The use of cloud environment has grown and evolved to a great extent in recent times. Your Office 365 tenant is likely to be accessed by more people, from more places and platforms like never before. The information protection demands of a cloud environment is no different from an on-premises environment. A comprehensive approach is required for the administrators to protect the organization’s information assets be it cloud or on-premises.
Many of Office 365 security threats arise due to internal violation of security policies and guidelines of the organization by users and the difficulties faced by administrators to mitigate such threats. There are several different areas in Office 365 where internal threats are likely to surface and cause potential security vulnerabilities. Security issues in Office 365 may arise due to group memberships, distribution group membership, sharing of mailboxes and Public Folders, inappropriate permissions such as full Access permissions to a mailbox and so on. Many of these and more may cause a security breach in Office 365.
A proper Deprovisioning procedure or a Role change procedure for an Office 365 user is absolutely necessary. When someone leaves the organization, it is important to make sure that you secure any confidential data (documents and other shared content). An improperly deprovisioned user can results in data loss and security breaches. The most important touch points in Office 365 are the user’s mailbox, personal One Drive storage and SharePoint documents and libraries.
A security audit in office 365 at any time must completely reveal who has access to which mailboxes, public folders, One Drive content, Collaborative content such as those in SharePoint sites. Other related information such as Group memberships and administration roles must also be analyzed to understand the security implications of users’ access rights, roles and group memberships within Office 365. A comprehensive Office 365 security audit on users must span Group Membership, Distribution Group Membership, Administration Roles, Mailbox Access, Shared Mailbox Access, Public Folder Access and Licenses assigned.
Mailboxes are usually not monitored well because mailbox permissions are only occasionally altered for specific reasons amongst groups of users. However these mailboxes are one of the most vulnerable to security threats. In any large organization a security scan of Mailbox permissions will reveal surprising information. Administrators will be faced with the situation of finding and removing unwanted permissions for users to other user Mailboxes. In Office 365, Mailbox Permissions include Full Access permissions, Send As permissions and Send on Behalf permissions. Mailbox folder permissions includes the permissions levels None, Owner, Publishing Editor, Editor, Publishing Author, Author, Non-editing Author, Reviewer and Contributor.
Security issues that cause corporate data thefts happen when users share their one drive content. While most of the sharing happens due to legitimate and practical needs of business functions, Office 365 administrators and Line Managers still need to review who is accessing what on One Drives and who are sharing their folders / files with other users. A periodic security audit and analysis of users One Drives is a must for detecting potential sources of leakage of corporate data.