Office 365 has just announced a plethora of security capabilities that should help minimize risk in the enterprise. The specific offerings include a scoring mechanism, threat intelligence, and advanced data governance.
Office 365 Secure Score
TechGenix announced Secure Score when it was in preview release; now it's available to all. In case you missed it in the summer, scores are based on the security configurations that are being adopted either partially or organizationally across your Office 365 deployment. The higher the score, the better you're doing with your security. Beyond standard graphs, you'll also be given suggestions to improve, with suggestions that will be categorized as high impact and highly effective as well as low impact and less effective. You name it, Microsoft's thought of it.
A Score Analyzer allows you to track and report scores over a historical period of time. You can access data over any date period and export the data to CSV to review externally.
More information about Secure Score is available in this overview video:
Office 365 Threat Intelligence
Now in private preview (reach out to your Microsoft account rep if you're interested), Office 365 Threat Intelligence utilizes the Microsoft Intelligent Security Graph to analyze billions of data points across the entire infrastructure--datacenters, Office clients, email, user authentications, and other incidents--to provide insights about attack trends. With cybersecurity being such a big trend--multiple high profile attacks per day keep cybersecurity experts gainfully employed and cost $4 million per breach on average--Microsoft reacted well by arming server administrators with what they need to know about malware within and external to the organization, ransomware insights, and more. Threat Intelligence integrates with other Office 365 security tools like Exchange Online Protection and Advanced Threat Protection as well.
Office 365 Advanced Data Governance
Avoidance of unnecessary risk is paramount in organizations that cannot necessarily manage all the data at their fingertips. When confidential information becomes irrelevant, do you keep it or do you toss it? (Does your organization really need all confidential information of former employees, students, or clients?) With a risk of this information becoming compromised in a breach, the liabilities can be huge--so yes, if you're reading this and that information is there, you need to purge it manually or apply Advanced Data Governance.
Advanced Data Governance will help you maintain data while eliminating redundant, obsolete, and trivial data that can cause substantial risk to you if breached. Using machine learning, Advanced Data Governance delivers proactive policy recommendations, classifications of data based on analysis of factors (type, age, and users who have interacted with it), and takes action: preservation of the important stuff while deleting the unnecessary fluff.
As you've seen before, Secure Score is finally available to all who have an Office 365 commercial subscription who are in the multi-tenant and US Government Community Clouds. But unless you talk to your Microsoft rep for the other features, you'll have to wait for it--Threat Intelligence and Advanced Data Governance will likely be available at the end of March as part of the Enterprise EI plan. Still, it looks pretty clear that these Office 365 security features are going to be super useful to an organization that can't afford the risk.
As always, while the Office 365 security technology seems robust enough, the biggest risk to breaches remains the humans behind the technology, so as always, get your technical ducks in a row, but make sure your people don't act like morons either.
Photo credit: Shutterstock, Microsoft