🟢 DISCOVER DETOX FOR MICROSOFT 365 COPILOT : 2 STEPS TO REDUCE DATA EXPOSURE! START YOUR RISK ASSESSMENT 👉

Microsoft 365

03 September 2019

Microsoft 365 and governance: who is accessing what?

Microsoft 365 governance

With the ongoing data proliferation throughout your organisation, how can you gain visibility and ensure that the CIO has control of the situation? Or give your users visibility to their data security: delegations, access to sensitive documents, anonymous sharing,…

 

Improve visibility to increase the security of your data

The workspace is no longer limited to specific endpoints or networks. Users share folders, give access, access files, and communicate externally, all from any location with any device. Today’s digital environment brings a multitude of possibilities.

The CISO, CIO, head of HR, CFO, DPO and others are increasingly worried about the security of these tools and data. The perimeter is constantly extending as a result of migration to the cloud, digital transformation and expanding collaboration. In a recent study, the Ponemon Institute revealed that 52% of surveyed companies’ keep their sensitive and confidential data in SharePoint [1].

To ensure that everyone’s data is protected, it’s crucial that only the correct rights and permissions are granted for all resources: users, applications and documents. It can be challenging to ensure that each user – whether an administrator, a member of the exec committee or an employee – has appropriate and up-to-date permissions. In some cases, access rights and permissions can be the unintentional result of a chain reaction: a domino effect of access and sharing following exchanges and conversations.

With more users, more data is created. Monitoring the activity of a multitude of data stores or libraries and understanding what is happening seems almost impossible.

How can the CISO or CIO gain visibility and ensure that the situation is not out of control? How can the users understand their data security?

 

What access and sharing governance strategy should be adopted?

There is a huge number of possibilities for users to manage and share their data, and the tools are constantly being enriched with additional services and features. It’s therefore critical to put in place a governance strategy so that the CISO and the user can ensure the security and integrity of the data.

  • What functionality can the user access, for example in the case of the Office 365 environment?
  • Is it appropriate based on the risk profile and policies of the company?
  • Are all the permissions acceptable?

Map Out the Risks

The starting point is to determine where the risks are:

  • At the company level
    • Key sites: locations of the sensitive data and confidential resources
    • Key areas of sensitivity: global configuration, privileged accounts, administrator console
    • Organizational elements: user groups, security policies

  • At the individual level
    • Delegations in email accounts “View, Send As”
    • International access (sensitive countries Nigeria, China)
    • Which applications piggyback on the authentication of the user and access their data?
    • Who has access to what on OneDrive, SharePoint, Teams?
    • Who does the user share documents with, internally and externally?

  • At the application level, each tool has specific issues that need to be understood and taken into account to provide the optimal security configuration

Sanitising the environment and ensuring it remains healthy

Are email accounts compromised right now? Who is viewing sensitive SharePoint files? Is there any external or anonymous sharing? What permissions and rights exist, who can access which account, what accesses and access modes are observed, what devices are synchronized, which rules are configured?

Identifying and correcting excessive rights and unauthorised configuration adds great value. Thereafter, it is vital to maintain the health of the environment. Companies have to constantly monitor changes and regularly verify the configuration, rights and permissions. Real time alerting when highly sensitive operations occur ensures that issues are dealt with promptly and breaches are avoided.

Personalised user based anomaly detection

By monitoring logs and other data in Office 365 or on-premise SharePoint, it is now possible to identify suspicious access, sharing, location, and change of rights or configuration – on a per user or per resource basis.

Personalised user-based protection is about understanding what’s legitimate and what’s not. Beyond statistics, or conventional behavioural analysis, a phase of automatic learning allows the creation of a profile of the user or library. Each action that occurs can be analysed in its exact context (geolocation, schedule, connection protocol, application, …) to determine whether it is legitimate or not.

Send information directly to the right people for verification

When an alert is issued, it can be sent to CISO team, a SIEM and/or a SOC. It can also be delivered directly to users, for immediate validation by the user who understands how their data should be accessed. The user can see the rights, the devices, the delegates and the accesses to their resources, and confirms or queries the status of their account via a dedicated page: MyDataSecurity.

For each potentially dangerous action, the user immediately reports it to the SOC: a new download or synchronization, access to a sensitive document or library, a full access delegation,… The alert can be immediately addressed by the user, and the user has, for the first time, global visibility to their data security.

High-volume processing: productivity and security

Large organisations benefit through this automation. Validation of account security is via such automated engagement with users. The support team focuses only on the alerts where users have confirmed real issues. The security team can quickly investigate through a dashboard that centralizes the users’ notifications and allows forensic analysis of the underlying activity.
Users become the first line of defense for the company.
End-user validation adds unprecedented value to the operation of a traditional SOC, with a double advantage: on the one hand, preventive – each user is aware of their own security; on the other hand, curative – any abnormal or malicious behaviour can be detected and remediated quickly, with clarity as to the underlying cause.
This approach is essential for any organization that wants to increase the security of its information system and the governance of who accesses what? Who can do what? Who shares what? It provides full visibility to the most sensitive Office 365 operations.
With a dynamic and collaborative approach, the review of rights and current access is highly efficient and avoids resource limitations. It offers a company wide service at a lower cost. Security breaches are reduced.

 

[1] Ponemon institute research report, May 2017

Recent articles

Microsoft Copilot: 5 advice for data access secure

Microsoft Copilot: the challenges for Data Security

Copilot: Microsoft's new generative AI

[Conference] How to master Data Access and Sharing in Microsoft 365

Best practices to improve Microsoft Teams security

Download the infographic 

Our articles

These articles may
interest you

Microsoft Copilot: 5 advice for data access secure
Microsoft 365
Security
Trends

Microsoft Copilot: 5 advice for data access secure

Lire l'article
Microsoft Copilot: the challenges for Data Security
Microsoft 365
Workplace

Microsoft Copilot: the challenges for Data Security

Lire l'article
Copilot: Microsoft's new generative AI
Microsoft 365
Workplace

Copilot: Microsoft's new generative AI

Lire l'article
Microsoft Loop: the latest features of the collaborative hub
Microsoft 365
Workplace

Microsoft Loop : new collaborative hub

Lire l'article

Data protection, let's discuss your project?

 

Contact us
video background