Cloud adoption is on the rise and with it comes new obstacles for an organization’s IT personnel and t he issues at the forefront of this shift are those that can compromise in-place security measures. A surprising percentage of these vulnerabilities are not due to the new technology but lie within its use and configurations. The first step for an organization to migrate to the cloud is generally with the use of Microsoft’s Office 365. Office 365 migrates existing Office / Exchange management, configuration, and infrastructure, and puts it into a cloud hosted solution that you manage through Microsoft’s web portal (you can also manage this through the use of their API, but we won’t talk about that today). This change commonly comes with uncertainty and lack of historical expertise that leads to critical security issues. “The overall governance of your Office 365 environment has less to do with the technology and more to do with the practices and procedures put in place.”
This analysis report by the Cybersecurity and Infrastructure Security Agency (CISA) determined that organizations that lacked a dedicated IT team and/or used third parties to migrate their email systems over to Office 365, as well as other cloud services, did so in a way that left them with varying configuration vulnerabilities that affected their overall security posture. This puts a strain on the trust between an organization wanting to migrate their solutions and the consultation companies that help in that migration. If this continues, it could potentially cause those with completed but vulnerable migrations and companies considering migrating to cloud from fully utilizing the technology and its potential. As well as straining the reputation of the cloud industry. Due diligence and thorough analytics on the part of the third parties will ensure a smooth and secure process. This is how we, at NephoSec, set ourselves apart. As a NephoSec engineer, I am proud and passionate of the work we do. Engineering and leveraging automation and tools to correctly and securely migrate clients to a cloud solution that is tailored to their needs. With our auditing and monitoring tools we provide continued support and ensured longevity of your security posture protecting you from configuration drift.
We believe that to combat these security risks it is best handled by taking a layered approach to security. That way if a security measure is circumvented or breached, the attacker is met with another layer. Additionally, each layer of defense can be configured to alert you of an unwanted presence, thus giving you time to handle the situation proactively without risk to your data. Below is our top ten list of common misconfigurations and a variety of solutions with a focus on layering your defenses and increasing your security posture.
Top Ten Ways to Secure Office 365
- Multi-Factor Authentication – The single most effective way to prevent unauthorized access due to credential theft. On admin accounts as well as all sensitive user accounts, this is of the highest priority. And especially on the Azure Active Directory Global Admin since these are the first accounts created and are exposed to internet access.
- Dedicated Admin Accounts – Coupled with MFA by default. For larger enterprises, the use of conditional access to enforce MFA usage will add an extra layer of security.
- Raise level of protection against malware in mail – Leverage of the Exchange Online Protection option will protect your mail system from malware.
- Protect against ransomware – Office 365 comes with Exchange Online Protection enabled by default. This anti-malware software scans, in real time, all inbound and outbound emails and attachments that go through exchange. Using a multi-layer approach here will yield even better results so the use of Advanced Threat Protection, stated below, will further enhance your security posture.
- Protect emails from phishing – The most common breach in Microsoft Office 365 but can easily be thwarted with the use of Advanced Threat Protection Safe Links, this is the most common breach in an O365 environment. Safe Links combined with user training will better secure you from this attack.
- Stop auto-forwarding for email – This tip takes an extra step to protect from phishing scams. If a compromised email has access to an account with auto-forwarding they will be able to increase their reach which simultaneously increasing their chance at breaching an account with higher privileges.
- Use Office message encryption – This solution can send and receive encrypted mail from inside and outside your organization and works with all major mail service providers, not just Microsoft Outlook.
- Protect against malicious attachments and files – With the use of Advanced Threat Protection Safe Attachments for incoming mail and using O365 Security Labels will protect your information even if it leaves your tenant.
- Make sure Technical Contact is correct – This is the easiest solution to increase security posture on the list though in itself isn’t a vulnerability. This allows for a single point to raise awareness to any issues noticed by your users, minimizing the time it takes to reach a fix.
- Train users – This is will provide maximum effectiveness of your security systems. The weakest link in any security structure is the user and providing quality education and training will yield better results for your implemented investment. This implementation can be done in a variety of ways i.e. shared mailbox, a ticket system, distribution group, etc.