During quarantine, many organizations moved to the cloud.
But, if you’re new to the cloud, you may not know all of the options available to defend one of the most commonly used productivity platforms in the world, Microsoft 365.
With email phishing as the leading entry point for ransomware attacks, and with 70% of ransomware attacks now involving exfiltration, we need to add layers of defense to our cloud applications to protect both our data and remote users.
Sandbox Option for Microsoft 365 Enterprise
Microsoft knows that many attackers hijack common Microsoft Office file types with malware.
Thus, the company recently introduced Application Guard, and deployed it as an option for enterprise level 365 customers.
Application Guard will download and launch office type files within a sandbox using a Hyper-V-enabled container isolated from the rest of the user’s data. This allows users to open, edit, save, and print from Word, Excel and PowerPoint files received from untrusted internet or intranet domains.
Other Security Options
What about security for non-enterprise customers?
Fortunately, options built into Microsoft 365 may significantly strengthen security against various attacks. One simple solution is to strengthen security settings for email.
While Microsoft’s built-in protection attempts to screen for malware, mail settings can be added to encrypt emails, prevent auto-forwarding, and to warn users before opening files that contain macros.
Additionally, there are other settings that add additional layers of defense to protect users. For example, macro warnings can be incorporated into training. That will serve as a signal to use extreme caution with attachments. And, auto-forwarding denial deters common business-email-compromise attacks.
However, these extra layers of defense may be undermined by a weak foundation. Experts recommend a review of default security settings, which may reveal misconfigurations of cloud resources.
Microsoft recommends that you keep the default settings. But, the defaults will not prove suitable for every organization, and the tools that they use.
A cloud expert should review our security requirements and settings to ensure that there is no gap or conflict.
Beyond the built-in settings, Microsoft and other vendors offer software that provides even more layers of protection against skilled attackers.
Some experts recommend locking down any external file sharing until data loss protection DLP and user categories have been fully established.
Microsoft Teams, a robust collaboration platform, offers built-in DLP, which allows IT managers to receive alerts about any sharing of documents flagged as sensitive. This tool provides early warning of bad actors trying to copy or delete important documents.
Cloud Access Security Broker (CASB) tools backstops DLP and identity services. Also, the Microsoft Cloud App Security (MCAS) tools provides CASB features to catch actions, such as sharing files, synchronization of OneDrive to new computers, and other activities in the cloud that may otherwise be overlooked.
For even more security, administrators can enable Conditional Access for Azure Active Directory. While only available with the Azure AD Premium license, companies can use Conditional Access to check mobile devices for malicious apps, suspicious behavior, and other criteria, prior to granting access.
Each tools provides additional layers of defense against common malware attacks. Yet, all of them assume that the user is verified, so there’s still work to do.
A clean Active Directory, or any equivalent identity listing, remains critical to any deployment.
Often a cloud migration only copies existing Active Directory listings, in which an organization maintains accounts for departed or even deceased employees.
You might have justified these accounts in some fashion. Maybe they “maintain continuity,” or they’re in place “just in case” clients reach out to an old contact.” Perhaps an admin account may be embedded into other services.
However, these accounts can be vulnerable to credentials stuffing or other inappropriate access.
Old accounts often go unmonitored, and they do not raise red flags because they are authorized. That said, all users should be double-checked for privileges and have multi-factor authentication required.
Admin accounts require extra attention because organizations commonly assign too many privileges to too many users.
Admin users should have a regular account for everyday use, and a separate admin account for admin activities, in order to prevent malware from easily accessing accounts with admin privileges.
Of course, if configured improperly, any cloud resource may have significant security vulnerabilities. If that’s the case, it will become the weak link in the security chain.
While this article focused on Microsoft 365, similar options and configuration issues can be found within Google Docs, AWS, Box.com and other cloud-based resources.
If you don’t have cloud expertise, get it. Cloud resources launch easily, but integrating their built-in security with existing tools proves to be much more difficult.
In-house expertise can be costly, and not all companies need the same solution. The team at Ideal Integrations is here to give you a complete, secure solution to all of your cloud-based computing.
Not only will we get you the right technical solutions, we’ll also build your network and defend it 24/7/365.
No matter where you are, we’ll be by your side! Schedule your risk-free cloud computing consultation today by calling us at 412-349-6680, or by completing the form below.