based access controls User behavior, privileged user, and geolocation analytics
Leveraging CASBs to Address O365 Data Loss Scenarios Encryption API controls (OAuth) Security Configuration audit Granular DLP on shadow cloud services Device-based access controls User behavior, privileged user, and geolocation analytics
Leveraging CASBs to Address O365 Data Loss Scenarios Collaboration controls Encryption API controls (OAuth) Security Configuration audit Granular DLP on shadow cloud services Device-based access controls User behavior, privileged user, and geolocation analytics
Top 7 O365 CASB Uses Cases Ranked 1. Prevent unauthorized data from being shared externally 70% 2. Prevent high-value data from being stored in the cloud 65% Adoption 3. Block download of O365 data to personal devices 55% 4. Detect compromised accounts, insider/privileged user threats 40% 5. Capture an audit trail of activity for forensic investigations 30% 6. Prevent access to personal O365 instances 20% 7. Prevent proliferation of malware 15%
Guidance from the Cloud Security Alliance (CSA Jim Reavis CEO, Cloud Security Alliance
Awareness, Opportunism, Strategy in securing your Cloud experience Visibility into cloud usage today and plans for tomorrow
Awareness, Opportunism, Strategy in securing your Cloud experience Visibility into cloud usage today and plans for tomorrow Data security: think about the entire data lifecycle and address security in all phases
Awareness, Opportunism, Strategy in securing your Cloud experience Visibility into cloud usage today and plans for tomorrow Data security: think about the entire data lifecycle and address security in all phases Strong Identity & Access Management strategy
Awareness, Opportunism, Strategy in securing your Cloud experience Visibility into cloud usage today and plans for tomorrow Data security: think about the entire data lifecycle and address security in all phases Strong Identity & Access Management strategy Due diligence with your providers
Awareness, Opportunism, Strategy in securing your Cloud experience Visibility into cloud usage today and plans for tomorrow Data security: think about the entire data lifecycle and address security in all phases Strong Identity & Access Management strategy Due diligence with your providers Understand how software development is different in cloud
Awareness, Opportunism, Strategy in securing your Cloud experience Visibility into cloud usage today and plans for tomorrow Data security: think about the entire data lifecycle and address security in all phases Strong Identity & Access Management strategy Due diligence with your providers Understand how software development is different in cloud Learn about new "cloud-driven" security practices like DevSecOps
Lots of free tools and research to make your transition easier CSA Guidance, Cloud Controls Matrix, CSA STAR and much more https://cloudsecurityalliance.org/ Get your CCSK & CCSP!
Questions?