2020 will be remembered in particular for the explosion of home-working and, as a result, the use of communication and collaboration tools such as Teams, Zoom and Slack. How to maintain and control the accuracy of sharings and accesses to data.
A recent survey reporting on data compromises in 2020(1) shows that 67% of compromises are attributable to three types of attack: identity theft, human error and social engineering attacks. One thing is certain: users, through their digital tools, are becoming increasingly autonomous in managing company data, whether they are in the office or at home.
New uses of Office 365, Teams, and SharePoint are among the companies' central preoccupations. A strategic subject that concerns and involves several skills: digital workplace, support teams, IT, infra, application project managers, user managers, data protection managers (DPO, compliance), cyber or risk managers and, of course, the security teams… Not forgetting the employees who create and share data without always being able to control its impact.
Gaining control and monitoring
Improving control over access, sharing and configurations on Office 365 means meeting two challenges:
- on the one hand, ensuring that data is accessed and shared by and with the right people, inside and outside the company (confidentiality of so-called sensitive data, digital hygiene following the departure of an employee, data governance);
- on the other hand, avoiding and countering the risk of fraud or compromise of the information system: a malicious access, an illegitimate configuration or a malicious sharing.
The objective is, therefore, to reduce the vulnerabilities linked to this open environment and the facilitated use of collaboration tools.
4 complementary key points:
- To know who does what, who shares what, who has done what. In other words, to have clear and precise visibility at all times.
- To detect if an access, a sharing, a configuration is illegitimate or malicious: whether it is made by an administrator, a user, a device, an application, or is due to human error.
- To take remedial action and fix problems, which makes sense if we are to correct malfunctions or malicious activity as quickly as possible.
- To maintain over time the accuracy of rights and access to each resource and each user (file, directory, mailbox, Teams group).
This means:
- Continuously monitoring all accesses, rights and configurations for the whole company and all users (including access logs, configuration objects and O365 group).
- Having an analysis and audit tool, ideally available to security teams without the need to mobilise the IT teams.
- Distinguishing legitimate events from malicious events: what constitutes legitimate activity and changes related to normal user activity.
- Having a process for removing users' doubts quickly, and that is not too burdensome in terms of staff and cost.
- Avoiding too many alerts, such as false positives, to keep a clear overview.
Taking into account the difficulties and constraints
The volume of data to be processed in this collaborative and mobile context is gigantic, and the changes are numerous and permanent.
users x applications x sharing x access + TIME
Finally, it is difficult for a user to know what is happening to their resources and data and to correct it. It also involves taking the time to visit each application (Teams, OneDrive, SharePoint, their email) to check who has rights or update those rights.
The importance of communicating with users
"In the context of collaboration, it is not the IT team or the Security team that is in charge; it is the user.» Marc Tournier, Eramet.
This demands a new paradigm . Users need to be part of the administration and security of data.
Indeed, if users adopt good practices in terms of security hygiene and rights management for their data, data security can be optimised.
We are asking users to be more involved, more aware, but they do not have the means to control and monitor what is happening.
And as F. Petrus Faurecia stresses, "It is easy to give access, but how can the user limit or withdraw access, particularly over time?".
Communicating effectively with users and empowering them is a crucial factor in engaging users in data security: their data’s security. To achieve this, an agile security system must be able to integrate the user at the heart of the security process.
A platform connected to users
Compared to traditional security systems, IDECSI offers a detection platform that is connected to its users. An approach capable of getting users involved in controlling access and sharing and giving them the visibility and the means to manage their own security. Each employee has a personal dashboard of their resources, all brought together in a user-friendly interface for a successful and engaging experience.
IDECSI technology collects and analyses operations in the Office 365 environment and its SharePoint, OneDrive, Teams applications and detects sensitive actions (new external sharing, synchronisation of an app, a new device, a new inbox rule and so on). As a result, these events can be communicated directly to their owner and corrected if necessary.
IDECSI goes beyond a technical solution and brings about significant development in the company's security, a strategic and cultural dimension that favours the adoption of digital tools, increases users' confidence in its tools and helps maintain a healthy environment over time.
(1) The Verizon 2020 study
