Let’s Talk Security

Former Employee

Security is clearly top of mind for IT Pros. It is one of the top challenges that CIOs and their IT organizations face. Microsoft recently shared that on any given day, its’ cloud faces 1.5 million hack attempts. With 3,500 security engineers and Intelligent Security Graph, Microsoft fends off these attacks, but the massive number of threats highlight the importance of network security.

 

Unfortunately, like other software, Office 365 isn’t “hack proof.” But there is good news. There are several resources and steps you can take to help protect your cloud:

 

  • The Security Compliance Manager (SCM) tool is retiring. But the Security Compliance Toolkit was recently released. The Security Compliance Toolkit is a set of tools that allow security admin to download, analyze, test, and edit recommended security configuration baselines to then compare other configurations.
  • Cloud App SecurityA part of the Microsoft Cloud Security Stack, CAS enhances your visibility of activity through tools that help uncover shadow IT, assess risk, enforce policies and stop threats.
  • Office 365 Secure Score – @Cian Allen previously posted a fantastic resource for understanding Secure Score.

 

What are your organization’s biggest security concerns or challenges?

1 Reply

In regards to biggest security concerns or challenges, here are a few thoughts -

 

Making sure new Office 365 features or changes don't weaken the security posture, see the Microsoft Teams adds third party file integration comments for an example that's been somewhat contentious 

 

Keeping track of best practices and also the user education component, previously discussed here

 

Having a process and ownership, there has got be enough resources to manage security properly and having the right approach,  I mention a few of these here like assume breach.

 

A challenge would be many of the tools now come at extra cost, which puts them out of the hands of some of the people that could most make use of them like Advanced Threat Protection, Azure Active Directory Premium,  Office 365 Advanced Security Management etc.

 

As well, there are the usual concerns about ransomware,  device proliferation,  data exfiltration, targeted attacks and the like.