OFFICE 365 CLOUD SECURITY ASSESSMENT
The information technology world is changing rapidly, and organisations are increasingly moving away from traditional on-premise IT systems in favour of cloud-based services such as Office 365. There are many benefits to using these services, but with these benefits come a whole host of new information security challenges.
The cloud can provide a highly secure and resilient service to many organisations – but only if it has been setup and configured in the right way. With an increased attack surface, it is more than essential to assure your cloud systems and know with confidence that your data, systems and people are safe.
As organisations evolve to take advantage of cloud-based technology, so too cyber-criminals evolve the techniques they use against us. With over 120 million users of Microsoft Office 365, it presents a large opportunity for attackers, who look to take advantage of a lack of understanding from consumers, and leverage the employees consuming the service.
LRQA Nettitude can help you to gain assurance that your Office 365 environment is configured securely and in line with good practices set out by Microsoft and the National Cyber Security Centre (NCSC). Our review goes beyond purely technical controls, and looks at the governance in place around your Office 365 environment, and the employees who use it.
What you can expect from an Office 365 review:
1. A review of processes governing your implementation;
2. Identification of security and control gaps;
3. Extensive knowledge about industry best practices;
4. A detailed and actionable report;
5. Identification of quick and meaningful recommendations;
6. Post assessment debrief detailing next steps.
If your organisation uses Office 365 and would like to gain assurance that you’re not exposed to common attacks, get in touch today to discuss an Office 365 security review.
What is an Office 365 Security Assessment?
The security optimisation assessment developed by LRQA Nettitude is a direct response to the increasing number of incidents that our own Threat Intelligence and Incident Response have seen. In relation to these other services within the business, this assessment primarily takes the aim of being a proactive measure for organisations before needing the reactive aid of Incident Response.
The assessment follows the guidance and best practices outlined by Microsoft themselves as well as the National Cyber Security Centre (NCSC). Combined with the expertise within LRQA Nettitude, a series of six domains have been developed, consisting of almost fifty requirements detailing different controls, tools, and processes that if in place can address weaknesses within configuration, management, and awareness.
The six domains defined in the assessment are shown below:
• Security Management
• Threat Protection
• Identity & Access Management
• User Awareness & Education
• Information Monitoring & Auditing
• Information Assurance
How is an Office 365 security assessment delivered?
The Office 365 security Assessment is a specified deliverable that takes aim of a vastly used cloud hosted software called SaaS – Software as a Service. This assessment takes a range of influences such as Microsoft and NCSC guidance coupled with LRQA Nettitude’s own intelligence, experience, and consultancy knowledge. What essentially would be an audit style assessment of controls, tools, and configurations within the suite, this assessment has been formulated to touch on direct influences, providing customers with value beyond what others might give them. These influences are the processes and training that the organisation provides its users which affect how users manage and operate the software.
During the assessment our consultant will:
1. Understand what is the scope of the clients environment;
2. Review the organisation against the 6 Domain requirements;
3. Evaluate effectivenss of the controls set out by the requirements;
4. Seek to understand where quick wins are possible;
5. Document the findings in a detailed report, providing recommendations;
6. Add value by exploring relevant areas highlighted as a result of the assessment.
What are the deliverables?
The following is delivered as part of this service.
- On-site Assessment
- Led by Information Security Consultant
- Review organisation against the 6 domain requirements
- Deliverable is a report
- Debrief slides provided to AM
The benefits of this are:
- Evaluate suite controls in addition to governance and awareness
- Assessment in line with Microsoft & NCSC guidance
- Recommendations for each requirement
- Identifies quick and enhanced win areas
LRQA Nettitude add value above and beyond the Office 365 guidance by reviewing additional areas, such as those shown below. These should be discussed during scoping.
- Security Management (Processes & Policies)
- Native Security Tools
- Change management
- User Awareness