One of the primary reasons enterprises hesitate to migrate their on-premises IT deployments to the cloud is the concern surrounding the security of data in the cloud. Even the world’s most widely adopted cloud service, Office 365, raises security fears that keep enterprises from adopting it more rapidly. And despite Microsoft’s continued commitment to investing in the security of its cloud services, many companies will find Office 365’s native security capabilities inadequate.
To that end, the analyst firm Gartner has released a report titled “How to Enhance the Security of Office 365”. Download the full report here. The report makes the following strategic planning assumptions:
By 2018, 40% of Office 365 deployments will rely on third-party tools to fill gaps in security and compliance, which is a major increase from less than 15% in 2016.
By 2020, 50% of organizations using Office 365 will rely on non-Microsoft security tools to maintain consistent security policies across their multivendor ‘SaaSscape.’
Gartner highlights 4 key security challenges that enterprises face when using Office 365 and provides recommendations for security and risk managers responsible for Office 356 security.
Office 365 Security Challenges
While the proliferation of cloud services has created a plethora of security concerns, when it comes to Office 365, Gartner has grouped these concerns into 4 primary areas:
1) Traditional security tools are inadequate in meeting the security needs of Office 365 customers. According to Gartner, “traditional security tools, designed for protecting on-premises systems, can’t offer visibility and control when enterprises move email, content creation, file sharing and collaboration to the cloud, making the detection of inappropriate behaviors difficult.”
2) In order to take full advantage of Office 365’s native security capabilities, organizations will require higher-priced licensing options. For some industries, even the highest licensing tier may not have satisfactory security controls.
3) Some clients of Gartner have complained that Office 365’s more advanced security capabilities end up performing poorly in practice.
4) The proliferation of mobile devices, having coincided with the explosion in cloud adoption, has created additional security concerns where disparate or unmanaged devices may be accessing Office 365.
Gartner makes 5 key recommendations in regards to mitigating some of the security challenges of Office 365:
1) Determine whether Office 365’s built-in security capabilities can adequately meet your organization’s security and compliance requirements.
2) Evaluate third party security vendors if security gaps exist between what’s offered with Office 365 and the security requirements of your organization.
3) Evaluate a cloud access security broker (CASB) to ensure the most consistent implementation of security policies across Office 365 and other enterprise SaaS products.
4) Enforce the correct “visibility, data security, threat protection, and device management controls using native Office 365 capabilities, enhanced with third-party products.”
5) Start with identity and access management, with the expectation that other security controls will rely on identity, access, and privilege management.
You can download a complimentary copy of the full report here.