ITB - IT Solutions for the next generation
linkedin logo twitter logo facebook logo google+ logo

Office365 Security – Let’s not go there!

17th September 2018

Looking back less than 5 years, the majority of organisations were apprehensive about using Cloud based services despite the undoubted benefits. The main concern for organisations was security. Fast forward 5 years and whilst Cloud Adoption is now soaring, with Office365 being the catalyst for this, Security is still a concern.

Of course, confidence in the Cloud has improved, as is evident with the vast migration, however organisations must still address security and ensure it is high on their priority list.

With over 120 million Office365 business users, the threat landscape is vast and whilst Microsoft spend huge sums of money on security R&D, this doesn’t take away from the fact that they aren’t a security company.

On the face of it, 120 million business subscribers in the 5 years since its release in 2013 sounds brilliant, however this rapid adoption threw up its own problems for Microsoft.

Users can still perform ‘High-Risk’ actions within Office365 and are susceptible to account compromise and the loss of credentials via phishing scams that can then be used by third parties to gain access to sensitive corporate information.

According to a survey by ITB partner McAfee:

The average organisation experiences 2.7 threats each month within Office365 including:

  • 1.3 compromised accounts each month – such as an unauthorized third party logging in to a corporate Office 365 account using stolen credentials
  • 0.8 insider threats each month – such as a user downloading sensitive data from SharePoint Online and taking it when they join a competitor
  • 0.6 privileged user threats each month – such as an administrator provisioning excessive permissions to use a user relative to their role

During this survey it was also identified that approximately 17.1% of data stored in applications such as OneDrive and SharePoint Online is sensitive in nature.

These figures lead us to believe that we need to address and possibly bolster how we secure our Office365 environments, but what are the main issues with Office365 security?

As Office365 is relatively inexpensive, pretty much every hacker has a copy which they use to test their code on, hoping to circumvent its security. The analysis of new pieces of Malware has shown that hackers are becoming more and more creative when it comes evading Microsoft’s default security, which is the direct result no doubt of having un-rivalled access to the product.

Sadly, Office365 relies on third party antispam and antivirus tools which means it cannot uncover or stop sophisticated Business Email Compromise (BEC), Ransomware and zero-day threats.

Microsoft is building its own Machine Learning and Behavioural Analysis capabilities but at present they are unproven technologies meaning organisations must rely on its basic detection methods and simple analytics which compromises its ability for fast response and remediation.

We would therefore advise that additional third-party tools are used to mitigate this risk.

Many of Office365’s security tools are very early on in their release cycle. One of these, their sandbox, is currently residing on version 1.0.

This service is available for as little as £2 per user per month, and whilst relatively inexpensive, you must also consider how attackers are constantly developing their Malware to become ‘sandbox-aware’. Organisations that are solely security focused have been developing their sandbox technologies over several years to stay ahead of the curve, meaning that version 1 of the Office365 sandbox is many years behind its more illustrious competitors.

One fact that extenuates this point is the fact that the Office365 sandbox customers have reported that it can take as long as 30 minutes for emails to be detonated within the Sandbox, with some emails being delayed for 3-5 hours before being delivered to end users mailboxes.

Again, we would recommend that rather than not using a sandbox you investigate third party options to scan and clear your emails in a timely manner.

Another important consideration to make when talking about Office365 security is Back-Up and Recovery.

According to ITB Partner Barracuda the number one cause of data loss in a SaaS deployment, such as Office365, is data deletion. In fact, 70% of all lost data is down to accidental or malicious data deletion by end users. Data loss can also of course be caused by Ransomware and other Malware as well as misconfiguration and issues with client sync.

This throws Back-Up and almost as importantly, Recovery into the limelight. Yes, of course Microsoft Backs-Up your data, but Microsoft only provide some very basic search and recovery options with the recycle bin and email retention.

Many vendors who provide dedicated Back-Up and Recovery tools for Office365 provide features that can be used to uncover lost messages, folders or even entire mailboxes and restore them to the original user and location within the account, or to a completely different user account within minutes.

This type of functionality would just not be possible within the standard Office365 account.