Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

Similar documents
Maximize your move to Microsoft in the cloud

Google Identity Services for work

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

BlackBerry 2FA. Datasheet. BlackBerry 2FA

Secure single sign-on for cloud applications

Integrated Access Management Solutions. Access Televentures

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Secure Access for Microsoft Office 365 & SaaS Applications

Go mobile. Stay in control.

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Integrating Password Management with Enterprise Single Sign-On

Disk Encryption Buyers Guide

How Next Generation Trusted Identities Can Help Transform Your Business

5 OAuth Essentials for API Access Control

Yubico with Centrify for Mac - Deployment Guide

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

BlackBerry Enterprise Identity

5 OAuth EssEntiAls for APi AccEss control layer7.com

Centrify for Dropbox Deployment Guide

Five Reasons It s Time For Secure Single Sign-On

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Secure access to your enterprise. Enforce risk-based conditional access in real time

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Securing Your Salesforce Org: The Human Factor. February 2016 User Group Meeting

Securing Office 365 with MobileIron

IT & DATA SECURITY BREACH PREVENTION

Whitepaper on AuthShield Two Factor Authentication with SAP

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

Crash course in Azure Active Directory

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

MObile. end. complexity

The Device Has Left the Building

Security Enhancements

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

Securing Today s Mobile Workforce

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Identity & Access Management

Authentication Technology for a Smart eid Infrastructure.

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

Next Generation Authentication

Two-Factor Authentication User FAQ s

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

10 FOCUS AREAS FOR BREACH PREVENTION

Remote Desktop Security for the SMB

THE SECURITY LEADER S GUIDE TO SSO

Rethinking Authentication. Steven M. Bellovin

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

Accessing CharityMaster data from another location

BYOD Success Kit. Table of Contents. Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips

Make security part of your client systems refresh

7 Keys to Comparing Google Apps Premier Edition with Microsoft Exchange Server 2003/2007

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Salesforce1 Mobile Security White Paper. Revised: April 2014

Authlogics for Azure and Office 365

Best Practices in Securing a Multicloud World

Mitel MiCollab. Keeping people connected and productive anytime, anywhere, on any device

OATH : An Initiative for Open AuTHentication

Overview What is Azure Multi-Factor Authentication? How it Works Get started Choose where to deploy MFA in the cloud MFA on-premises MFA for O365

FIVE REASONS IT S TIME FOR FEDERATED SINGLE SIGN-ON

Cloud sicherung durch Adaptive Multi-factor Authentication

A comprehensive security solution for enhanced mobility and productivity

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Keep the Door Open for Users and Closed to Hackers

Security for an age of zero trust

Deprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018

white paper SMS Authentication: 10 Things to Know Before You Buy

Securing today s identity and transaction systems:! What you need to know! about two-factor authentication!

2016 Survey: A Pulse on Mobility in Healthcare

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Why is Office 365 the right choice?

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Double up on security for Active Directory and cloud app authentication

As Enterprise Mobility Usage Escalates, So Does Security Risk

10 Hidden IT Risks That Might Threaten Your Business

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

SAP Security in a Hybrid World. Kiran Kola

MobilePASS. Security Features SOFTWARE AUTHENTICATION SOLUTIONS. Contents

Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access

Augmenting security and management of. Office 365 with Citrix XenMobile

TAKING THE MODULAR VIEW

Microsoft 365 Business FAQs

Multi Factor Authentication & Self Password Reset

Mitel MiCollab. Keeping People Connected and Productive Anytime, Anywhere, on Any Device

Mobile Data Security Essentials for Your Changing, Growing Workforce

How Identity as a Service Makes UCaaS/SaaS Integrations More Scalable, Productive, and Secure

Allen University Microsoft Office 365

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

COMPUTING FUNDAMENTALS I

IT Security: Managing a New Reality

Hybrid Identity de paraplu in de cloud

Managing Devices and Corporate Data on ios

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

1.1. HOW TO START? 1.2. ACCESS THE APP

Modern two-factor authentication: Easy. Affordable. Secure.

Stop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico

How to Build a Culture of Security

Safelayer's Adaptive Authentication: Increased security through context information

The Future of Mobile Device Management

Transcription:

Unlocking Office 365 without a password How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

Introduction It is highly likely that if you have downloaded this ebook you are thinking about the security of your company s information in the cloud. You want the benefits and power of cloud productivity, helping your organization to save time and money and free up valued resources. At the same time you want it to be simple. And safe. The last thing you want is an incident that puts your business at risk. With more workers on the go, your business information is likely accessed by more people and from more places and platforms than ever before. This increased access also raises the opportunity for attack. With the threat landscape of today, cybercrime is carried out by highly organized, financially motivated professional criminals. So it s vitally important to make sure the approach you take to safeguarding access considers how to balance security against usability for your staff and partners. Office 365 provides secure access across platforms and devices through innovative technology coupled with a comprehensive approach to security to protect your systems and data in their environment. But much of it hinges on the strength and protection of a user s password. The rest of this ebook will explore why requiring your users to remember another passwords just isn t the most effective way to protect your business information in Office 365, and demonstrate several alternatives to make it easier for your staff to access their information in the cloud more safely.

61 % of people reuse the same password on multiple websites. So what happens if another site is compromised and that password is the same one used for Office 365? 1 1 CSID Password Habits Report - http://www.csid.com/wp-content/uploads/2012/09/cs_passwordsurvey_fullreport_final.pdf 3 P a g e

The Challenge The news is riddled with stories of compromised websites that have exposed users to great risk. Sites like LinkedIn, eharmony, Sony and DropBox demonstrate that we put far too much trust into cloud providers without considering the impact and liability we may face if our passwords were stolen. This problem isn t new. For the past five years there has been at least one serious breach every month that has impacted and inconvenienced users. It won t go away anytime soon. The combination of poor password management by many cloud providers and the simple negligence by users in maintaining discipline against password reuse is just too much to bear. When users have to enter credentials in more than five different prompts every day, over any given month they may have to know twenty different passwords. They are lucky if they remember five 2. NUMBER OF PASSWORDS REMEMBERED 5% 6% 7% 28% 54% 1 to 5 6 to 10 11 to 15 16 to 20 20+ 2 CSID Password Habits Report - http://www.csid.com/wp-content/uploads/2012/09/cs_passwordsurvey_fullreport_final.pdf 4 P a g e

Microsoft s Enterprise Solution Federation In an effort to battle password fatigue Microsoft offers its customers the option to federate their identity with their office systems. Called Active Directory Federation Services (ADFS), it provides a great way for people to use the same password that they do at work in Office 365. That means one less password to remember, and means the company can control and maintain password policy and maintenance decisions at the office. These benefits come at a cost. According to a Forrester research 3 study on The Total Economic Impact of Microsoft Office 365, for single sign-on (SSO) and identity federation to Office 365 a company would spend over $10,000 for hardware, maintenance and in-house hosting over a three year period, with over 80% of that cost incurring in the first year. Combined with the evidence that deployment of ADFS can be difficult, for many smaller organizations this is just not feasible. A survey conducted in the Office 365 admin group on LinkedIn, found that 71% of respondents needed more than 2 full days to setup ADFS. TIME NEEDED TO DEPLOY ADFS 45% 16% 26% 13% Around 4 hrs About 1 day Around 2 days More than 3 days 71 % needed more than 2 days to setup ADFS. 3 http://download.microsoft.com/download/4/a/d/4ad0bc3b-1345-41b7-be3c-d6ea3bfd0176/tei of Office 365 - midmarket.pdf 5 P a g e

90 % of Office 365 customers are small businesses with fewer than 50 employees. * Taken from Microsoft s Look Who is using the Cloud 4 infographic 4 http://www.microsoft.com/en-us/news/imagedetail.aspx?id=ceab62bf6b15335c6fa078be0f9cf13ec035ab43 6 P a g e

Microsoft s SMB Solution The Office 365 AddIn Knowing that a majority of Office 365 customers are in smaller businesses and don t have the infrastructure or expertise to run ADFS, Microsoft has approached this market with the introduction of its Office 365 AddIn for Windows Server Essentials. This essentially provides a capability in which the local on-premise server can synchronize accounts and passwords to Office 365 through a special integration wizard. This goes a long way to address the basic fundamental need to maintain identity between the on-premise server infrastructure and Microsoft s Cloud Services. However, password policy conflicts in earlier versions may make this cumbersome since passwords updated in Office 365 are NOT synchronized back to the on-premise server infrastructure. So it is possible that the credentials may not match between sites, confusing users and increasing administrative costs as you diagnose and manage the separate password systems. The Bigger Problem While ADFS and the Office 365 AddIn for Windows Server Essentials do answer the problem of having to remember another password to access Office 365, it doesn t actually make the experience more secure. If anything, depending where users access Office 365 it could actually be riskier to the business. If malware from the vile and villainy of the Internet is installed on a device that a staff member uses to access business information in Microsoft s Cloud Services, when they enter their password it may be collected and compromised. At this point, not only do they have a credential to Office 365 in the cloud, but also to your office systems on-premise. If you permit remote access through the likes of Remote Web Access (RWA), Remote Desktop Services (RDS) or VPN you may have just opened the back door to allow a perpetrator full access to your business by acting as that user. You wouldn t know any different. Password synchronization doesn t actually make your experience more secure. 7 P a g e

The Alternative Two-Factor Authentication If passwords aren t the best way to protect business information in the cloud, what would be better? You may have noticed that as of late, cloud-based companies like Google, Dropbox, PayPal and even Microsoft have agreed that a better form of authentication is the use of two-factor authentication (2FA). There are many forms of 2FA everything from SMS and text messaging to systems that call you back for confirmation over the phone. The easiest method to adopt though is to combine a PIN that only a user knows with a one-time-password (OTP) that is dynamically generated for the user at the time of login. The combination of knowing a PIN and having the OTP gives you two factors to prove you are who you say you are when needing to access services and information in the cloud. Or in some cases, even when on-premise. Generating the OTP can be done in many ways. You can use traditional hardware keyfobs that produce the OTP on what is called a token. A more popular method being adopted lately is through an app on a smartphone, typically called a SoftToken. Acting just like a hardware keyfob, it generated the OTP for you as you need it. The benefit of SoftTokens come from the fact that most users these days have smartphones and would rather use them than carry around an extra hardware device on their keychain. Using AuthAnvil to provide 2FA to Office 365 with a SoftToken is exactly how Scorpion Software does it. The AuthAnvil Solution Scorpion Software, a Kaseya company, offers 2FA for Office 365 through two key products that are part of AuthAnvil Password Solutions AuthAnvil Two Factor Auth and AuthAnvil Single Sign On. AuthAnvil Two Factor Auth provides the engine that delivers the authentication subsystem that validates a user s PIN and OTP against their account. AuthAnvil Single Sign On provides the single sign-on (SSO) subsystem and federation capabilities that Office 365 needs to configure and communicate with your users on-premise. Both products are installed on a Windows Server hosted on a server you control on-premise or in your own private cloud or data center. This gives you the ability to maintain control of your cloud security on systems that you own and manage. AuthAnvil is capable of running on 8 P a g e

entry level servers like Windows Server Essentials and Small Business Server, all the way up to highly-available clustered Windows Servers with Network Load Balancing (NLB). AuthAnvil SoftTokens are capable of running on popular smartphones running Windows Phone, Apple iphone, Google Android and RIM Blackberry. You can also run it on Windows desktops and even USB-based Yubikeys. With an app on your phone, you can log into Office 365 without needing to know or remember a password. You can have the one-timepassword generated when you need it. Constraints with 2FA in Office 365 By its very nature the concept of a one-time-password (OTP) is that it can only ever be used once. That makes it difficult to use with applications like Microsoft Lync or Outlook that caches your password and uses it multiple times when it needs to reach Office 365. This is just as difficult for applications running on your smartphones and tablets that accesses your email and documents in the cloud. On its own using two-factor authentication (2FA) with such applications may result in a poor experience for users as you would need to enter a new OTP almost every time you needed to check email, or communicate with colleagues and customers. This gets worse as you use multiple devices. If an application stores this one-time-password it conflicts when a different device authenticates and updates the session with a different one. So if your Windows Phone polls for mail and then you try to read a new message on your ipad, it could void the password on your phone, requiring you to enter a new OTP the next time you try to check your mail. This dueling for access control becomes cumbersome and just frustrates users. Most 2FA solutions that do work with Office 365 through ADFS fall back to use the Active Directory credential to get around this. So while you can use 2FA for web based access, onpremise Office applications fall back to using a Windows credential which exposes your business to unnecessary risk. Most 2FA solutions cannot work with rich clients like Microsoft Office, Lync and Outlook. AuthAnvil can. AuthAnvil addresses this differently to reduce this risk to an acceptable level. 9 P a g e

How AuthAnvil Solves the 2FA Constraints in Office 365 Knowing that being constantly prompted for a new OTP is a poor user experience, Scorpion Software designed a system to use unique ActiveSync keys that meet the password complexity requirements for a strong password. This key is not coupled to a user s account at your office. In fact, ActiveSync keys are unique to the user within AuthAnvil, and can be monitored and managed by the user right in their profile in their personalized AuthAnvil Single Sign On portal. You can further protect this key by enforcing the need for users to provide their AuthAnvil passcode (their PIN + OTP) when they wish to reveal this key so they can enter it into application that support ActiveSync. Like Outlook. Lync. And their smartphones and tablets. These ActiveSync keys act like a traditional password and work as a cached credential. However, because they are not tied to your office systems even if they were somehow compromised or stolen you are not at risk at your office from an adversary using this credential to gain access to your local systems and information. Even better, AuthAnvil enforces the use of randomized stronger passwords of up to 16 characters, helping to increase the security effectiveness and eliminate the use of weak passwords. This helps to balance security and usability so users can leverage the benefits of Office 365 without increasing risk to your business by using your work passwords in the cloud like you would with ADFS. Scorpion Software can help you deploy 2FA in Office 365 in just a few of hours. 10 P a g e

Next Steps Within this ebook you have hopefully learned how you can unlock access to Office 365 without your users needing to remember another password. How to maximize your security while actually making it easier for them to access Office 365. But you re also likely thinking there s a lot more to learn to put together an effective strategy to secure your Office 365 deployment with AuthAnvil. We can help, you can request a one-on-one consultation with Scorpion Software to learn how. Like this ebook? Share it with your peers! 11 P a g e

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback