The cloud has been trending, and for good reason. Cloud based services, like Storage as a Service (SaaS), provide a powerful way for companies large and small to manage and secure their data in the most streamlined, flexible ways.
The state of the cloud today
Moving to cloud offers companies a wealth of benefits, including cost savings, greater productivity and the flexibility to scale up and down quickly and easily—features that typical on-premise enterprise solutions just can’t match. And that’s exactly the reason why cloud-based service use has increased over the last few years. In fact, 52% of companies have already made the move to the cloud, and over the next few years, that number is expected to rise. The shift of apps and services like computing and storage to the cloud has been gaining ground steadily. And Cisco believes that by 2021, cloud computing will largely replace traditional data centers. Among cloud solutions, SaaS has remained the most popular service model of them all.
But, though the cloud has been a welcome addition to the tech security landscape, it’s also been somewhat of a controversial issue. Ninety percent of companies feel wary about entrusting their sensitive data to the cloud, according to a 2015 Bitglass Cloud Security Survey. Even though cloud and SaaS use have increased, 36% of companies still feel that on-site software applications are more secure.
A new solution for cloud-based security
Up until now, Google apps have been leading the way in cloud-based sharing and productivity. But there’s a new solution that’s not only keeping pace with previous solutions, but has the potential to even edge them out.
Enter Microsoft Office 365, the new leader in Software as a Service (SAAS).
Office 365 has entered a space that few cloud-based services have gone before. That’s because the team behind it has been hard at work to solve many of the common problems associated with SaaS, and fill the risk gaps.
Here are the top reasons SaaS and the cloud are so controversial, and what Microsoft Office 365 is doing to fill the gap and increase security.
Problem #1: Identity sprawl
In the past, cloud-based applications were put in place for very specific purposes. They weren’t integrated or consolidated within the system as a whole. That means that many applications were floating within a company, and equally as many passwords were needed for each user. This has posed a major problem for users trying to keep track of all their passwords, which led to the creation of similar, easy-to-remember passwords (or even the same password!), which were easy to hack. Having unconsolidated SaaS applications also made it more difficult to manage the addition or removal of team member access, leaving the door wide open to disgruntled employees hacking into a system’s data.
How 365 solves the problem: single-sign on and multi-factor authentication
Microsoft consolidates all cloud applications so that users only have to keep track of one password. The 365 Active Directory gives companies the ability to manage all user accounts, and give access to any or all applications easily within one system, or remove access if an employee is no longer with the company. It also allows multi-factor authentication through third-party Identity & Access Management products.
PROBLEM #2: SECURING MOBILE DATA
In the era of BYOD (bring your own device) and mobile sharing, security has become an even bigger challenge. No matter how well you secure your onsite networks and devices, once the information leaves the premises, it’s up for grabs. The security of the cloud has helped keep at-rest data secure. But data movement, especially when applications are accessible over a number of devices (and any device), has made it more difficult to track when information is being synched or downloaded to devices (and by whom). And with remote employees downloading company data to their mobile devices, it’s easier than ever for hackers to gain access to secure information. The problem of unmanaged devices increases drastically if a device is stolen or if an employee leaves the company.
How 365 solves the problem: Device profiling and selective wipe
Don’t let random devices or shady ex-employees make off with your important data. Microsoft’s device profiling allows you to track and manage devices being used at both your corporate headquarters and on off-campus mobile devices. That means that admins can control accessibility from a main Access Control portal, which allows them to revoke access and wipe company data on managed devices if needed. And better yet, they can control access levels based on whether an employee is accessing information onsite or offsite (and subsequently encrypt downloaded info).
PROBLEM #3: SUSPICIOUS ACTIVITY
Office 365 doesn’t audit or log user activity, so it won’t tell you when a “user” suspiciously logged in from multiple locations across the country. But logging and auditing suspicious activity is crucial if you’re in regulated industries that require compliance and top security. But just because 365 doesn’t offer it doesn’t mean that all hope for visibility and transparency is lost. Because Office 365 easily integrates with third-party solutions.
How 365 solves the problem: Cloud Access Security Broker (CASB)
Office 365 integrates easily with a CASB, which sends all data through the third party, who is directly in the path of all your incoming and outgoing data. So anything flowing in an out is easily seen—and suspicious activity immediately flagged.
PROBLEM #4: DATA LEAKS
Data leaks are an all-too-common problem for enterprises. And they can pose a really major problem that can cause immediate harm to a brand and its customers, and long-term reputational damage as well. Companies like JP Morgan and Anthem were prominent data breach cases that demonstrated the importance of ensuring that all data is secured both onsite and offsite. But most solutions only protect onsite data, leaving mobile devices as prime targets for data leaks. Office 365 alone has limited data leak prevention capabilities, and those are mostly focused on data that’s moving through emails between users who already have access to the app. The problem is, most information doesn’t pass through onsite devices anymore. With more employees using their own devices, or taking devices offsite to work remotely, sensitive data is at an increased risk of falling into the wrong hands.
How 365 solves the problem: cloud access security broker (CASB)
Data management is a multi-directional game. That is, data must not only be tracked as it flows out of an organization, but also needs to be tracked and encrypted when it is downloaded onto unmanaged devices. By using a third-party CASB, your SaaS system classifies data as sensitive, less sensitive or personal and tracks and masks it accordingly. With a CASB, the most sensitive data can even be prevented from leaving the cloud application at all.
Security isn’t a one-and-done deal. It’s a comprehensive and ongoing effort. Outsourcing data and application security can give you unparalleled access to the top emerging technologies that fill the gaps in your existing security system.
Ready to take your security to the next level by exploring Office 365 and how it fits into your business and security plan? Contact our security experts today.
The Final Cost - Hidden Risks of Using o365
The reality is that even with Microsoft's in-built security features in 0365, you may still be exposed to unnecessary risks because some of those very features may remain dormant until an expert activates them.
PROTECT YOUR BUSINESS WITH ACTIVELY MANAGED SECURITY AND COMPLIANCE FROM OBT
Your business connects with the outside world a thousand times a day. Protection matters.
With almost 20 years of hosting and consulting experience, OBT's highly technical team is dedicated to taking the complexity our of IT security so small businesses can grow in the cloud. Our fully-managed Secure 365 offering is designed to help protect your customers, partners and employees whilst keeping your business operational and compliant. Future proof your business and focus on what you do best with the expert assistance of Australia's trusted and innovative IT service provider.