As we see an increase of businesses taking their technology systems from on-premises to cloud services such as Office 365, without the right precautions they can find themselves treading in dangerous territory.
Take a users Office 365 username with password only as a single layer of security and some persistence, you could find that user account could be compromised; opening up your organisation to potentially damaging security breach.
Is my cloud data at risk?
In simple terms, yes, but that is not to say that your data on-premise would be much more secure. Unfortunately, we live in a world where there are those of us which wish to use technology for malicious and fraudulent practice. As with in on-premise environments, cloud solutions have ways to combat this to ensure your data remains secure.
How do I ensure my data is kept safe?
The most basic way to ensure this would be to enable MFA (Multi-Factor Authentication) for your organisation. In Office 365 this would require the user to confirm their identity through a second layer of security in order to authorize sign-ins or transactions from their online account. Authentication methods include:
- push notification via the Microsoft Authentication app
- SMS message
- phone call (to office or mobile phone)
This would only be required for browser sign-ins, software applications such as Outlook will use a one-time password to authenticate, this password is provided to the user upon setup of MFA.
For service accounts such as an Accounts, HR or Marketing mailbox (when configured as a user mailbox rather than a shared resource) where multiple people access the account, MFA would not be best practice here. As MFA requires a single source for it's second layer of security, this would not be practical if shared between users in a department.
If MFA is not an option, what next?
For multi-user mailboxes, conditional access is your best bet.
Conditional access is the implementation of automated access control for your cloud resources based on certain conditions. This could be the condition of accessing the resource from within your network for example. If this was in place, the cloud resource could not be access from outside of your network, ensuring that external access could not be granted to a bad source with malicious intent.
Do you have users who work on the go externally to your network? No problem, it's possible to configure conditional access from allowed devices. This would ensure that access to your cloud resources are only allowed from your companies devices.
How can I gain access these additional layers of security for my organisation?
Multi-factor authentication is an Azure AD feature which comes out of the box with major Office 365 plans such as Business Premium, E3/E5 and smaller subscriptions such as the Exchange Online Plans and Business Essentials.
Conditional access comes with Azure Premium P1 & P2 plans. These are bundled with the Microsoft 365 Business plan, or can be included for an additional cost as an add-on to the Business Premium, E3 or E5 plans in the shape of Azure Active Directory Premium P1 & P2 subscriptions.
MFA and conditional access are great starting points in ensuring the security of your cloud data. If you're interested in looking to incorporate these into your Office 365 solution, feel free to get in touch with Yellowbus and a member of our team will be happy to help.